Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jenkins 2.346.1 still warns about Jenkins Security Advisory 2022-06-22 #3015

Closed
KalleOlaviNiemitalo opened this issue Jun 22, 2022 · 5 comments · Fixed by jenkins-infra/update-center2#604
Closed

Jenkins 2.346.1 still warns about Jenkins Security Advisory 2022-06-22 #3015

KalleOlaviNiemitalo opened this issue Jun 22, 2022 · 5 comments · Fixed by jenkins-infra/update-center2#604
Assignees
@daniel-beck
Labels
updateCenter
Milestone
infra-team-sync-2...

Comments

@KalleOlaviNiemitalo
Copy link

KalleOlaviNiemitalo commented Jun 22, 2022
edited

Service(s)

Update center

Summary

I upgraded to Jenkins 2.346.1 but it still shows this warning about Jenkins Security Advisory 2022-06-22

Warnings have been published for the following currently installed components:

Jenkins 2.346.1 core and libraries
Multiple security vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier

Because the advisory itself says "Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses these vulnerabilities", this warning should not be shown on Jenkins 2.346.1

Reproduction steps

  1. Install Jenkins 2.346.1.
  2. Refresh the plugin listing in the update manager.
  3. Observe the exclamation point shield icon in the page header.
  4. Click the icon to display the warning.
@KalleOlaviNiemitalo KalleOlaviNiemitalo added the triage Incoming issues that need review label Jun 22, 2022
KalleOlaviNiemitalo referenced this issue in jenkins-infra/update-center2 Jun 22, 2022
@daniel-beck
Add warnings for 2022-06-22 security advisory
d02e5ec
@daniel-beck daniel-beck self-assigned this Jun 22, 2022
@daniel-beck daniel-beck mentioned this issue Jun 22, 2022
Merged
@daniel-beck
Copy link

Thanks for letting us know! This should be fixed in ~5 minutes or so. Note that you need to re-request updated metadata (click "Check Now").

@dduportal dduportal added this to the infra-team-sync-2022-06-28 milestone Jun 22, 2022
@dduportal dduportal removed the triage Incoming issues that need review label Jun 22, 2022
@KalleOlaviNiemitalo
Copy link
Author

Clicked it, but the warning is still there.

@dduportal
Copy link
Contributor

Yep, the fix is not available because #3016. Should be fixed soon.

@dduportal dduportal reopened this Jun 22, 2022
@dduportal dduportal mentioned this issue Jun 22, 2022
Closed
@dduportal
Copy link
Contributor

@KalleOlaviNiemitalo
Copy link
Author

Verified, there is no warning now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@daniel-beck daniel-beck

Labels
updateCenter
Projects
None yet
Milestone
infra-team-sync-2022-06-28
Development

Successfully merging a pull request may close this issue.

Do not warn about 2.346.1 for the 2022-06-22 security advisory daniel-beck/update-center2
3 participants
@dduportal @daniel-beck @KalleOlaviNiemitalo