Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.jenkins-ci.plugins:plain-credentials to v183 [SECURITY] #33

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency org.jenkins-ci.plugins:plain-credentials to v183 [SECURITY] #33

wants to merge 1 commit into from

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Sep 26, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.jenkins-ci.plugins:plain-credentials 1.2 -> 183.va_de8f1dd5a_2b_ age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-39459

When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content will be stored unencrypted (only Base64 encoded) on the Jenkins controller file system.

These credentials can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

Plain Credentials Plugin 183.va_de8f1dd5a_2b_ no longer attempts to decrypt the content of the file when creating secret file credentials.

Release Notes

jenkinsci/plain-credentials-plugin (org.jenkins-ci.plugins:plain-credentials)

v183.va_de8f1dd5a_2b_

Compare Source

🔒 Security

📦 Dependency updates

  • Update BOM from bom-2.361.x version 2102.v854b_fec19c92 to bom-2.426.x version 2961.v1f472390972e
  • Require Credentials plugin 1344.v5a_3f65a_1e173 to support the SECURITY-2495 fix.

v182.v468b_97b_9dcb_8

Compare Source

👷 Changes for plugin developers

📦 Dependency updates

v179.vc5cb_98f6db_38

Compare Source

👷 Changes for plugin developers

v177.vb_231f25527e7

Compare Source

👷 Changes for plugin developers

📦 Dependency updates

v143.v1b_df8b_d3b_e48

Compare Source

🚀 New features and improvements

v139.ved2b_9cf7587b

👷 Changes for plugin developers

👻 Maintenance

v1.7

Changelog moved to GitHub Releases

v1.6

  • Chore: Remove trilead from credentials test

v1.5

v1.4

  • Fix an NPE when uploading a secret file and logging is at level FINE
    or lower

v1.3

  • JENKINS-36432 follow-up Switch to SecretBytes based storage of file
    credentials. (PR
    #​6    {.external-link})

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot