> On 24. Jul 2017, at 15:04, 'Bruno P. Kinoshita' via Jenkins Developers <
jenkin...@googlegroups.com> wrote:
>
> I had seen the security advisory, and in the Wiki and GitHub I can see some progress made to fix some of the 5 issues.
>
> But I think the maintainer is the only one with access to read and comment in the SECURITY-XXX tickets.
>
> At least that's what I recall from when I worked on an SECURITY issue. My intention was to check the progress of tickets, see if there was a patch somewhere to be tested, or a discussion going on. And then try to help scriptler and any other plugin I use/used or that is a dependency in one of the plugins I use.
>
> But I can wait till the maintainer has made further progress on the issues. I will re-read the description of the security issues with more calm over the next days, check latest code and try to liaise directly with the maintainer if I have a patch.
>
Hi Bruno,
First, you're welcome to join the security team. We can always use the additional help!
In this special case, if you're just interested in fixing this one issue, I can also make available whatever internal discussion and proposed code changes exists related to this issue.
Whichever way you prefer, just let me know.
Daniel