Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: provide remediation version filtering for 1.0 and 1.1 of thycotic-devops-secrets-vault #698

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

security: provide remediation version filtering for 1.0 and 1.1 of thycotic-devops-secrets-vault #698

wants to merge 1 commit into from

Conversation

sheldonhull
Copy link

@sheldonhull sheldonhull commented Apr 18, 2023
edited

Remediation was done in past but failed to publish.

Remediation done with latest release using newer CD/versioning process documented here so narrowing the scope of the warnings to just 1.0 and 1.1 should remove this this security warning from reporting on the later versions of the plugin.

The changes to support remediation were made on https://github.com/jenkinsci/thycotic-devops-secrets-vault-plugin/pull/9/files

@sheldonhull
security: note remediation after version 1.0/1.1
ee2bfc3 
- Remediation was done in past but failed to publish.

Remediation done with latest release using newer CD/versioning process documented here: https://github.com/jenkinsci/thycotic-devops-secrets-vault-plugin/releases/tag/67.v9d3c184cf594
@daniel-beck daniel-beck self-assigned this Apr 18, 2023
@daniel-beck daniel-beck added the metadata This PR only changes metadata (suspensions, labels, etc.) label Apr 18, 2023
@daniel-beck
Copy link
Contributor

Thanks. We'll confirm the issue is fixed and if so, merge the PR.

@daniel-beck daniel-beck added the on-hold This PR is on hold, typically because of a dependency to another change or event. label Apr 18, 2023
@sheldonhull
Copy link
Author

Any general timeframe for this review process? Was asked to followup and get an idea so users don't continue to see that warning banner when the release should have fixed it. Be sure to let me know if we missed something 👍. Cheers

@yaroslavafenkin
Copy link
Contributor

Hi @sheldonhull,

I've had a look at the correction. Let's follow up in JIRA on the corresponding security ticket, I've added a comment with my summary there.

@daniel-beck daniel-beck removed their assignment Jun 27, 2023
@daniel-beck
Copy link
Contributor

@sheldonhull Are you able to access SECURITY-3078? We haven't received a response from you there yet.

@sheldonhull
Copy link
Author

@sheldonhull Are you able to access SECURITY-3078? We haven't received a response from you there yet.

Please link. I have no idea how to access and couldn’t find when I searched. Cheers

@daniel-beck
Copy link
Contributor

@sheldonhull https://issues.jenkins.io/browse/SECURITY-3078; you need to use the thycotic_dsv account.

@daniel-beck
Copy link
Contributor

@sheldonhull Ping :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
metadata This PR only changes metadata (suspensions, labels, etc.) on-hold This PR is on hold, typically because of a dependency to another change or event.
Projects
None yet
Milestone
No milestone
3 participants
@sheldonhull @daniel-beck @yaroslavafenkin