On Monday, April 4, 2022 at 9:32:56 AM UTC-6 Arun Suresh wrote:
> JMeter performance plugin is listed with vulnerability: > https://plugins.jenkins.io/performance/ > So currently its not safe to use this plugin( > https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2394). > > Can you please help us to fix this issue. Currently I'm facing issue that > I don't find any other alternative plugin also to use since this plugin > currently have this vulnerability. > Due to this vulnerability, currently security guidelines is not allowing > us to use this plugin. Will be extremely helpful if you can support us > here. > > The current maintainers were informed of the vulnerability before it was published without a fix. They did not have the capacity to fix it. I assume they still do not have the capacity to fix it. You are welcome to adopt the plugin and fix the issue. It would be a good way for your employer to get the fix they need and a good way for them to contribute to the Jenkins community. The "Contributing to Open Source" <https://docs.google.com/document/d/1PKYIpPlRVGsBqrz0Ob1Cv3cefOZ5j2xtGZdWs27kLuw/edit?usp=sharing> workshop from DevOps World 2021 provides a series of steps that you could take to prepare to adopt the performance plugin. There is a five part video series <https://www.youtube.com/watch?v=Fev8KfFsPZE> linked in that document that introduces the concepts and illustrates the tasks to consider as you adopt a plugin. As another alternative, you could push the JMeter results to a different location (a web server somewhere inside your company) and guide people to read the results from that web server. Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8806fe7d-850f-4ac0-9a2f-fb3901acef21n%40googlegroups.com.
