Re: How to re-sync credentials for publishing plugin updates?

https://www.jenkins.io/doc/developer/publishing/releasing-cd/ On Mon, Dec 13, 2021 at 1:25 PM Matt Sicker wrote: > The CD approach sounds good. I’ll look into that, thanks. > > — > Matt Sicker > > On Dec 13, 2021, at 15:13, 'Gavin Mogan' via Jenkins Developers < >

Re: Feedback on some analysis I'm doing

On Mon, Dec 13, 2021 at 1:35 PM 'rsomas...@netflix.com' via Jenkins Developers wrote: > That suggests that Jenkins Core would prefer plugins to use slf4j-api. If > that's the case, all plugins that depend on jenkins-core should use > slf4j-api > No, Jenkins core uses java.util.logging, and the

Re: How to re-sync credentials for publishing plugin updates?

The CD approach sounds good. I’ll look into that, thanks. — Matt Sicker > On Dec 13, 2021, at 15:13, 'Gavin Mogan' via Jenkins Developers > wrote: > >  > You shouldn't need to sync anything. Unless you're talking about syncing > artifactory and maven. > > I don't think you can currently

Re: How to re-sync credentials for publishing plugin updates?

You shouldn't need to sync anything. Unless you're talking about syncing artifactory and maven. I don't think you can currently log into artifactory to pull down your credentials while the account services are down You can enable cd like the other threads mention though On Mon., Dec. 13, 2021,

How to re-sync credentials for publishing plugin updates?

Hey all, I was wondering what I needed to do to re-sync my credentials for publishing plugins, especially after changing my password? I’d like to cut a release of a plugin affected by CVE-2021-44228 (log4j-core). -- Matt Sicker -- You received this message because you are subscribed to the

Re: Feedback on some analysis I'm doing

Note that some plugins (like audit-log) use log4j-api due to slf4j-api not supporting non-String messages (e.g., audit log structured data messages, syslog metadata, etc.). Promoting logging APIs to an API plugin may require some care in implementation. Also, Jenkins' UI for recording and viewing

Re: Feedback on some analysis I'm doing

On Mon, Dec 13, 2021 at 11:22 AM 'rsomas...@netflix.com' via Jenkins Developers wrote: > > While sometimes […] it is about security […] > Other times, it's mostly about reducing redundant libraries […] Indeed. > Other common libraries are > com.google.code.gson gson

Re: Feedback on some analysis I'm doing

While sometimes (like log4j-core) it is about security and owasp can help. Other times, it's mostly about reducing redundant libraries - like slf4j-api or log4j-api. Other common libraries are ❯ csvsql "SELECT jarGroupId, jarArtifactId, jarVersion, count(*) as CT FROM plugin-jars.csv GROUP BY

Re: Feedback on some analysis I'm doing

Might be interesting to look into adding something like OWASP Dependency-Check to the parent POM and plugin parent POM , with suppressions for existing false positives

Re: Adoption request for "sonar-gerrit" plugin

Passwords got reset a couple months ago account service is down so you can't reset your credentials till it comes back up, they are confirming log4j free Gavin On Mon, Dec 13, 2021 at 9:46 AM 'Réda Housni Alaoui' via Jenkins Developers wrote: > Me again :) > > I can't authenticate to

Re: Adoption request for "sonar-gerrit" plugin

Me again :) I can't authenticate to https://repo.jenkins-ci.org/ui/login/ with my Jenkins credentials. Did I do something wrong? Best regards On December 12, 2021, "Réda Housni Alaoui" wrote: > Whatever you did worked ! > > Thank you > > On December 12, 2021, Jenkins Developers

Re: Unable to release, unable to access my account

As an alternative, you can consider https://www.jenkins.io/doc/developer/publishing/releasing-cd/ which does not require you to have any credentials beyond GitHub write access to the plugin. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.