You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Jenkins Users
There is a STored XSS vulnerability for the JDK Parameter plugin.We use this plugin to specify the JDK version for our Builds compilation. Is there any plans to upgrade the plugin or can I use the any other plugin ? TIA
Mark Waite
unread,
Aug 29, 2022, 4:04:15 PM8/29/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Jenkins Users
On Monday, August 29, 2022 at 11:20:25 AM UTC-8 you wrote:
There is a STored XSS vulnerability for the JDK Parameter plugin.We use this plugin to specify the JDK version for our Builds compilation. Is there any plans to upgrade the plugin or can I use the any other plugin ? TIA
The JDK parameter plugin was last released 9 years ago. There have only been three pull requests to the plugin since the 1.0 release 9 years ago. I've seen no mention from anyone of any plan to fix that vulnerability or to modernize the plugin.
If the plugin matters to your employer, you could ask your employer to allow you or one of your colleagues to maintain the plugin. That would meet your need for the plugin and would help the other 4000+ installations of the plugin.