Hi! Just to follow up…we’re trying to get this security issue resolved but have not been able to get access to SECURITY-519. How can we view that so we can fix the issue?
Thanks! Robert Robert Reeves CTO | Datical [cid:[email protected]]<http://www.datical.com/> Mobile: 512 422 2443<tel:512-422-2443> Email: [email protected]<mailto:[email protected]> Website: www.datical.com<http://www.datical.com/> [cid:[email protected]]<https://twitter.com/Datical?lang=en> [cid:[email protected]]<https://www.facebook.com/Datical/> [cid:[email protected]]<https://www.linkedin.com/company/datical/> [cid:[email protected]]<https://www.youtube.com/user/DaticalVideos/videos> [cid:[email protected]]<https://www.datical.com/?utm_source=outlook&utm_medium=email-signature> From: [email protected] <[email protected]> On Behalf Of Daniel Beck Sent: Friday, March 6, 2020 4:12 PM To: JenkinsCI Developers <[email protected]> Cc: Keith Collison <[email protected]> Subject: Re: Plugin: Liquibase Runner Keith has access to SECURITY-519 in the Jenkins issue tracker using his account 'prospero238'. That issue contains complete steps that allow a regular user with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, just as stated in the advisory. In cases of very serious security vulnerabilities, such as this one, we suspend distribution of plugins so they are no longer available on Jenkins update sites. I did that here. This will remain until the issue is resolved to the satisfaction of the Jenkins security team. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtKa5j0cEcFit6fCqTEcbpNG8dh9ZU8CnDFbPxhXujJ9tA%40mail.gmail.com<https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtKa5j0cEcFit6fCqTEcbpNG8dh9ZU8CnDFbPxhXujJ9tA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/BN7PR06MB6370B306A21FFE83C2F04DAF83D80%40BN7PR06MB6370.namprd06.prod.outlook.com.
