Mark SECURITY-3590 as also fixed in Git Client Plugin 6.2.1 and 6.1.4#887
Merged
Kevin-CB merged 2 commits intojenkins-infra:masterfrom Sep 5, 2025
Conversation
https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590 is fixed by backporting the changes from Git Client Plugin 6.3.3 Backport from commit 20090a86c3ebc72e5283c882de73e3a4459137bb Git Client Plugin 6.2.1 also includes fixes to support command line git 2.51.0. Those changes were originally from pull requests: * jenkinsci/git-client-plugin#1326 * jenkinsci/git-client-plugin#1327 Fixed by pull request: * jenkinsci/git-client-plugin#1332 Testing done: I've run interactive tests with Git Client Plugin 6.2.1 incremental build and found no issues.
MarkEWaite
added
the
metadata
MarkEWaite
added
the
metadata
Contributor
Author
|
I've made a mistake. The change for plugin BOM line 2.492.x needs to be on Git Client Plugin 6.1.x, not 6.2.x. I've placed this pull request into draft mode while I make that correction. |
https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590 is fixed by backporting the changes from Git Client Plugin 6.3.3 Backport from commit 20090a86c3ebc72e5283c882de73e3a4459137bb Git Client Plugin 6.1.4 also includes fixes to support command line git 2.51.0. Those changes were originally from pull requests: * jenkinsci/git-client-plugin#1326 * jenkinsci/git-client-plugin#1327 Fixed by pull request: * jenkinsci/git-client-plugin#1333 Testing done: I've run interactive tests with a Git Client Plugin 6.1.4 development build and found no issues. Details are described in pull request: * jenkinsci/git-client-plugin#1333
Contributor
Author
|
Mistake is corrected and this pull request has been updated to note that 6.1.4 includes the fix for SECURITY-3590 as well. |
MarkEWaite
changed the title
Kevin-CB
approved these changes
Sep 5, 2025
Contributor
Kevin-CB
left a comment
Kevin-CB
left a comment
There was a problem hiding this comment.
I reviewed the regex, it looks correct
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mark SECURITY-3590 as also fixed in Git Client Plugin 6.2.1 and 6.1.4
SECURITY-3590 is fixed by backporting the changes from Git Client Plugin 6.3.3
Backport from commit 20090a86c3ebc72e5283c882de73e3a4459137bb
Git Client Plugin 6.2.1 and 6.1.4 also include fixes to support command line git 2.51.0. Those changes were originally from pull requests:
Fixed in 6.2.1 by pull request:
Fixed in 6.1.4 by pull request
Testing done
I've run interactive tests with the Git Client Plugin 6.2.1 incremental build and with the Git Client Plugin 6.1.4 development build and found no issues.