It's worth to mention that 2.361 contains several regression fixes too, which you don't want to miss out.
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtKj6xQzPNc7d3ozpPQC4-03W%3D4ynYCUkVD%3DLyAHF2xO7w%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPoyBqQXCEMSf0iZ9n6Ymu-KxBHc%2BV%2B0paKSq%2Bouiusj0SSRgA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpcek4uaLV3WqGV%2Bgt5ncvJdXyT9ZwfNCA-P152OtqkSg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPoyBqQ%3DRDT3ot0MaRFJW%2BMWSs54vnphj6SS_J73RhhQ4iyH_Q%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BifZ4i65SNZj%2B0N%2B78pokLF%3DD_2uV0ATtKP4y3jKy7u1Sg%40mail.gmail.com.
Hi,I'd like to mitigate my previous "there are no real security issues"to something such "there are no real security issues per default"BUT as long as a user activates http2 there will be a security issue see https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4jI think it still worth to have this in the LTS as we don;t want to have immediately Jetty 10 in LTS.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPoyBqR6%2BSVB%3DGzoxoic0hA0ZUWfNNmZqCuDUVX2GO5Y%2BSmqVA%40mail.gmail.com.
On Fri, Aug 12, 2022 at 5:22 PM Olivier Lamy <olive...@gmail.com> wrote:Hi,I'd like to mitigate my previous "there are no real security issues"to something such "there are no real security issues per default"BUT as long as a user activates http2 there will be a security issue see https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4jI think it still worth to have this in the LTS as we don;t want to have immediately Jetty 10 in LTS.Since Jetty 10 was included in Jenkins 2.363, I'd prefer that we consider a backport of Jetty 10 as first preference. I've seen no reports of any issues with Jetty 10 in Jenkins 2.363 and I hope that pattern will continue. It worked well in the testing that I performed with 2.363.