Hi Daniel,

On Mon, 26 Apr 2021, at 14:35, Daniel Beck wrote:
> Thanks for letting us know!
> 
> The documentation for this specifically is at 
> https://www.jenkins.io/security/plugins/#followup

Oh right, I completely missed it, thanks for pointing this out!

> I filed https://github.com/jenkins-infra/update-center2/pull/515 updating the 
> warning and will merge it once I confirm the issue was fully resolved. This 
> will remove the banner from plugins.jenkins.io and the warning shown to 
> admins inside Jenkins.

Perfect, thanks a lot!

Best,

 Jonathan

> 
> On Mon, Apr 26, 2021 at 1:41 PM [email protected] <[email protected]> wrote:
>> 
>> Hi,
>> 
>> I became recently maintainer for the Nomad plugin 
>> <https://plugins.jenkins.io/nomad/>, and it currently shows a banner saying 
>> "The current version of this plugin contains a vulnerability", although it 
>> has been fixed (AFAIK) a 2 years ago 
>> <https://github.com/jenkinsci/nomad-plugin/commit/3331d24896b815c375e528207c5572e18631c49d>,
>>  and released in version v0.5.1 (latest version is v0.7.4).
>> 
>> I'm also new to being a plugin maintainer, and after reading the security 
>> documentation for maintainers 
>> <https://www.jenkins.io/security/for-maintainers/>, I'm still not sure:
>> 
>> * How is this banner generated?
>> * How to acknowledge the fix and remove the banner from both the plugin page 
>> and from Jenkins itself?
>> * Or, if there's an automated process that still finds the error, how to see 
>> that and fix the problem?
>> 
>> Thanks for the pointers,
>> 
>>  Jonathan

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/d1cbcbbd-1c92-4ea5-a3cd-aa81e5f8da01%40www.fastmail.com.

Reply via email to