Branch: refs/heads/master
Home: https://github.com/jenkinsci/purge-job-history-plugin
Commit: c5b2d91d9beaacb57c39262b9ff5eda8a3afd8ed
https://github.com/jenkinsci/purge-job-history-plugin/commit/c5b2d91d9beaacb57c39262b9ff5eda8a3afd8ed
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Date: 2024-11-17 (Sun, 17 Nov 2024)
Changed paths:
M pom.xml
Log Message:
-----------
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 (#26)
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.
Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSS: 8.1
Detection: CodeQL & OpenRewrite
(https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8
Detection: CodeQL
(https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) &
OpenRewrite
(https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8
Use this link to re-run the recipe:
https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D
Co-authored-by: Moderne <t...@moderne.io>
To unsubscribe from these emails, change your notification settings at
https://github.com/jenkinsci/purge-job-history-plugin/settings/notifications
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/purge-job-history-plugin/push/refs/heads/master/edaa4d-c5b2d9%40github.com.
