Loading...

Type: Improvement
Resolution: Duplicate
Priority: Minor
Component/s: core
Labels:
None

Similar Issues:

Show

[org.jenkins-ci.main:jenkins-core 2.204.2](https://mvnrepository.com/artifact/org.jenkins-ci.main/jenkins-core/2.204.2) appears to have several vulnerable dependencies. Are there any plans to update this?

[INFO] +- org.jenkins-ci.main:jenkins-core:jar:2.204.2:compile
 [INFO] | +- org.jenkins-ci.plugins.icon-shim:icon-set:jar:1.0.5:compile
 [INFO] | +- org.jenkins-ci.main:remoting:jar:3.36.1:compile
 [INFO] | | - org.jenkins-ci:constant-pool-scanner:jar:1.2:compile
 [INFO] | +- org.jenkins-ci.main:cli:jar:2.204.2:compile
 [INFO] | | - net.i2p.crypto:eddsa:jar:0.3.0:compile
 [INFO] | +- org.jenkins-ci:version-number:jar:1.6:compile
 [INFO] | | - com.google.code.findbugs:annotations:jar:3.0.0:compile
 [INFO] | +- org.jenkins-ci:crypto-util:jar:1.1:compile
 [INFO] | +- org.jvnet.hudson:jtidy:jar:4aug2000r7-dev-hudson-1:compile
 [INFO] | +- com.google.inject:guice:jar:4.0:compile
 [INFO] | | +- javax.inject:javax.inject:jar:1:compile
 [INFO] | | - aopalliance:aopalliance:jar:1.0:compile
 [INFO] | +- org.connectbot.jbcrypt:jbcrypt:jar:1.0.0:compile
 [INFO] | +- org.jruby.ext.posix:jna-posix:jar:1.0.3-jenkins-1:compile
 [INFO] | +- com.github.jnr:jnr-posix:jar:3.0.45:compile
 [INFO] | | +- com.github.jnr:jnr-ffi:jar:2.1.8:compile
 [INFO] | | | +- com.github.jnr:jffi:jar:1.2.17:compile
 [INFO] | | | +- com.github.jnr:jffi:jar:native:1.2.16:runtime
 [INFO] | | | +- org.ow2.asm:asm:jar:5.0.3:compile
 [INFO] | | | +- org.ow2.asm:asm-commons:jar:5.0.3:compile
 [INFO] | | | +- org.ow2.asm:asm-analysis:jar:5.0.3:compile
 [INFO] | | | +- org.ow2.asm:asm-tree:jar:5.0.3:compile
 [INFO] | | | +- org.ow2.asm:asm-util:jar:5.0.3:compile
 [INFO] | | | - com.github.jnr:jnr-x86asm:jar:1.0.2:compile
 [INFO] | | - com.github.jnr:jnr-constants:jar:0.9.9:compile
 [INFO] | +- org.kohsuke.stapler:stapler-groovy:jar:1.258:compile
 [INFO] | | - org.kohsuke.stapler:stapler-jelly:jar:1.258:compile
 [INFO] | | +- org.jenkins-ci:commons-jelly:jar:1.1-jenkins-20120928:compile
 [INFO] | | - org.dom4j:dom4j:jar:2.1.1:compile
 [INFO] | +- org.kohsuke.stapler:stapler-jrebel:jar:1.258:compile
 [INFO] | | - org.kohsuke.stapler:stapler:jar:1.258:compile
 [INFO] | | +- javax.annotation:javax.annotation-api:jar:1.2:compile
 [INFO] | | +- commons-discovery:commons-discovery:jar:0.4:compile
 [INFO] | | +- org.jvnet:tiger-types:jar:2.2:compile
 [INFO] | | - org.kohsuke:asm5:jar:5.0.1:compile
 [INFO] | +- org.kohsuke:windows-package-checker:jar:1.2:compile
 [INFO] | +- org.kohsuke.stapler:stapler-adjunct-zeroclipboard:jar:1.3.5-1:compile
 [INFO] | +- org.kohsuke.stapler:stapler-adjunct-timeline:jar:1.5:compile
 [INFO] | +- org.kohsuke.stapler:stapler-adjunct-codemirror:jar:1.3:compile
 [INFO] | +- io.jenkins.stapler:jenkins-stapler-support:jar:1.1:compile
 [INFO] | +- com.infradna.tool:bridge-method-annotation:jar:1.13:compile
 [INFO] | +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:compile
 [INFO] | | +- commons-logging:commons-logging:jar:1.1.1:compile
 [INFO] | | - net.sf.ezmorph:ezmorph:jar:1.0.6:compile
 [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:compile
 [INFO] | +- args4j:args4j:jar:2.33:compile
 [INFO] | +- org.jenkins-ci:annotation-indexer:jar:1.12:compile
 [INFO] | +- org.jenkins-ci:bytecode-compatibility-transformer:jar:2.0-beta-2:compile
 [INFO] | | - org.kohsuke:asm6:jar:6.2:compile
 [INFO] | +- org.jenkins-ci:task-reactor:jar:1.5:compile
 [INFO] | +- org.jvnet.localizer:localizer:jar:1.26:compile
 [INFO] | +- antlr:antlr:jar:2.7.6:compile
 [INFO] | +- xpp3:xpp3:jar:1.1.4c:compile
