> On 19. Oct 2017, at 19:43, Arnaud <[email protected]> wrote: > > I plan to merge a fix to the https://jenkins.io/security/advisory/2017-04-10/ > vulnerability as well as at least one other enhancement.
This is one of the plugins that allow Overall/Administer users to do something that should be limited to Overall/Run Scripts, which is a problem only in very unusual configurations -- so this looks worse than it is. The plugin is still being distributed despite no fix, for that reason. I told Arnaud that we usually apply a two-week timeout for requests of this sort. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/E8F960DF-1BFF-4698-B36D-D44FA67D3E03%40beckweb.net. For more options, visit https://groups.google.com/d/optout.
