On Monday, August 29, 2022 at 11:20:25 AM UTC-8 you wrote:
> There is a STored XSS vulnerability for the JDK Parameter plugin.We use > this plugin to specify the JDK version for our Builds compilation. Is there > any plans to upgrade the plugin or can I use the any other plugin ? TIA The JDK parameter plugin <https://plugins.jenkins.io/JDK_Parameter_Plugin/> was last released 9 years ago. There have only been three pull requests to the plugin since the 1.0 release 9 years ago. I've seen no mention from anyone of any plan to fix that vulnerability or to modernize the plugin. If the plugin matters to your employer, you could ask your employer to allow you or one of your colleagues to maintain the plugin. That would meet your need for the plugin and would help the other 4000+ installations of the plugin. A five part video series on modernizing a Jenkins plugin <https://www.youtube.com/watch?v=Fev8KfFsPZE> is available. There is also a 3 part video series that illustrates how to fix a security vulnerability <https://www.youtube.com/watch?v=D-b9WWx1Xes>. If you prefer a written tutorial, see the "Modernizing a Jenkins plugin" <https://docs.google.com/document/d/1PKYIpPlRVGsBqrz0Ob1Cv3cefOZ5j2xtGZdWs27kLuw/edit?usp=sharing>google doc. Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/360900ca-d0f9-4f6b-a00e-1dc6d3dfc65dn%40googlegroups.com.
