Branch: refs/heads/master
Home: https://github.com/jenkins-infra/update-center2
Commit: a3dcfe17cbbb94eea5a0fe9f6937ac423538dfe3
https://github.com/jenkins-infra/update-center2/commit/a3dcfe17cbbb94eea5a0fe9f6937ac423538dfe3
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2023-09-19 (Tue, 19 Sep 2023)
Changed paths:
M resources/warnings.json
Log Message:
-----------
SECURITY-1886 fixed in global build stats plugin (#731)
* SECURITY-1886 fixed in global build stats plugin
https://github.com/jenkinsci/global-build-stats-plugin/issues/38 fixed
the https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886
stored cross-site scripting vulnerability.
https://github.com/jenkinsci/global-build-stats-plugin/releases/tag/269.v214f74360b_3a_
is the release that includes that pull request.
* 244.v27c8a_2e50a_34 is global build stats last affected version
Extend the pattern match to include 244.v27c8a_2e50a_34 as the last
global build status version affected by
https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886
* Include more interim releases in regex
Releases that have the security issue include:
* 1.0
* 1.1
* 1.2
* 1.3
* 1.4
* 1.5
* 244.v27c8a_2e50a_34
* 269.v214f74360b_3a_
* 282.v79ca_e079d1b_1
* Group the version numbers
Lack of grouping the version numbers negates the purpose of the
(|[.-].+) suffix.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkins-infra/update-center2/push/refs/heads/master/1ae935-a3dcfe%40github.com.
