On Wed, May 18, 2022 at 10:02 PM [email protected] < [email protected]> wrote:
> But the way I read that is as a warning: subject to CSRF problems, be > warned. I don't see any indication that GET has been disabled. > > What am I not seeing? > With publication of the advisory, we suspended distribution of the plugin for a while until the issues were fixed in release 3.0. The fix for this was to require POST, which Jenkins applies CSRF protection to. Advisories are not updated when previously unresolved issues are fixed, so it still says that as of publication, there is no fix. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAMo7Pt%2BRzvyUo6r4H9GHqREyY3ePiAiBdw0bPHh6nUnvZVqiqA%40mail.gmail.com.
