-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CVE related to script-security #5215
base: main
Are you sure you want to change the base?
Conversation
62fc80d
to
736fac6
Compare
Signed-off-by: Divya Madala <[email protected]>
@@ -44,6 +44,7 @@ configurations.all { | |||
force group: 'com.google.errorprone', name: 'error_prone_annotations', version: '2.18.0' | |||
force group: 'org.checkerframework', name: 'checker-qual', version: '3.33.0' | |||
force group: 'com.google.j2objc', name: 'j2objc-annotations', version: '2.8' | |||
force group: 'com.github.ben-manes.caffeine', name:'caffeine', version: '2.9.3' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do we need to add this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Latest versions of script-security', '1369.v9b_98a_4e95b_2d requires caffeine version 3.1.8 which is not compatible with our java Version
check the failure here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we still pointing to java8? Isnt 11 or 17 is the one we use now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or is there a version for us to upgrade to, that resolves the cve but not require a lower version of caffeine?
Description
Upgrade to latest version https://mvnrepository.com/artifact/org.jenkins-ci.plugins/script-security
Issues Resolved
#5210
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.