[JIRA] (JENKINS-58849) Logstash plugin: requires insecure "mask-passwords"

[tyler@tylercipriani.com (JIRA)]

Tyler Cipriani created an issue

Jenkins / JENKINS-58849 Logstash plugin: requires insecure "mask-passwords" Issue Type: Bug Assignee: Jakub Bochenski Components: logstash-plugin, mask-passwords-plugin Created: 2019-08-07 14:44 Labels: security plugin Priority: Minor Reporter: Tyler Cipriani The mask-passwords plugin contains CVE-2019-10370 for which there is no released fix; however, the Logstash plugin depends on this plugin:   https://github.com/jenkinsci/logstash-plugin/blob/master/pom.xml#L162 Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[bochenski.kuba+jenkins@gmail.com (JIRA)]

Jakub Bochenski closed an issue as Cannot Reproduce

The dependency you link to is only used in test (as can be seen by it's scope). I fail to see why it would be a problem. Please reopen if I'm missing something

Jenkins / JENKINS-58849 Logstash plugin: requires insecure "mask-passwords"

Change By: Jakub Bochenski Status: Open Closed Resolution: Cannot Reproduce

Add Comment

[tyler@tylercipriani.com (JIRA)]

Tyler Cipriani commented on JENKINS-58849

Re: Logstash plugin: requires insecure "mask-passwords" In the Jenkins UI "This plugin cannot be uninstalled it has one or more dependents Logstash" when I hover over "Uninstall" for "Mask Passwords Plugin"

Add Comment

[tyler@tylercipriani.com (JIRA)]

Tyler Cipriani reopened an issue

Jenkins / JENKINS-58849

Logstash plugin: requires insecure "mask-passwords"

Change By: Tyler Cipriani Resolution: Cannot Reproduce Status: Closed Reopened

Add Comment

[bochenski.kuba+jenkins@gmail.com (JIRA)]

Jakub Bochenski commented on JENKINS-58849

Re: Logstash plugin: requires insecure "mask-passwords" Please try upgrading the plugin to latest version, as old versions depended on mask-passwords

Add Comment