We should definitely update the library and detach it, rather sooner than 
later. Otherwise the next CVE in Apache Mina may make our life very fun.
Since we had a new LTS cutoff recently, it is a good timing for such change.

Some notes about Apache Mina update to 2.x:

   - There are multiple plugins using Apache Mina code 
   
https://github.com/search?l=Java&q=org%3Ajenkinsci+%22org.apache.sshd%22&type=Code
 
   . Examples: Git Server, SSH Credentials, Gerrit Trigger, Remote Terminal 
   Access, SSH CLI. Since the update is a potentially breaking change, it 
   would be great to verify these plugins before the changes land
   - There is at least one proprietary plugin depending on Mina SSH code

I definitely support a two-stage update when the first plugin version uses 
old Apache Mina.

Best regards,
Oleg


On Friday, February 12, 2021 at 1:06:00 PM UTC+1 [email protected] wrote:

> Hi,
>
> I have a bunch of PRs ready to move forward for a few months, these PRs 
> are to convert the SSHD Module to a plugin and after that bump the Apache 
> Minda sshd library.
> We are using a really old Apache Minda sshd that is a security risk and 
> move the SSHD module outside of the core could help to have simpler Jenkins 
> instances without services you do not need/want.
> Thus I would like to make progress and close stuff to start new things 
> related to that in the SSH Build Agents plugin. How we can manage this?
>
> https://github.com/jenkinsci/sshd-module/pull/38
> https://github.com/jenkinsci/jenkins/pull/5049
> https://github.com/jenkinsci/sshd-module/pull/40
>
> Update the Apache Minda sshd library
> https://github.com/jenkinsci/sshd-module/pull/37
>
> -- 
> BR
> Iván Fernández Calvo
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/62eba768-3d6a-449b-b83d-125c31b374ffn%40googlegroups.com.

Reply via email to