Hi everyone, So far we haven't done a great job informing plugin maintainers of security issues reported in our JIRA. This needed to change and I've now configured JIRA so we can assign SECURITY issues to plugin maintainers. Some of you may already have been assigned issues in SECURITY for plugins you're maintaining.
I'm also offering plugin maintainers to do a coordinated release, which means several plugins, or Jenkins core and one or more plugins, get security fixes released simultaneously, with pre-announcement to jenkinsci-advisories, and a security advisory on https://wiki.jenkins-ci.org/display/SECURITY -- I'd be handling all of this, and plugin maintainers would just hold off publishing the source code for fixes, documentation on the security issue, and new plugin releases containing the fix, until a specified date. Daniel -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/6DE4E72F-05B8-4AFE-A719-67C886B88297%40beckweb.net. For more options, visit https://groups.google.com/d/optout.
