Branch: refs/heads/master Home: https://github.com/jenkinsci/jabber-plugin Commit: 4e2093ed76c21b2e28d5af74c619919f63dacecf https://github.com/jenkinsci/jabber-plugin/commit/4e2093ed76c21b2e28d5af74c619919f63dacecf Author: Florian Schmaus <f...@geekplace.eu> Date: 2017-07-18 (Tue, 18 Jul 2017)
Changed paths: M pom.xml M src/main/java/hudson/plugins/jabber/im/transport/AbstractJabberMessageListenerAdapter.java M src/main/java/hudson/plugins/jabber/im/transport/JabberChat.java M src/main/java/hudson/plugins/jabber/im/transport/JabberConnectionDebugger.java M src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnection.java M src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnectionProvider.java M src/main/java/hudson/plugins/jabber/im/transport/JabberMUCMessageListenerAdapter.java M src/main/java/hudson/plugins/jabber/im/transport/JabberMessageListenerAdapter.java M src/main/java/hudson/plugins/jabber/im/transport/JabberMultiUserChat.java M src/main/java/hudson/plugins/jabber/im/transport/JabberPublisherDescriptor.java Log Message: ----------- Bump to Smack 4.1.9 This is a first step towards improving the security of the plugin. Smack 4.1.9 fixes CVE-2016-10027, but we need to configure Smack so that it uses 'SecurityMode.required' if the users ticks a "Use TLS" checkbox (which is yet to be created) when configuring the plugin. Also instead of "Accept all SSL/TLS certificates" java-pinning should be used. Fixes JENKINS-45599. Thanks to Friso Vrolijken for working together with me on this. Commit: 840dc240c27587d4fea145802535c4dfc484515f https://github.com/jenkinsci/jabber-plugin/commit/840dc240c27587d4fea145802535c4dfc484515f Author: Florian Schmaus <f...@geekplace.eu> Date: 2017-07-20 (Thu, 20 Jul 2017) Changed paths: M pom.xml M src/main/java/hudson/plugins/jabber/im/transport/AbstractJabberMessageListenerAdapter.java M src/main/java/hudson/plugins/jabber/im/transport/JabberChat.java M src/main/java/hudson/plugins/jabber/im/transport/JabberConnectionDebugger.java M src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnection.java M src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnectionProvider.java M src/main/java/hudson/plugins/jabber/im/transport/JabberMUCMessageListenerAdapter.java M src/main/java/hudson/plugins/jabber/im/transport/JabberMessageListenerAdapter.java M src/main/java/hudson/plugins/jabber/im/transport/JabberMultiUserChat.java M src/main/java/hudson/plugins/jabber/im/transport/JabberPublisherDescriptor.java Log Message: ----------- Merge pull request #17 from Flowdalic/smack41 Bump to Smack 4.1.9 Compare: https://github.com/jenkinsci/jabber-plugin/compare/6bc14c96d5ba...840dc240c275 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.