fix(deps): update dependency org.jenkins-ci.plugins.workflow:workflow-support to v2.18 [security] #5021
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
3 times, most recently
from
80def24 to
2a5604b
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
7 times, most recently
from
e90d42b to
a9d4794
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
7 times, most recently
from
0239f99 to
a4975d6
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
2 times, most recently
from
7e62e9b to
9166d35
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
8 times, most recently
from
103148b to
b62bd81
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
2 times, most recently
from
0a4081a to
ccd6681
Compare
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
d75c57c to
f5bbadb
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
f5bbadb to
7521118
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
7521118 to
e92b2f2
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
e92b2f2 to
6b298f8
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
6b298f8 to
f3bd620
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
f3bd620 to
e4b7f16
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
e4b7f16 to
1d64adc
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
1d64adc to
b23b2e4
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
b23b2e4 to
fc41840
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
fc41840 to
ad4fa1c
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
ad4fa1c to
65a7881
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
65a7881 to
0bf7e2a
Compare
|
/it-go |
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
0bf7e2a to
572d099
Compare
|
/it-go |
…-support to v2.18 [security]
renovate
bot
force-pushed
the
renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability
branch
from
572d099 to
1e0c777
Compare
|
/it-go |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.13->2.18GitHub Vulnerability Alerts
CVE-2018-1000058
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.
Release Notes
jenkinsci/workflow-support-plugin (org.jenkins-ci.plugins.workflow:workflow-support)
v2.18Release date: 2018-02-05
issue
v2.17Release date: 2018-01-22
granular control of when/how they write to disk
(JENKINS-47172)
attached before being written (cuts writes ~1/2 or more)
storage
(JENKINS-47173)
bulk streaming read/writes, and faster access.
see Jenkins documentation for Pipeline Scalability for what you
need to enable this.
XStream Aliases
(JENKINS-49084)
size-on-disk (and data written) by about 30%
version CANNOT be read by older versions of this plugin
serialization
interrupt threads and notes that this is happening
(PR#48)
(JENKINS-31576)
break Pipeline
Timeout utility: ensure that the timeout threadpool cannot be
lazy-initialized with a GroovyClassloader as its contextClassloader
v2.16Release date: 2017-10-13
a default implementation of StepExecution.stop
for debugging
v2.15Release date: 2017-09-26
Integrate patched version of JBoss Marshalling with better
diagnostics
/
JENKINS-45553
Massively improve performance of pipeline with numerous parallel
branches by using the new isActive API from workflow-api 2.22.
followup: Add an arguments column to the FlowGraphTable display
Fix Environment Variables Handling: Include AbstractBuild Env vars
in build variables
getChangeSets
- #41
v2.14Release date: 2017-03-31
Make
currentBuild.durationwork.Added a
currentResultproperty andresultIsBetterOrEqualTo/resultIsWorseOrEqualTomethods tocurrentBuildand the returnvalue of
build.Speedup of log-related code run when adding a new step when using a
massive number of
parallelbranches.JENKINS-26137.
JENKINS-42556:
tolerate errors encountered when printing progress of build
resumption tasks.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.