[jbosstools-issues] [JBoss JIRA] (JBIDE-24540) Remove Openshift 2 tooling.

Nick Boldt (JIRA) issues at jboss.org
Wed Jun 14 11:23:01 EDT 2017 

    [ https://issues.jboss.org/browse/JBIDE-24540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13421299#comment-13421299 ] 

Nick Boldt commented on JBIDE-24540:
------------------------------------

Another reason to stop providing tooling for Openshit 2 is that it contains 4 year old CVE vulnerabilities:

{quote}
Recently, [Nick] was asked to produce CVE vulnerability reports for devstudio.

Here's the latest report:

https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job/devstudio.cve.report/43/dependency-check-jenkins-pluginResult/HIGH/
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job/devstudio.cve.report/43/dependency-check-jenkins-pluginResult/NORMAL/

Digging deeper, here's an example of 5 issues in openshift.express.client plugin v3.4.

https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job/devstudio.cve.report/43/dependency-check-jenkins-pluginResult/HIGH/package.-526681003/

If you click the CVEs tab, you'll note that these vulnerabilities were reported as long ago as 2013. Here's the oldest one for example:

https://nvd.nist.gov/vuln/detail/CVE-2013-2186#vulnDescriptionTitle{quote}

> Remove Openshift 2 tooling.
> ---------------------------
>
>                 Key: JBIDE-24540
>                 URL: https://issues.jboss.org/browse/JBIDE-24540
>             Project: Tools (JBoss Tools)
>          Issue Type: Task
>          Components: openshift
>    Affects Versions: 4.5.0.AM1
>            Reporter: Radim Hopp
>
> End of support of Openshift 2 was in December 2016 [1]
> There was a mail thread back in November/December 2016, where Todd stated, that Devstudio 11 would be the right release for dropping Openshift 2 support from Tools/Devstudio [2][3].
> Should we get PM/PgM approval once again just to be sure we are OK with removing Openshift 2 tooling from Tools/Devstudio?
> [1] https://access.redhat.com/support/policy/updates/openshift/
> [2] http://post-office.corp.redhat.com/archives/devtools-program/2016-November/msg00028.html
> [3] http://post-office.corp.redhat.com/archives/devtools-program/2016-December/msg00002.html



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jbosstools-issues mailing list