Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61511

Outdated/vulnerable dependency (commons-io)

    Details

    • Similar Issues:

      Description

      The library commons-io contains a vulnerability in all released versions. The correction is planned for 2.7, but unreleased yet. To prevent any issue with this library, please ensure you are not using FileNameUtils.normalize and post your analysis here.

      Ticket to follow the vulnerability:

      https://issues.apache.org/jira/browse/IO-559

      Although the plugin may not use the dependency the way it's exploitable, it's better to avoid the buggy dependency in order to:

      Thank you.

      by Ramón León

        Attachments

          Issue Links

            Activity

            Show
            donmccasland Don McCasland added a comment - https://github.com/jenkinsci/google-storage-plugin/pull/113
            Hide
            jhartley Jeremy Hartley added a comment -

            Thanks Don McCasland - Do we have a timeline for release?

            Show
            jhartley Jeremy Hartley added a comment - Thanks Don McCasland - Do we have a timeline for release?

              People

              • Assignee:
                donmccasland Don McCasland
                Reporter:
                foundation_security_members CloudBees Foundation Security
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: