Branch: refs/heads/master Home: https://github.com/jenkinsci/jenkins Commit: 31974d3c1a29dce2b6383778bdc6de08ef2b39d9 https://github.com/jenkinsci/jenkins/commit/31974d3c1a29dce2b6383778bdc6de08ef2b39d9 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2023-02-06 (Mon, 06 Feb 2023)
Changed paths: M war/pom.xml Log Message: ----------- Update bundled Apache Mina-sshd plugins (#7623) Embed Apache mina sshd plugins 2.9.2 (common and core) Update `sshd-common` plugin and `sshd-core` plugin from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a Changelog https://github.com/apache/mina-sshd/blob/master/docs/changes/2.9.2.md links to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047 Unsafe deserialization in SimpleGeneratorHostKeyProvider Jenkins core does not reference the SimpleGeneratorHostKeyProvider class. It is referenced from sshd plugin at https://github.com/jenkinsci/sshd-plugin/blob/251d59011530b4d3a4db4a3e6ee8f076c61c3bfe/src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java#L162 Users can upgrade the plugin themselves during installation but it is easier if we bundle the updated plugin version with new releases rather than requiring that the user perform the update. -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/jenkins/push/refs/heads/master/273583-31974d%40github.com.