Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43497

Remove dependency on obsolete "Build flow" plugin which has a security vulnerability

    Details

    • Similar Issues:

      Description

      Build Flow Plugin (0.20) is now deprecated, and has a "Arbitrary code execution vulnerability". So Jenkins complains about that in "Manage Jenkins" and on main page.

      I want to uninstall that plugin as now build pipeline should be used instead but I can't because I use the external resource dispatcher plugin.

      Can you please create a new version that drops support for (and dependency to) build flow plugin?

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Sean Jones
          Path:
          .gitignore
          pom.xml
          src/main/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/extensions/BuildFlowPluginExtension.java
          src/main/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/utils/JsonRpcUtil.java
          src/test/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/utils/resourcemanagers/ExternalResourceManagerTest.java
          http://jenkins-ci.org/commit/external-resource-dispatcher-plugin/c19f9572f40f59b8c198ef659586139b4526d7db
          Log:
          Merge pull request #8 from rsandell/optional-build-flow-dep

          JENKINS-43497 Make Build Flow Plugin an optional dependency

          Compare: https://github.com/jenkinsci/external-resource-dispatcher-plugin/compare/97514a8898f1...c19f9572f40f

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Sean Jones Path: .gitignore pom.xml src/main/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/extensions/BuildFlowPluginExtension.java src/main/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/utils/JsonRpcUtil.java src/test/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/utils/resourcemanagers/ExternalResourceManagerTest.java http://jenkins-ci.org/commit/external-resource-dispatcher-plugin/c19f9572f40f59b8c198ef659586139b4526d7db Log: Merge pull request #8 from rsandell/optional-build-flow-dep JENKINS-43497 Make Build Flow Plugin an optional dependency Compare: https://github.com/jenkinsci/external-resource-dispatcher-plugin/compare/97514a8898f1...c19f9572f40f
          Hide
          costescuandrei Andrei Costescu added a comment - - edited

          Should this case still be in "Open"? I see a pull req. was merged for it (thanks ).

          Or are you waiting for it to be released?

          Show
          costescuandrei Andrei Costescu added a comment - - edited Should this case still be in "Open"? I see a pull req. was merged for it (thanks ). Or are you waiting for it to be released?
          Hide
          costescuandrei Andrei Costescu added a comment -

          No new plugin version was released yet.

          When is the next version of the plugin scheduled to be released?

          Show
          costescuandrei Andrei Costescu added a comment - No new plugin version was released yet. When is the next version of the plugin scheduled to be released?

            People

            • Assignee:
              costescuandrei Andrei Costescu
              Reporter:
              costescuandrei Andrei Costescu
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: