SECURITY issues in plugins
19 views
Skip to first unread message
Daniel Beck
Mar 15, 2016, 9:52:41 AM3/15/16
to Jenkins Developers
Hi everyone,
So far we haven't done a great job informing plugin maintainers of security issues reported in our JIRA. This needed to change and I've now configured JIRA so we can assign SECURITY issues to plugin maintainers. Some of you may already have been assigned issues in SECURITY for plugins you're maintaining.
I'm also offering plugin maintainers to do a coordinated release, which means several plugins, or Jenkins core and one or more plugins, get security fixes released simultaneously, with pre-announcement to jenkinsci-advisories, and a security advisory on https://wiki.jenkins-ci.org/display/SECURITY -- I'd be handling all of this, and plugin maintainers would just hold off publishing the source code for fixes, documentation on the security issue, and new plugin releases containing the fix, until a specified date.
Daniel
So far we haven't done a great job informing plugin maintainers of security issues reported in our JIRA. This needed to change and I've now configured JIRA so we can assign SECURITY issues to plugin maintainers. Some of you may already have been assigned issues in SECURITY for plugins you're maintaining.
I'm also offering plugin maintainers to do a coordinated release, which means several plugins, or Jenkins core and one or more plugins, get security fixes released simultaneously, with pre-announcement to jenkinsci-advisories, and a security advisory on https://wiki.jenkins-ci.org/display/SECURITY -- I'd be handling all of this, and plugin maintainers would just hold off publishing the source code for fixes, documentation on the security issue, and new plugin releases containing the fix, until a specified date.
Daniel
Reply all
Reply to author
Forward
0 new messages