On Mon, Oct 26, 2020 at 3:52 PM Oleg Nenashev <o.v.nenas...@gmail.com> wrote: > I would vote for getting more reviews from the Jenkins Security Team members > before it gets merged.
Oh agreed! > I am -0.5 regarding expediting this pull request. Neither needs to be expedited indeed. I would just not want to be waiting weeks here (unless of course a concrete problem comes up that forces more work). > XStream also includes a security risk due to class deserialization. Yes this aspect needs to be considered during review. (Existing tests in that area pass, and the change _should_ not be modifying JEP-200 behavior.) > We are already upgrading Winstone and changing tabs to divs in 2.264 And there is a jQuery change coming? (#4929) -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1ycaO5q9OiZ%3Dmt_c5wFGiVbdfnuZe0grV_%3Dv624sOXew%40mail.gmail.com.
