Hello Daniel,

Thanks.
As the mail used by Christian/ki82 is linked to his previous job, I tried to 
ping him through LinkedIn so that he has a chance to be actually notified of 
this thread.

Arnaud



De : Daniel Beck
Envoyé le :jeudi 19 octobre 2017 23:46
À : [email protected]
Objet :Re: Request to join claim plugin


> On 19. Oct 2017, at 19:43, Arnaud <[email protected]> wrote:
> 
> I plan to merge a fix to the https://jenkins.io/security/advisory/2017-04-10/ 
> vulnerability as well as at least one other enhancement.

This is one of the plugins that allow Overall/Administer users to do something 
that should be limited to Overall/Run Scripts, which is a problem only in very 
unusual configurations -- so this looks worse than it is. The plugin is still 
being distributed despite no fix, for that reason.

I told Arnaud that we usually apply a two-week timeout for requests of this 
sort.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/E8F960DF-1BFF-4698-B36D-D44FA67D3E03%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/59e98c19.1cbf1c0a.64448.63a1%40mx.google.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to