On Mon, Oct 26, 2020 at 3:52 PM Oleg Nenashev <[email protected]> wrote: > I would vote for getting more reviews from the Jenkins Security Team members > before it gets merged.
Oh agreed! > I am -0.5 regarding expediting this pull request. Neither needs to be expedited indeed. I would just not want to be waiting weeks here (unless of course a concrete problem comes up that forces more work). > XStream also includes a security risk due to class deserialization. Yes this aspect needs to be considered during review. (Existing tests in that area pass, and the change _should_ not be modifying JEP-200 behavior.) > We are already upgrading Winstone and changing tabs to divs in 2.264 And there is a jQuery change coming? (#4929) -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1ycaO5q9OiZ%3Dmt_c5wFGiVbdfnuZe0grV_%3Dv624sOXew%40mail.gmail.com.
