Branch: refs/heads/master
Home: https://github.com/jenkinsci/jenkins
Commit: 31974d3c1a29dce2b6383778bdc6de08ef2b39d9
https://github.com/jenkinsci/jenkins/commit/31974d3c1a29dce2b6383778bdc6de08ef2b39d9
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2023-02-06 (Mon, 06 Feb 2023)
Changed paths:
M war/pom.xml
Log Message:
-----------
Update bundled Apache Mina-sshd plugins (#7623)
Embed Apache mina sshd plugins 2.9.2 (common and core)
Update `sshd-common` plugin and `sshd-core` plugin from
2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a
Changelog
https://github.com/apache/mina-sshd/blob/master/docs/changes/2.9.2.md
links to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047
Unsafe deserialization in SimpleGeneratorHostKeyProvider
Jenkins core does not reference the SimpleGeneratorHostKeyProvider class.
It is referenced from sshd plugin at
https://github.com/jenkinsci/sshd-plugin/blob/251d59011530b4d3a4db4a3e6ee8f076c61c3bfe/src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java#L162
Users can upgrade the plugin themselves during installation but it is
easier if we bundle the updated plugin version with new releases rather
than requiring that the user perform the update.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/jenkins/push/refs/heads/master/273583-31974d%40github.com.
