Branch: refs/heads/master
Home: https://github.com/jenkinsci/jenkins-test-harness-tools
Commit: 9c10dcfbab82efa1494ebd2fa11278e0063986ff
https://github.com/jenkinsci/jenkins-test-harness-tools/commit/9c10dcfbab82efa1494ebd2fa11278e0063986ff
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Date: 2022-07-08 (Fri, 08 Jul 2022)
Changed paths:
M pom.xml
Log Message:
-----------
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.
Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: CodeQL & OpenRewrite
(https://public.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8
Co-authored-by: Moderne <t...@moderne.io>
Commit: 2dd05caf2b1526254dd3781efb3746f810cd6f13
https://github.com/jenkinsci/jenkins-test-harness-tools/commit/2dd05caf2b1526254dd3781efb3746f810cd6f13
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
M pom.xml
Log Message:
-----------
Merge pull request #9 from
JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies_maven
[SECURITY] Use HTTPS to resolve dependencies in Maven Build
Compare:
https://github.com/jenkinsci/jenkins-test-harness-tools/compare/27318f28f596...2dd05caf2b15
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/jenkins-test-harness-tools/push/refs/heads/master/27318f-2dd05c%40github.com.
