Ha! I found the JEP-200 blog post. I think we have a path to get this corrected and secure. Thanks!
Robert Reeves CTO | Datical [cid:[email protected]]<http://www.datical.com/> Mobile: 512 422 2443<tel:512-422-2443> Email: [email protected]<mailto:[email protected]> Website: www.datical.com<http://www.datical.com/> [cid:[email protected]]<https://twitter.com/Datical?lang=en> [cid:[email protected]]<https://www.facebook.com/Datical/> [cid:[email protected]]<https://www.linkedin.com/company/datical/> [cid:[email protected]]<https://www.youtube.com/user/DaticalVideos/videos> [cid:[email protected]]<https://www.datical.com/?utm_source=outlook&utm_medium=email-signature> From: Robert Reeves Sent: Friday, March 6, 2020 2:56 PM To: [email protected] Cc: Keith Collison <[email protected]> Subject: Plugin: Liquibase Runner Hi, Team! I'm working with Keith Collison on his Liquibase Runner plugin. I noticed that there is a security issue with it here: https://wiki.jenkins.io/display/JENKINS/Liquibase+Runner. Also noticed it's not showing up on the new(ish) Jenkins.io pages for plugins. Is this due to the security issue? Here's the stated issue: https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519 Keith thinks this might be due to classloading in the Util class but that doesn't look particularly strange and unnatural to me. Can I get some pointers on what the issue is? Thanks! Robert Robert Reeves CTO | Datical [cid:[email protected]]<http://www.datical.com/> Mobile: 512 422 2443<tel:512-422-2443> Email: [email protected]<mailto:[email protected]> Website: www.datical.com<http://www.datical.com/> [cid:[email protected]]<https://twitter.com/Datical?lang=en> [cid:[email protected]]<https://www.facebook.com/Datical/> [cid:[email protected]]<https://www.linkedin.com/company/datical/> [cid:[email protected]]<https://www.youtube.com/user/DaticalVideos/videos> [cid:[email protected]]<https://www.datical.com/?utm_source=outlook&utm_medium=email-signature> -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/DM6PR06MB63786AB446D27656BB7ABDDC83E30%40DM6PR06MB6378.namprd06.prod.outlook.com.
