Re: Removing security vulnerability warning from CloudFormation plugin

2022-11-20 Thread Alexander Brandes 
> Please follow our guidelines when reporting vulnerabilities, please see 
https://www.jenkins.io/security/ for details!

The CVE's details have been published more than 3 years ago, no new 
information has been disclosed here.

Someone from the security team will need to review your PR to the 
update-center and the fix integrated, to update the CVE record and the 
warnings on plugins.jenkins.io etc.

Patience is key, but thanks for letting us know :)
On Saturday, 19 November 2022 at 23:13:12 UTC+1 ullrich...@gmail.com wrote:

> Please follow our guidelines when reporting vulnerabilities, please see 
> https://www.jenkins.io/security/ for details!
>
> Am 19.11.2022 um 20:50 schrieb Damir Suleymanov :
>
> Hi,
> I recently addressed vulnerability CVE-2019-1003061 in the CloudFormation 
> plugin (https://plugins.jenkins.io/jenkins-cloudformation-plugin/)
>
> Here's the PR that fixes it: 
> https://github.com/jenkinsci/jenkins-cloudformation-plugin/pull/58
>
> Here's a PR to update the warning: 
> https://github.com/jenkins-infra/update-center2/pull/657
>
> I tested this release on my production instance of Jenkins and I can see 
> that the secret is now encrypted.
>
> Thanks,
> Damir.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/923b08db-b23c-4c22-a3d4-8705843db612n%40googlegroups.com
>  
> 
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/380b67c6-40be-48f6-8506-410fe4759f27n%40googlegroups.com.

Re: Removing security vulnerability warning from CloudFormation plugin

2022-11-19 Thread Ullrich Hafner 
Please follow our guidelines when reporting vulnerabilities, please see 
https://www.jenkins.io/security/ for details!

> Am 19.11.2022 um 20:50 schrieb Damir Suleymanov :
> 
> Hi,
> I recently addressed vulnerability CVE-2019-1003061 in the CloudFormation 
> plugin (https://plugins.jenkins.io/jenkins-cloudformation-plugin/)
> 
> Here's the PR that fixes it: 
> https://github.com/jenkinsci/jenkins-cloudformation-plugin/pull/58
> 
> Here's a PR to update the warning: 
> https://github.com/jenkins-infra/update-center2/pull/657
> 
> I tested this release on my production instance of Jenkins and I can see that 
> the secret is now encrypted.
> 
> Thanks,
> Damir.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/923b08db-b23c-4c22-a3d4-8705843db612n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/4D2F2BC0-0358-453C-A366-1A6D084D4311%40gmail.com.

Removing security vulnerability warning from CloudFormation plugin

2022-11-19 Thread Damir Suleymanov 
Hi,
I recently addressed vulnerability CVE-2019-1003061 in the CloudFormation 
plugin (https://plugins.jenkins.io/jenkins-cloudformation-plugin/)

Here's the PR that fixes 
it: https://github.com/jenkinsci/jenkins-cloudformation-plugin/pull/58

Here's a PR to update the 
warning: https://github.com/jenkins-infra/update-center2/pull/657

I tested this release on my production instance of Jenkins and I can see 
that the secret is now encrypted.

Thanks,
Damir.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/923b08db-b23c-4c22-a3d4-8705843db612n%40googlegroups.com.