Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update jenkins versions to fix CVE #3549

Closed
wants to merge 1 commit into from
Closed

Update jenkins versions to fix CVE #3549

wants to merge 1 commit into from

Conversation

zelinh
Copy link
Member

@zelinh zelinh commented May 23, 2023

Description

Update jenkins versions to fix CVE. Let's see how mend catchs them..

Issues Resolved

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@zelinh
Update dependencies versions to fix CVE
8296774 
Signed-off-by: Zelin Hao <zelinhao@amazon.com>
@codecov
Copy link

codecov bot commented May 23, 2023
edited
Loading

Codecov Report

Merging #3549 (8296774) into main (c2e8594) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #3549   +/-   ##
=======================================
  Coverage   91.48%   91.48%           
=======================================
  Files         181      181           
  Lines        5369     5369           
=======================================
  Hits         4912     4912           
  Misses        457      457

gaiksaya
gaiksaya requested changes May 23, 2023
View reviewed changes
build.gradle
@@ -59,8 +59,8 @@ sourceSets {
}

sharedLibrary {
coreVersion = '2.387.1' // https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-core/
testHarnessVersion = '1934.v90a_c07cf5b_21' // https://mvnrepository.com/artifact/org.jenkins-ci.main/jenkins-test-harness?repo=jenkins-releases
coreVersion = '2.401' // https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-core/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not want to upgrade this version and keep in sync with what we are using as our CI system on https://build.ci.opensearch.org/

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gaiksaya Then shall we upgrade the versions there as well? I'm seeing critical CVEs in this jenkins core version though. #3455

Copy link
Member

@gaiksaya gaiksaya May 23, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah those have not been cleared up with most recent version as well I believe.

@zelinh
Copy link
Member Author

zelinh commented May 24, 2023

Closing this PR for now.

@zelinh zelinh closed this May 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gaiksaya gaiksaya gaiksaya requested changes

@dblock dblock Awaiting requested review from dblock

@peterzhuamazon peterzhuamazon Awaiting requested review from peterzhuamazon peterzhuamazon is a code owner

@bbarani bbarani Awaiting requested review from bbarani

@rishabh6788 rishabh6788 Awaiting requested review from rishabh6788 rishabh6788 is a code owner

@jordarlu jordarlu Awaiting requested review from jordarlu

@prudhvigodithi prudhvigodithi Awaiting requested review from prudhvigodithi prudhvigodithi is a code owner

@Divyaasm Divyaasm Awaiting requested review from Divyaasm Divyaasm is a code owner

@tianleh tianleh Awaiting requested review from tianleh tianleh is a code owner

Assignees
No one assigned
Labels
distinguished-contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zelinh @gaiksaya