Details

    • Similar Issues:

      Description

      I want to ask if these security issues addressed so far and planned on the roadmap?

       https://wiki.jenkins.io/display/JENKINS/Gitlab+OAuth+Plugin

      The current version of this plugin may not be safe to use. Please review the following warnings before use:
      
      HTTP session fixation vulnerability
      Open redirect vulnerability
      

        Attachments

          Activity

          Hide
          wfollonier Wadeck Follonier added a comment -

          The two fixes are proposed in public:

          Please Mohamed El Habib review them and if good enough for you, merge them. That will allow the plugin to avoid the security warnings.

          Show
          wfollonier Wadeck Follonier added a comment - The two fixes are proposed in public: https://github.com/jenkinsci/gitlab-oauth-plugin/pull/16 by Bjoern Kasteleiner https://github.com/jenkinsci/gitlab-oauth-plugin/pull/17 by me Please Mohamed El Habib review them and if good enough for you, merge them. That will allow the plugin to avoid the security warnings.
          Hide
          cryptolukas Matthias Doering added a comment -

          Wadeck Follonier Do you know something about the planned time for the release?

          Show
          cryptolukas Matthias Doering added a comment - Wadeck Follonier Do you know something about the planned time for the release?
          Hide
          wfollonier Wadeck Follonier added a comment -

          Matthias Doering following the PR links, you can find the merge commit, in it, you will the version where it was integrated. If it's only "master" (or "dev") it means that there is no release. For those ones, you will see "gitlab-oauth-1.5", meaning the version 1.5 contains those fixes.

          Show
          wfollonier Wadeck Follonier added a comment - Matthias Doering following the PR links, you can find the merge commit, in it, you will the version where it was integrated. If it's only "master" (or "dev") it means that there is no release. For those ones, you will see "gitlab-oauth-1.5", meaning the version 1.5 contains those fixes.

            People

            • Assignee:
              elhabib_med Mohamed El Habib
              Reporter:
              cryptolukas Matthias Doering
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: