security: provide remediation version filtering for 1.0 and 1.1 of thycotic-devops-secrets-vault

[sheldonhull]

Remediation was done in past but failed to publish.

Remediation done with latest release using newer CD/versioning process documented here so narrowing the scope of the warnings to just 1.0 and 1.1 should remove this this security warning from reporting on the later versions of the plugin.

The changes to support remediation were made on https://github.com/jenkinsci/thycotic-devops-secrets-vault-plugin/pull/9/files

[daniel-beck]

Thanks. We'll confirm the issue is fixed and if so, merge the PR.

[sheldonhull]

Any general timeframe for this review process? Was asked to followup and get an idea so users don't continue to see that warning banner when the release should have fixed it. Be sure to let me know if we missed something 👍. Cheers

[yaroslavafenkin]

Hi @sheldonhull,

I've had a look at the correction. Let's follow up in JIRA on the corresponding security ticket, I've added a comment with my summary there.

[daniel-beck]

@sheldonhull Are you able to access SECURITY-3078? We haven't received a response from you there yet.

[sheldonhull]

@sheldonhull Are you able to access SECURITY-3078? We haven't received a response from you there yet.

Please link. I have no idea how to access and couldn’t find when I searched. Cheers

[daniel-beck]

@sheldonhull https://issues.jenkins.io/browse/SECURITY-3078; you need to use the thycotic_dsv account.

[daniel-beck]

@sheldonhull Ping :)

[daniel-beck]

Closing this after >1 yr of inactivity as housekeeping. You're welcome to follow up via Jira.