New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SECURITY-2394] Prevent XXE #205
Conversation
@artem-fedorov When do you plan to make a release with that fix? |
@daniel-beck can you file a release to get this security fix released? |
I am not a maintainer, never have been. |
I know, but you created a security fix related release in the past. So i thought you can do it again. |
Any update on releasing this? |
I am waiting for the release too. Please do it. |
A JIRA issue has been logged requesting that this fix be released... JENKINS-69026 |
+1 |
@basil this CVE was patched 8 months ago but people are still waiting for a release... |
I am not a maintainer of this plugin. See this page. |
@artem-fedorov @manolo Hi Artem and Manuel, I saw you were maintainers on Jenkins.io. Could you please create a new release for this which includes the XXE fix? Thanks! |
@a-st , thank you very much for talking care of the release that addreses the vulnerability. However, as I have documented on JENKINS-69026, Jenkins is still warning that the vulnerability is still present. |
@msymons You're welcome! There's a PR pending (jenkins-infra/update-center2#683) which will take care of removing the warning. |
Potential fix for XXE vulnerability in Performance Plugin (SECURITY-2394 / CVE-2021-21701)