jenkins.io icon indicating copy to clipboard operation
jenkins.io copied to clipboard

Published 20 hours ago verified publisher icon jenkins-infra

Adding details about CVEs in third party dependencies

Open Wadeck opened this issue 2 years ago • 5 comments

As the reporting of CVEs is a recurrent topic within the security team, I would like to clarify our standpoint.

Wadeck avatar Jan 20 '23 11:01 Wadeck

Quickly addressed the merge conflicts I introduced.

NotMyFault avatar Mar 07 '23 10:03 NotMyFault

Hi @daniel-beck, I wanted to follow up and see if your concerns were addressed with the updates that have been made. If not, what could be changed to provide the right messaging?

kmartens27 avatar Apr 06 '23 15:04 kmartens27

I liked the phrasing of this enough to quote it in a community.jenkins.io post.

MarkEWaite avatar Apr 08 '23 12:04 MarkEWaite

Pending a conversation with Wadeck we've been postponing repeatedly since January…

daniel-beck avatar Apr 12 '23 19:04 daniel-beck

Please take a moment and address the merge conflicts of your pull request. Thanks!

github-actions[bot] avatar Mar 15 '24 22:03 github-actions[bot]