Hi, team! Nathan updated the PR (https://github.com/jenkinsci/liquibase-runner-plugin/pull/16) to fix the security issue without relying on the class whitelist in META-INF.
How's the adoption process going? We've got a webinar hosted by CloudBees on Thursday and we'd very much like to talk about this release then. Thanks! Robert Robert Reeves CTO | Datical Mobile: 512 422 2443 Email: [email protected] Website: www.datical.com -----Original Message----- From: Robert Reeves Sent: Friday, April 17, 2020 7:50 AM To: Daniel Beck <[email protected]>; Jenkins Developers <[email protected]> Cc: Keith Collison <[email protected]>; Nathan Voxland <[email protected]> Subject: RE: Plugin: Liquibase Runner Thanks, Daniel! Sounds like adoption is the way to go: Link to a plugin you want to adopt: https://github.com/jenkinsci/liquibase-runner-plugin Link(s) to pull requests you want to deliver, if applicable: https://github.com/jenkinsci/liquibase-runner-plugin/pull/16 and more to come after we get access to the security tracker Your GitHub username/id: https://github.com/r2datical & https://github.com/nvoxland Your Jenkins infrastructure account id. Create your account if you don’t have one: r2datical & nvoxland Keith has been great and has stated he's open to getting some help on this the Liquibase team. We are indebted to him. Thanks! Robert Robert Reeves CTO | Datical Mobile: 512 422 2443 Email: [email protected] Website: www.datical.com -----Original Message----- From: Daniel Beck <[email protected]> Sent: Friday, April 17, 2020 3:58 AM To: Jenkins Developers <[email protected]> Cc: Keith Collison <[email protected]>; Nathan Voxland <[email protected]>; Robert Reeves <[email protected]> Subject: Re: Plugin: Liquibase Runner > On 16. Apr 2020, at 20:16, Robert Reeves <[email protected]> wrote: > > Just to follow up…we’re trying to get this security issue resolved but have > not been able to get access to SECURITY-519. How can we view that so we can > fix the issue? As I wrote in a previous response, Keith's account has access to the issue. Since you're working with him per your first email in this thread, ask him for the details. >From a Jenkins project POV, Keith is the only maintainer of the plugin, and >the only one entitled to view the security issue information for his plugin. >(While we can add additional users to the private issue, that requires consent >by the current maintainer.) The only option that doesn't require active involvement from a current maintainer is to request a transfer of maintainership of the plugin per https://jenkins.io/doc/developer/plugin-governance/adopt-a-plugin/ -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/SN6PR06MB6383C78CFBB7DC0C136510B083D50%40SN6PR06MB6383.namprd06.prod.outlook.com.
