Jenkins upgrade from 2.250 to 2.275

2021-05-30 Thread s.p...@gmail.com 
After I upgraded Jenkins from 2.250 to 2.275, I noticed that the UI for the 
Jobs configuration looks different. The section for Source Code 
Management/Build Triggers/Build Environment/build/Post-build actions are 
missing at the top of the job configuration page and I see a couple of 
Artifactory configuration sections(tabs). Also, the SSH 
settings/configuration that we set up for each job are missing. Not sure 
how to turn off the Artifactory configuration and restore the SSH settings. 
Please the attached screenshots. Please help. TIA
Jenkins is running on Windows 2012R2 server.


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/b7470c7d-aa1c-4e60-a2ef-80642ccc21d2n%40googlegroups.com.

Re: Out-of-date version(YUI)

2021-05-30 Thread s.p...@gmail.com 
Thank you, Oleg. Thank you for sharing the link to report the 
vulnerabilities. Appreciate your help!

On Sunday, May 30, 2021 at 2:46:39 PM UTC-4 o.v.ne...@gmail.com wrote:

> Hello,
>
> Thanks for your report. I will let the Jenkins security team members to 
> comment on that. Just for your information, we have an official process for 
> reporting security vulnerabilities. I highly recommend following this 
> process. Please see 
> https://www.jenkins.io/security/#reporting-vulnerabilities
>
> Best regards,
> Oleg Nenashev
>
>
>
> On Sunday, May 30, 2021 at 3:05:00 AM UTC+2 s.p...@gmail.com wrote:
>
>> Our web scans shows out-of-date version(YUI) vulnerability. I'm not able 
>> to find anything on how to remediate this finding. Any help is appreciated. 
>> TIA
>> Example :  /static/01babc68/scripts/yui/yahoo/yahoo-min.js 
>> Affected versions of the package are vulnerable to Cross-site 
>> Scripting(XSS) via .swf files, allowing arbitary code injection into 
>> hosting server CVE-2012-5881 CVE-2012-5883
>>
>> *Jenkins version - 2.250 , windows 2012 server.*
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/551379fa-d0b6-401e-b369-dbc40721f587n%40googlegroups.com.

Re: Out-of-date version(YUI)

2021-05-30 Thread Oleg Nenashev 
Hello,

Thanks for your report. I will let the Jenkins security team members to 
comment on that. Just for your information, we have an official process for 
reporting security vulnerabilities. I highly recommend following this 
process. Please see 
https://www.jenkins.io/security/#reporting-vulnerabilities

Best regards,
Oleg Nenashev



On Sunday, May 30, 2021 at 3:05:00 AM UTC+2 s.p...@gmail.com wrote:

> Our web scans shows out-of-date version(YUI) vulnerability. I'm not able 
> to find anything on how to remediate this finding. Any help is appreciated. 
> TIA
> Example :  /static/01babc68/scripts/yui/yahoo/yahoo-min.js 
> Affected versions of the package are vulnerable to Cross-site 
> Scripting(XSS) via .swf files, allowing arbitary code injection into 
> hosting server CVE-2012-5881 CVE-2012-5883
>
> *Jenkins version - 2.250 , windows 2012 server.*
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/15aa21d3-4fa1-4ac9-8bc9-631a1a16982cn%40googlegroups.com.

Re: [IMPORTANT] plugins deprecation for Digester removal

2021-05-30 Thread Oleg Nenashev 
Thanks to Baptiste for bringing it up explicitly! Many plugins from the 
list can be fixed, and there are already pull requests created by Adrien 
Lecharpentier and Carroll Chiou. It would be great to help them landed, but 
many plugins are effectively abandoned. I highly recommend that the pull 
request authors ping maintainers about putting the plugin for adoption.

>From the list, I am particularly concerned about Code Coverage plugins 
which seemed to be actively used. If we could get their releases out, it 
would be awesome






On Saturday, May 29, 2021 at 12:18:37 AM UTC+2 Baptiste Mathus wrote:

> Hi all,
>
> We are about to remove a very old version of a library provided by Jenkins 
> Core: commons-digester:2.1.
>
> In practice, when we do this, *this will make the following plugins 
> unusable starting with the weekly and future LTS.*
>
> The plugins are :
>
>- emma ,
>- cloverphp , 
>- vs-code-metrics 
>, 
>- BlameSubversion 
>, 
>- javatest-report 
>, 
>- vss , 
>- genexus , 
>- synergy , 
>- config-rotator , 
>- harvest , 
>- cmvc  
>
> What can you do if you use one of the plugins above?
>
>- Say so in this thread. 
>- Preferably be ready to step up as maintainer. These plugins are 
>de-facto long abandoned, some for 5+ years, and hence anyway they're 
>already runtime risks in your instances.
>
>
> Thank you!
>
> -- Baptiste
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/4ca24760-4664-464f-ab76-f79ed0820fc0n%40googlegroups.com.