[jbosstools-issues] [JBoss JIRA] (JBDS-4613) devstudio CVE vulnerabilities increasing
Nick Boldt (JIRA)
issues at jboss.org
Thu Oct 26 09:24:00 EDT 2017
[ https://issues.jboss.org/browse/JBDS-4613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Boldt updated JBDS-4613:
-----------------------------
Description:
The list of CVE vulnerabilities has been steadily increasing in both 3rd party deps and even some org.jboss.tools plugins since Jan 2017.
Is it time to do something about this, or should we just keep logging the volume of problems?
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report/lastBuild/dependency-check-jenkins-pluginResult/ - *2658 warnings*
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/ - *1508 warnings*
was:
The list of CVE vulnerabilities has been steadily increasing. Is it time to do something about this, or should we just keep logging the volume of problems?
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report/lastBuild/dependency-check-jenkins-pluginResult/ - *2658 warnings*
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/ - *1508 warnings*
> devstudio CVE vulnerabilities increasing
> ----------------------------------------
>
> Key: JBDS-4613
> URL: https://issues.jboss.org/browse/JBDS-4613
> Project: Red Hat JBoss Developer Studio (devstudio)
> Issue Type: Bug
> Components: 3rd-party-certification, 3rd-party-dependencies, upstream
> Affects Versions: 11.1.0.GA
> Reporter: Nick Boldt
> Assignee: Jeff MAURY
> Fix For: 11.x
>
>
> The list of CVE vulnerabilities has been steadily increasing in both 3rd party deps and even some org.jboss.tools plugins since Jan 2017.
> Is it time to do something about this, or should we just keep logging the volume of problems?
> https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report/lastBuild/dependency-check-jenkins-pluginResult/ - *2658 warnings*
> https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/ - *1508 warnings*
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jbosstools-issues
mailing list