 [INFO] | +- net.sf.kxml:kxml2:jar:2.3.0:compile
 [INFO] | +- org.jfree:jfreechart:jar:1.0.19:compile
 [INFO] | | - org.jfree:jcommon:jar:1.0.23:compile
 [INFO] | +- commons-io:commons-io:jar:2.6:compile
 [INFO] | +- commons-lang:commons-lang:jar:2.6:compile
 [INFO] | +- commons-digester:commons-digester:jar:2.1:compile
 [INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile
 [INFO] | +- org.apache.commons:commons-compress:jar:1.19:compile
 [INFO] | +- javax.mail:mail:jar:1.4.4:compile
 [INFO] | +- org.jvnet.hudson:activation:jar:1.1.1-hudson-1:compile
 [INFO] | +- jaxen:jaxen:jar:1.1-beta-11:compile
 [INFO] | +- commons-jelly:commons-jelly-tags-fmt:jar:1.0:compile
 [INFO] | +- commons-jelly:commons-jelly-tags-xml:jar:1.1:compile
 [INFO] | +- org.jvnet.hudson:commons-jelly-tags-define:jar:1.0.1-hudson-20071021:compile
 [INFO] | +- org.jenkins-ci:commons-jexl:jar:1.1-jenkins-20111212:compile
 [INFO] | +- org.acegisecurity:acegi-security:jar:1.0.7:compile
 [INFO] | | +- org.springframework:spring-jdbc:jar:1.2.9:compile
 [INFO] | | | - org.springframework:spring-dao:jar:1.2.9:compile
 [INFO] | | +- oro:oro:jar:2.0.8:compile
 [INFO] | | - log4j:log4j:jar:1.2.9:runtime
 [INFO] | +- org.springframework:spring-webmvc:jar:2.5.6.SEC03:compile
 [INFO] | | +- org.springframework:spring-beans:jar:2.5.6.SEC03:compile
 [INFO] | | +- org.springframework:spring-context:jar:2.5.6.SEC03:compile
 [INFO] | | +- org.springframework:spring-context-support:jar:2.5.6.SEC03:compile
 [INFO] | | - org.springframework:spring-web:jar:2.5.6.SEC03:compile
 [INFO] | +- org.springframework:spring-core:jar:2.5.6.SEC03:compile
 [INFO] | +- org.springframework:spring-aop:jar:2.5.6.SEC03:compile
 [INFO] | +- javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:jar:1.2.1:compile
 [INFO] | +- org.slf4j:jcl-over-slf4j:jar:1.7.26:compile
 [INFO] | +- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
 [INFO] | +- com.sun.xml.txw2:txw2:jar:20110809:compile
 [INFO] | | +- javax.xml.stream:stax-api:jar:1.0-2:compile
 [INFO] | | - relaxngDatatype:relaxngDatatype:jar:20020414:compile
 [INFO] | +- commons-collections:commons-collections:jar:3.2.2:compile
 [INFO] | +- org.jvnet.winp:winp:jar:1.28:compile
 [INFO] | +- org.jenkins-ci:memory-monitor:jar:1.9:compile
 [INFO] | +- org.codehaus.woodstox:wstx-asl:jar:3.2.9:compile
 [INFO] | | - stax:stax-api:jar:1.0.1:compile
 [INFO] | +- org.jmdns:jmdns:jar:3.5.5:compile
 [INFO] | +- net.java.dev.jna:jna:jar:5.3.1:compile
 [INFO] | +- org.kohsuke:akuma:jar:1.10:compile
 [INFO] | +- org.kohsuke:libpam4j:jar:1.11:compile
 [INFO] | +- org.kohsuke:libzfs:jar:0.8:compile
 [INFO] | +- com.sun.solaris:embedded_su4j:jar:1.1:compile
 [INFO] | +- net.java.sezpoz:sezpoz:jar:1.13:compile
 [INFO] | +- org.kohsuke.jinterop:j-interop:jar:2.0.6-kohsuke-1:compile
 [INFO] | | - org.kohsuke.jinterop:j-interopdeps:jar:2.0.6-kohsuke-1:compile
 [INFO] | | - org.samba.jcifs:jcifs:jar:1.2.19:compile
 [INFO] | +- org.jvnet.robust-http-client:robust-http-client:jar:1.2:compile
 [INFO] | +- org.jenkins-ci:symbol-annotation:jar:1.1:compile
 [INFO] | +- commons-codec:commons-codec:jar:1.12:compile
 [INFO] | +- org.kohsuke:access-modifier-annotation:jar:1.14:compile
 [INFO] | +- commons-fileupload:commons-fileupload:jar:1.3.1-jenkins-2:compile
 [INFO] | +- com.google.guava:guava:jar:11.0.1:compile
 [INFO] | - com.jcraft:jzlib:jar:1.1.3-kohsuke-1:compile

Violations_Export.json

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Violations_Export.json
51 kB
2020-02-03 15:24

duplicates

JENKINS-68689 Core and core component dependency debt

Open

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates