Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CVE related to script-security #5215

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Divyaasm
Copy link
Collaborator

Description

Upgrade to latest version https://mvnrepository.com/artifact/org.jenkins-ci.plugins/script-security

Issues Resolved

#5210

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Divya Madala <[email protected]>
@@ -44,6 +44,7 @@ configurations.all {
force group: 'com.google.errorprone', name: 'error_prone_annotations', version: '2.18.0'
force group: 'org.checkerframework', name: 'checker-qual', version: '3.33.0'
force group: 'com.google.j2objc', name: 'j2objc-annotations', version: '2.8'
force group: 'com.github.ben-manes.caffeine', name:'caffeine', version: '2.9.3'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need to add this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest versions of script-security', '1369.v9b_98a_4e95b_2d requires caffeine version 3.1.8 which is not compatible with our java Version
check the failure here

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we still pointing to java8? Isnt 11 or 17 is the one we use now?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or is there a version for us to upgrade to, that resolves the cve but not require a lower version of caffeine?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

2 participants