-
Zen Fu authored
Jenkins is reporting a vulnerability for a version that is older than we are currently using (2.2.1): Exposure of sensitive build variables stored by EnvInject 1.90 and earlier https://jenkins.io/security/advisory/2018-02-26/#SECURITY-248 But I'm upgrading anyway because it feels good to be up to date. I've checked in these pages that dependencies don't change: https://plugins.jenkins.io/envinject/ https://plugins.jenkins.io/envinject-api/ I've looked at the changelogs: https://github.com/jenkinsci/envinject-plugin/releases/tag/envinject-2.3.0 https://github.com/jenkinsci/envinject-api-plugin/commits/envinject-api-1.7 I think upgrading should cause no harm.
b4d4b97f