Branch: refs/heads/master
Home: https://github.com/jenkins-infra/update-center2
Commit: a3dcfe17cbbb94eea5a0fe9f6937ac423538dfe3
https://github.com/jenkins-infra/update-center2/commit/a3dcfe17cbbb94eea5a0fe9f6937ac423538dfe3
Author: Mark Waite <[email protected]>
Date: 2023-09-19 (Tue, 19 Sep 2023)
Changed paths:
M resources/warnings.json
Log Message:
-----------
SECURITY-1886 fixed in global build stats plugin (#731)
* SECURITY-1886 fixed in global build stats plugin
https://github.com/jenkinsci/global-build-stats-plugin/issues/38 fixed
the https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886
stored cross-site scripting vulnerability.
https://github.com/jenkinsci/global-build-stats-plugin/releases/tag/269.v214f74360b_3a_
is the release that includes that pull request.
* 244.v27c8a_2e50a_34 is global build stats last affected version
Extend the pattern match to include 244.v27c8a_2e50a_34 as the last
global build status version affected by
https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886
* Include more interim releases in regex
Releases that have the security issue include:
* 1.0
* 1.1
* 1.2
* 1.3
* 1.4
* 1.5
* 244.v27c8a_2e50a_34
* 269.v214f74360b_3a_
* 282.v79ca_e079d1b_1
* Group the version numbers
Lack of grouping the version numbers negates the purpose of the
(|[.-].+) suffix.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkins-infra/update-center2/push/refs/heads/master/1ae935-a3dcfe%40github.com.
