I apologize if this is not the proper venue for this topic but out of the choices I had this seemed the most appropriate.
We are setting up Jenkins (ver 1.455) on a Windows Server 2008 machine using the built-in Winstone application server. As part of this process our IT Security group has run a vulnerability scan on the system. A vulnerability was reported through the scan and it recommends applying a patch to the Oracle Application Server. I suspect that this is actually referring to the Winstone application server. What our IT Security group is requesting from our group is written verification from the vendor stating that the recommended patch cannot or should not be installed to remediate the vulnerability. They require this in order to process an exemption request. What I am uncertain of is how to proceed with obtaining such a statement or who the appropriate parties are to contact as I cannot find a direct point of contact for Jenkins. Can anyone advise? Thanks in advance.
