The CVE fix was in the 5.1.2 version that I pushed out, which is now available in the Update Center.
I did follow up via a Jira ticket here, though haven't received any traction there: https://issues.jenkins.io/browse/INFRA-3148 On Saturday, December 4, 2021 at 8:07:17 PM UTC-5 [email protected] wrote: > I know there's been some issues with spam (DB and I both find each others > emails in spam). > > @kudos-dude, did you get his reply about how to follow up? > > Also someone was asking if the CVE was fixed (I assume so) - > https://community.jenkins.io/t/owasp-dependency-check-plugin-warning-security-2488-cve-2021-43577/950/2 > > Also Also, if you create a github release for the new version, it'll show > up in the releases tab > > On Friday, December 3, 2021 at 3:02:28 PM UTC-8 [email protected] wrote: > >> On Sat, Dec 4, 2021 at 12:00 AM kudos-dude <[email protected]> wrote: >> >>> Still have the security notice on the plugin after the update. How does >>> that end up removed? >>> >> >> https://www.jenkins.io/security/plugins/#followup >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/68d5dafc-1204-422a-95a0-28242bfd89a6n%40googlegroups.com.
