[jbosstools-issues] [JBoss JIRA] (JBIDE-24540) Remove Openshift 2 tooling.
Nick Boldt (JIRA)
issues at jboss.org
Wed Jun 14 11:23:01 EDT 2017
[ https://issues.jboss.org/browse/JBIDE-24540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13421299#comment-13421299 ]
Nick Boldt commented on JBIDE-24540:
------------------------------------
Another reason to stop providing tooling for Openshit 2 is that it contains 4 year old CVE vulnerabilities:
{quote}
Recently, [Nick] was asked to produce CVE vulnerability reports for devstudio.
Here's the latest report:
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job/devstudio.cve.report/43/dependency-check-jenkins-pluginResult/HIGH/
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job/devstudio.cve.report/43/dependency-check-jenkins-pluginResult/NORMAL/
Digging deeper, here's an example of 5 issues in openshift.express.client plugin v3.4.
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job/devstudio.cve.report/43/dependency-check-jenkins-pluginResult/HIGH/package.-526681003/
If you click the CVEs tab, you'll note that these vulnerabilities were reported as long ago as 2013. Here's the oldest one for example:
https://nvd.nist.gov/vuln/detail/CVE-2013-2186#vulnDescriptionTitle{quote}
> Remove Openshift 2 tooling.
> ---------------------------
>
> Key: JBIDE-24540
> URL: https://issues.jboss.org/browse/JBIDE-24540
> Project: Tools (JBoss Tools)
> Issue Type: Task
> Components: openshift
> Affects Versions: 4.5.0.AM1
> Reporter: Radim Hopp
>
> End of support of Openshift 2 was in December 2016 [1]
> There was a mail thread back in November/December 2016, where Todd stated, that Devstudio 11 would be the right release for dropping Openshift 2 support from Tools/Devstudio [2][3].
> Should we get PM/PgM approval once again just to be sure we are OK with removing Openshift 2 tooling from Tools/Devstudio?
> [1] https://access.redhat.com/support/policy/updates/openshift/
> [2] http://post-office.corp.redhat.com/archives/devtools-program/2016-November/msg00028.html
> [3] http://post-office.corp.redhat.com/archives/devtools-program/2016-December/msg00002.html
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jbosstools-issues
mailing list