Removing the "Vulnerability" banner on the Nomad plugin page

23 views
Skip to first unread message

j...@multani.info

unread,
Apr 26, 2021, 7:41:15 AM4/26/21
to Jenkins Developers

Hi,

I became recently maintainer for the Nomad plugin, and it currently shows a banner saying "The current version of this plugin contains a vulnerability", although it has been fixed (AFAIK) a 2 years ago, and released in version v0.5.1 (latest version is v0.7.4).

I'm also new to being a plugin maintainer, and after reading the security documentation for maintainers, I'm still not sure:

* How is this banner generated?
* How to acknowledge the fix and remove the banner from both the plugin page and from Jenkins itself?
* Or, if there's an automated process that still finds the error, how to see that and fix the problem?

Thanks for the pointers,

 Jonathan

Daniel Beck

unread,
Apr 26, 2021, 8:35:55 AM4/26/21
to JenkinsCI Developers
Thanks for letting us know!

The documentation for this specifically is at https://www.jenkins.io/security/plugins/#followup

I filed https://github.com/jenkins-infra/update-center2/pull/515 updating the warning and will merge it once I confirm the issue was fully resolved. This will remove the banner from plugins.jenkins.io and the warning shown to admins inside Jenkins.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/1999ea96-461a-47ac-ab70-65c912b6d10dn%40googlegroups.com.


--

Daniel Beck
Senior Software Engineer
CloudBees, Inc.

 


Jonathan Ballet

unread,
Apr 26, 2021, 8:45:38 AM4/26/21
to jenkin...@googlegroups.com
Hi Daniel,

On Mon, 26 Apr 2021, at 14:35, Daniel Beck wrote:
Thanks for letting us know!

The documentation for this specifically is at https://www.jenkins.io/security/plugins/#followup

Oh right, I completely missed it, thanks for pointing this out!

I filed https://github.com/jenkins-infra/update-center2/pull/515 updating the warning and will merge it once I confirm the issue was fully resolved. This will remove the banner from plugins.jenkins.io and the warning shown to admins inside Jenkins.

Perfect, thanks a lot!

Best,

 Jonathan
Reply all
Reply to author
Forward
0 new messages