You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Stepping handlebars library to 4.3.1 and using that in git-changelog-lib.
Releasing that as 1.168.4 and using it in this plugin as 3.24.
(Relates to jknack/handlebars.java#1009)
Jenkins and plugins versions report
Environment
What Operating System are you using (both controller, and any agents involved in the problem)?
Windows 2012 Server
Reproduction steps
From Wizscan, this plugin has handlebars-4.3.0.jar, which exposes the Apache Commons Text security issue:
https://www.imperva.com/blog/apache-commons-text-vulnerability-cve-2022-42889/
Expected Results
Use apache-commons-text version 1.10.0.
Actual Results
Apache-commons-text version is 1.6.0
Anything else?
No response
The text was updated successfully, but these errors were encountered: