[jenkinsci/jabber-plugin] 4e2093: Bump to Smack 4.1.9

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/jabber-plugin
  Commit: 4e2093ed76c21b2e28d5af74c619919f63dacecf
      
https://github.com/jenkinsci/jabber-plugin/commit/4e2093ed76c21b2e28d5af74c619919f63dacecf
  Author: Florian Schmaus <f...@geekplace.eu>
  Date:   2017-07-18 (Tue, 18 Jul 2017)

  Changed paths:
    M pom.xml
    M 
src/main/java/hudson/plugins/jabber/im/transport/AbstractJabberMessageListenerAdapter.java
    M src/main/java/hudson/plugins/jabber/im/transport/JabberChat.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberConnectionDebugger.java
    M src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnection.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnectionProvider.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberMUCMessageListenerAdapter.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberMessageListenerAdapter.java
    M src/main/java/hudson/plugins/jabber/im/transport/JabberMultiUserChat.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberPublisherDescriptor.java

  Log Message:
  -----------
  Bump to Smack 4.1.9

This is a first step towards improving the security of the
plugin. Smack 4.1.9 fixes CVE-2016-10027, but we need to configure
Smack so that it uses 'SecurityMode.required' if the users ticks a
"Use TLS" checkbox (which is yet to be created) when configuring the
plugin. Also instead of "Accept all SSL/TLS certificates" java-pinning
should be used.

Fixes JENKINS-45599.

Thanks to Friso Vrolijken for working together with me on this.


  Commit: 840dc240c27587d4fea145802535c4dfc484515f
      
https://github.com/jenkinsci/jabber-plugin/commit/840dc240c27587d4fea145802535c4dfc484515f
  Author: Florian Schmaus <f...@geekplace.eu>
  Date:   2017-07-20 (Thu, 20 Jul 2017)

  Changed paths:
    M pom.xml
    M 
src/main/java/hudson/plugins/jabber/im/transport/AbstractJabberMessageListenerAdapter.java
    M src/main/java/hudson/plugins/jabber/im/transport/JabberChat.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberConnectionDebugger.java
    M src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnection.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberIMConnectionProvider.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberMUCMessageListenerAdapter.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberMessageListenerAdapter.java
    M src/main/java/hudson/plugins/jabber/im/transport/JabberMultiUserChat.java
    M 
src/main/java/hudson/plugins/jabber/im/transport/JabberPublisherDescriptor.java

  Log Message:
  -----------
  Merge pull request #17 from Flowdalic/smack41

Bump to Smack 4.1.9


Compare: 
https://github.com/jenkinsci/jabber-plugin/compare/6bc14c96d5ba...840dc240c275

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.