On Monday, September 23, 2019 at 11:08:58 AM UTC-5, Daniel Beck wrote: > > Jenkins uses the update center metadata to show applicable warnings. It > would be a bit of a hack, and use internals not meant for public > consumption, but you could do that, too. See the bottom of > https://updates.jenkins.io/update-center.actual.json for the warning > definitions. (No complaining if we change the format without prior warning > etc.!) >
The implication of this is that there is no current method to have jenkins send notifications (emails, or otherwise) on known vulnerabilities, core or plug-in. Sounds like an opportunity for improvement, to which I'd be somewhat happy to help with development, but as a total jenkins _user_, I would need more pointers for development. The most obvious would be: is this something that should be in core or should it be yet-another-plug-in? Or, I suppose, I could develop it as a groovy script that one could run as a jenkins job within jenkins itself. Thoughts? > > On Mon, Sep 23, 2019 at 5:52 PM Eric Engstrom <[email protected] > <javascript:>> wrote: > >> Yes, I'm subscribed to the "Security advisories" mailing list >> <https://groups.google.com/forum/m/#!forum/jenkinsci-advisories>, and >> while it provides indications of core updates w.r.t. vulnerabilities, it's >> not as helpful for plug-ins - that is, not only would I have to look at all >> the plug-ins that are listed as being patched, but it doesn't, AFAICT, tell >> me when there are unpatched vulnerabilities. >> > > Counterexample: > https://groups.google.com/d/msg/jenkinsci-advisories/T3Zt01nhGao/kn_VhKasCgAJ > (Aug 7 this year, second email in the "thread" -- Thanks Google!) > Proven wrong - thanks. I'll pay more attention. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/71abc41c-ad1a-4b0a-96b5-aff68b6aaad4%40googlegroups.com.
