Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] keeping JIPP up to date

On Fri, Mar 9, 2018 at 1:20 AM, Jonah Graham <jonah@xxxxxxxxxxxxxxxx> wrote:
Hi folks,

Who should be keeping JIPPs up to date? Should I be doing that for
CDT, or does Eclipse Webmaster handle this kind of update?

On the CDT JIPP I have some warnings (under a big red 2 in the top right).

New version of Jenkins (2.89.4) is available for download (changelog).
Warnings have been published for the following currently installed components:

Jenkins 2.89.3 core and libraries:

Multiple security vulnerabilities in Jenkins 2.106 and earlier, and
LTS 2.89.3 and earlier

Git plugin 3.7.0:

Users without Overall/Read are able to access lists of user names and node names

promoted builds plugin 2.31:

Unauthorized users are able to run some promotion processes

Gerrit Trigger 2.26.2:

Unauthorized access to some Gerrit Trigger server configuration
Unauthorized users were able to change Gerrit Trigger server configuration

I have seen same for Linux Tools and did the update myself. No idea whether this is the recommended way to handle it though. It would be nice to get webmaster statement on it.


Jonah Graham
Kichwa Coders Ltd.
cbi-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Alexander Kurtakov
Red Hat Eclipse Team

Back to the top