Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-69905] Backport SECURITY-2824 for Jenkins 2.332.x users #622

Merged
merged 1 commit into from
Nov 7, 2022
Merged

[JENKINS-69905] Backport SECURITY-2824 for Jenkins 2.332.x users #622

merged 1 commit into from
Nov 7, 2022

Conversation

dwnusbaum
Copy link
Member

@dwnusbaum dwnusbaum commented Nov 7, 2022
edited
Loading

See JENKINS-69905 and 1af77ff. Because script-security only requires Jenkins 2.332.1, users running Jenkins 2.332.x who install script-security and workflow-cps from the plugin manager will end up with incompatible versions (script-security will have the SECURITY-2824 fix, but workflow-cps will not). There is not currently an easy way to directly control the version of script-security offered to 2.332.x users (so that we could offer them the most recent version without the SECURITY-2824 fix), so instead we decided to just backport the SECURITY-2824 changes to the last version of workflow-cps that supports 2.332.x.

In retrospect, we should have bumped the minimum supported Jenkins version in script-security to 2.346.1 as part of the fix for SECURITY-2824 to avoid this kind of issue.

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@dwnusbaum
[SECURITY-2824]
5919406 
(cherry picked from commit 1af77ff)
@dwnusbaum dwnusbaum requested review from daniel-beck and a team November 7, 2022 17:32
jtnord
jtnord approved these changes Nov 7, 2022
View reviewed changes
Copy link
Member

@jtnord jtnord left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks reasonable have not tested or done a diff comparison.

@dwnusbaum dwnusbaum merged commit dae3f07 into jenkinsci:2729.x Nov 7, 2022
@dwnusbaum dwnusbaum deleted the JENKINS-69905 branch November 7, 2022 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtnord jtnord jtnord approved these changes

@daniel-beck daniel-beck Awaiting requested review from daniel-beck

Assignees
No one assigned
Labels
maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dwnusbaum @jtnord