-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require Jenkins 2.426.3 or newer #1581
Merged
MarkEWaite
merged 9 commits into
jenkinsci:master
from
MarkEWaite:require-jenkins-2.426.x-or-newer
May 7, 2024
Merged
Require Jenkins 2.426.3 or newer #1581
MarkEWaite
merged 9 commits into
jenkinsci:master
from
MarkEWaite:require-jenkins-2.426.x-or-newer
May 7, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://stats.jenkins.io/pluginversions/git.html shows that 82% of the 125k installations of the 5.2.1 release (most recent, 6 months old) are already running 2.426.3 or newer. https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 was published in Jan 2024 and strongly recommends that users upgrade to 2.426.3 or newer.
Removes the dependency on project-inheritance. Previous releases resolved the security issue that was still open in 3.11.
MarkEWaite
added
the
chore
Reduces maintenance effort by changes not directly visible to users
label
May 5, 2024
MarkEWaite
added a commit
to MarkEWaite/bom
that referenced
this pull request
May 5, 2024
Also tests git client plugin upgrade to require Jenkins 2.426.3 or newer Evaluates two pending pull requests: * jenkinsci/git-client-plugin#1129 * jenkinsci/git-plugin#1581
892.vd6219fc0a_efb was released 2 years ago. Over 50% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb. Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130. Upgrading to 892.vd6219fc0a_efb will fix that issue for users. https://stats.jenkins.io/pluginversions//promoted-builds.html shows that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. Attempts to update that optional dependency to the most recent release have shown consistent failures in the plugin bill of materials. * jenkinsci/bom#3170 * jenkinsci/bom#2809 This likely needs to be combined with the parameterized trigger plugin upgrade of the same dependency to the same version. Refer to * jenkinsci/parameterized-trigger-plugin#378 Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb - [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Require Jenkins 2.426.3 or newer
Plugin installation statistics show that 82% of the 125k installations of the 5.2.1 release (most recent, 6 months old) are already running 2.426.3 or newer.
SECURITY-3414 was published in Jan 2024 and strongly recommends that users upgrade to 2.426.3 or newer.
Also updates test dependency on promoted-builds plugin to a newer version that matches with the dependency version in the parameterized trigger plugin master branch and with the version of the test dependency in the maven integration plugin.
Checklist
Types of changes
What types of changes does your code introduce?