Thanks for your interest in adopting the plugin. That plugin has a known security vulnerability as described at https://www.jenkins.io/security/advisory/2019-10-23/#SECURITY-1003 . That vulnerability would need to be fixed in addition to the merge of the pull request that you're proposing.
Would you also be willing to fix that vulnerability by modifying the plugin to use Jenkins credentials? Mark Waite On Sunday, November 14, 2021 at 3:53:17 AM UTC-7 Réda Housni Alaoui wrote: > Hi everyone, > > I'd like to adopt https://plugins.jenkins.io/sonar-gerrit/ for the > following reasons: > > - the plugin hasn't seen any release for 2 years > - since the last Sonarqube LTS version, the plugin needs > https://github.com/jenkinsci/sonar-gerrit-plugin/pull/38. The PR has > been opened for 1 year without any reaction from the maintainer > https://github.com/aquarellian > - the maintainer does not reply to pinging ( > > https://github.com/jenkinsci/sonar-gerrit-plugin/pull/38#issuecomment-953003777 > ) > > > I want to deliver https://github.com/jenkinsci/sonar-gerrit-plugin/pull/39 > (which is a rework of > https://github.com/jenkinsci/sonar-gerrit-plugin/pull/38). > > My github username is https://github.com/reda-alaoui . > My Jenkins infrastructure account id is *reda_alaoui* . > > Best regards > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/0e766256-2f08-4b3c-85b3-4c950669fd49n%40googlegroups.com.
