Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible CVE fixes by Jenkins core upgrade #3727

Open
jordarlu opened this issue Jul 12, 2023 · 6 comments
Open

Possible CVE fixes by Jenkins core upgrade #3727

jordarlu opened this issue Jul 12, 2023 · 6 comments
Labels
enhancement New Enhancement

Comments

@jordarlu
Copy link
Contributor

jordarlu commented Jul 12, 2023
edited
Loading

Is your feature request related to a problem? Please describe

This is a consolidated issue to aggregate all CVEs that could be resolved by next Jenkins core upgrade
The list could be updated accordingly...

#3338 - spring-expression-5.3.24.jar
#3396 - spring-expression-5.3.24.jar
#3672 - jenkins-core-2.387.1.jar
#3673 - guava-31.1-jre.jar
#3832 - jenkins-core-2.387.1.jar
#4082 - jenkins-core-2.387.1.jar
#4081 - jenkins-core-2.387.1.jar
#4080 - jenkins-core-2.387.1.jar
#4078 - jenkins-core-2.387.1.jar
#4077 - jenkins-core-2.387.1.jar
#4406 - jenkins-core-2.387.1.jar
#4404 - jenkins-core-2.387.1.jar
#4589 - jenkins-core-2.387.1.jar
#4630 - jenkins-core-2.387.1.jar

Describe the solution you'd like

Next Jenkins core upgrade https://www.jenkins.io/changelog/

Determine the breaking changes with respect to jenkins as well as all its plugins in use.
See opensearch-project/opensearch-ci#333 for details on upgrade cycle.

Describe alternatives you've considered

No response

Acceptance Criteria

  • Jenkins should retain all previous data
  • Jenkins should be upgraded to a newer version
  • Upgrade jenkis core version in all build.gradle files to resolve the CVEs
  • Track new CVEs related to new upgraded version
@jordarlu jordarlu added enhancement New Enhancement untriaged Issues that have not yet been triaged labels Jul 12, 2023
@jordarlu
Copy link
Contributor Author

@peterzhuamazon @gaiksaya

@peterzhuamazon
Copy link
Member

Thanks Jeff.

@jordarlu jordarlu removed the untriaged Issues that have not yet been triaged label Jul 17, 2023
@jordarlu jordarlu changed the title CVE fix by Jenkins core upgrade Possible CVE fixes by Jenkins core upgrade Aug 28, 2023
@jordarlu
Copy link
Contributor Author

Updating the possible CVE fixes list in case description by upgrading the Jenkins Core to the latest version.

@peterzhuamazon
Copy link
Member

Need to also upgrade the Jenkins with monitoring plugin:

@rishabh6788
Copy link
Collaborator

Plan to add monitoring plugin in the week of 25th-Sept.
cc: @peterzhuamazon @prudhvigodithi

@jordarlu
Copy link
Contributor Author

list has been updated

@jordarlu jordarlu mentioned this issue Feb 7, 2024
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New Enhancement
Projects
OpenSearch Engineering Effectiveness
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rishabh6788 @peterzhuamazon @jordarlu