[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Lai DaZhi started work on JENKINS-51344 Change By: Lai DaZhi Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.190688.1526395187000.3669.1564458120532%40Atlassian.JIRA.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Lai DaZhi edited a comment on JENKINS-51344 Re: Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 [https://help.aliyun.com/noticelist/articleid/1060030951.html?spm=5176.12809143.sas.12.6532kyPjkyPjSj] h1. CVE-2019-12384 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.190688.1526395187000.3664.1564454400350%40Atlassian.JIRA.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Lai DaZhi commented on JENKINS-51344 Re: Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 https://help.aliyun.com/noticelist/articleid/1060030951.html?spm=5176.12809143.sas.12.6532kyPjkyPjSj Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.190688.1526395187000.3659.1564453140399%40Atlassian.JIRA.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Olivier Lamy updated an issue Jenkins / JENKINS-51344 Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 Change By: Olivier Lamy Component/s: jira-plugin Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Oleg Nenashev commented on JENKINS-51344 Re: Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 Bill Stephens I suggest creating a separate issue for each plugin in question Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Oleg Nenashev commented on JENKINS-51344 Re: Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 Bill Stephens just for the future, please follow the https://jenkins.io/security/#reporting-vulnerabilities process if you see security-related issues. Regarding this particular CVE, we recently did investigation, and we didn't discover any usages of the vulnerable API in JIRA. Updates would be nice, but there is no security defect on the Jenkins side. If you see ones, please report them accordingly. Generally all listed plugins should switch to Jackson Databind Plugin or Jackson2 API Plugin so that they do not bundle the dependencies on their own Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-51344 Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 Change By: Oleg Nenashev Labels: security-hardening Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Daniel Beck commented on JENKINS-51344 Re: Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 Specifically, the CVE being identified by crappy security scanners, as none of these plugins opt in to the affected feature in jackson-databind, last time I checked at least. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-51344) Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968
Title: Message Title Bill Stephens created an issue Jenkins / JENKINS-51344 Jackson-Databind needs to be upgraded to 2.9.4+ to address CVE-2018-5968 Issue Type: Improvement Assignee: Marcel Birkner Components: ec2-deployment-dashboard-plugin, github-plugin, jira-plugin Created: 2018-05-15 14:39 Priority: Major Reporter: Bill Stephens Jackson-databind jar needs to be updated to 2.9.4+ to address https://nvd.nist.gov/vuln/detail/CVE-2018-5968 Add Comment This message was sent by Atlassian JIRA (v