+++ This bug was initially created as a clone of Bug #1861840 +++ +++ This bug was initially created as a clone of Bug #1852331 +++ +++ This bug was initially created as a clone of Bug #1848216 +++ openshift-4 tracking bug for jenkins-2-plugins: see the bugs linked in the "Blocks" field of this bug for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. Impact: Moderate Public Date: 06-May-2020 PM Fix/Wontfix Decision By: 16-Sep-2020 Resolve Bug By: 06-May-2021 In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug. Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9RBqB --- Additional comment from Stephen Cuppett on 2020-06-18 18:30:40 UTC --- Setting to target the z-stream. This isn't due prior to GA and is not a showstopper. --- Additional comment from Jitendar Singh on 2020-06-25 05:44:41 UTC --- jsingh@localhost ~/go/src/github.com/redhat-developer oc get pods NAME READY STATUS RESTARTS AGE jenkins-1-build 0/1 Completed 0 11m jenkins-1-deploy 0/1 Completed 0 2m15s jenkins-1-pm4rl 1/1 Running 0 2m11s jsingh@localhost ~/go/src/github.com/redhat-developer oc rsh jenkins-1-pm4rl sh-4.2$ cat /var/lib/jenkins/plugins/credentials-binding/META-INF/MANIFEST.MF |grep Implementation-Version Implementation-Version: 1.23 sh-4.2$ exit exit ===================================================== VERIFIED --- Additional comment from Yuxiang Zhu on 2020-07-27 08:33:52 UTC --- It doesn't seem to me the latest jenkins-2-plugins-4.5.1595405982-1.el7 RPM include this fix. The linked PR is only for upstream okd build. I think this bug should only be moved to MODIFIED once it is included in ART build.
Moving back to ASSIGNED based on https://issues.redhat.com/browse/OCPPLAN-4693?focusedCommentId=15153829&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15153829
Just tested it with the latest nightly for 4.3 https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1341931 and it has the fix. ================================================== jsingh@localhost ~ oc new-app jenkins-ephemeral -p NAMESPACE=$(oc project -q) -p JENKINS_IMAGE_STREAM_TAG=jenkins-jitsingh:latest --> Deploying template "openshift/jenkins-ephemeral" to project jenkins-test Jenkins (Ephemeral) --------- Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing. A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template. * With parameters: * Jenkins Service Name=jenkins * Jenkins JNLP Service Name=jenkins-jnlp * Enable OAuth in Jenkins=true * Memory Limit=1Gi * Jenkins ImageStream Namespace=jenkins-test * Disable memory intensive administrative monitors=false * Jenkins ImageStreamTag=jenkins-jitsingh:latest * Allows use of Jenkins Update Center repository with invalid SSL certificate=false --> Creating resources ... route.route.openshift.io "jenkins" created deploymentconfig.apps.openshift.io "jenkins" created serviceaccount "jenkins" created rolebinding.authorization.openshift.io "jenkins_edit" created service "jenkins-jnlp" created service "jenkins" created --> Success Access your application via route 'jenkins-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com' Run 'oc status' to view your app. jsingh@localhost ~ oc get pods -w NAME READY STATUS RESTARTS AGE jenkins-1-deploy 0/1 ContainerCreating 0 5s jenkins-1-deploy 0/1 ContainerCreating 0 12s jenkins-1-26nhb 0/1 Pending 0 0s jenkins-1-26nhb 0/1 Pending 0 0s jenkins-1-26nhb 0/1 ContainerCreating 0 0s jenkins-1-deploy 1/1 Running 0 19s jenkins-1-26nhb 0/1 ContainerCreating 0 3s jenkins-1-26nhb 0/1 ContainerCreating 0 11s ^C% ✘ jsingh@localhost ~ oc rsh jenkins-1-26nhb sh-4.2$ cat /var/lib/jenkins/plugins/credentials-binding/META-INF/MANIFEST.MF |grep Implementation-Version Implementation-Version: 1.23 sh-4.2$ % jsingh@localhost ~ oc new-app -f maven.yaml --> Deploying template "jenkins-test/maven-pipeline" for "maven.yaml" to project jenkins-test * With parameters: * Application Name=openshift-jee-sample * Source URL=https://github.com/openshift/openshift-jee-sample.git * Source Ref=master * GitHub Webhook Secret=MKY8cSSRpKqhD3IqGLeeLl0Fc7tO6F2BHV1QKklR # generated * Generic Webhook Secret=1LeK7kIEnm7XxBYlk3J7WtQs2Q7vPceSyFkd3Au1 # generated --> Creating resources ... imagestream.image.openshift.io "openshift-jee-sample" created imagestream.image.openshift.io "wildfly" created buildconfig.build.openshift.io "openshift-jee-sample" created buildconfig.build.openshift.io "openshift-jee-sample-docker" created deploymentconfig.apps.openshift.io "openshift-jee-sample" created service "openshift-jee-sample" created route.route.openshift.io "openshift-jee-sample" created --> Success Use 'oc start-build openshift-jee-sample' to start a build. Use 'oc start-build openshift-jee-sample-docker' to start a build. Access your application via route 'openshift-jee-sample-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com' Run 'oc status' to view your app. jsingh@localhost ~ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD jenkins jenkins-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com jenkins <all> edge/Redirect None openshift-jee-sample openshift-jee-sample-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com openshift-jee-sample 8080-tcp None jsingh@localhost ~ oc start-build openshift-jee-sample build.build.openshift.io/openshift-jee-sample-1 started jsingh@localhost ~ oc get pods -w NAME READY STATUS RESTARTS AGE jenkins-1-26nhb 1/1 Running 0 3m43s jenkins-1-deploy 0/1 Completed 0 4m2s maven-nlg1x 0/1 ContainerCreating 0 1s maven-nlg1x 0/1 ContainerCreating 0 3s maven-nlg1x 0/1 ContainerCreating 0 8s maven-nlg1x 1/1 Running 0 30s maven-nlg1x 1/1 Terminating 0 70s maven-nlg1x 1/1 Terminating 0 71s openshift-jee-sample-docker-1-build 0/1 Pending 0 0s openshift-jee-sample-docker-1-build 0/1 Pending 0 0s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 0s maven-nlg1x 0/1 Terminating 0 72s maven-nlg1x 0/1 Terminating 0 73s maven-nlg1x 0/1 Terminating 0 73s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 2s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 3s openshift-jee-sample-docker-1-build 0/1 Init:1/2 0 4s openshift-jee-sample-docker-1-build 0/1 PodInitializing 0 5s openshift-jee-sample-docker-1-build 1/1 Running 0 6s openshift-jee-sample-docker-1-build 0/1 Completed 0 55s openshift-jee-sample-docker-1-build 0/1 Completed 0 55s openshift-jee-sample-1-deploy 0/1 Pending 0 0s openshift-jee-sample-1-deploy 0/1 Pending 0 0s openshift-jee-sample-1-deploy 0/1 ContainerCreating 0 0s openshift-jee-sample-1-deploy 0/1 ContainerCreating 0 2s openshift-jee-sample-1-deploy 1/1 Running 0 3s openshift-jee-sample-1-skc4k 0/1 Pending 0 0s openshift-jee-sample-1-skc4k 0/1 Pending 0 0s openshift-jee-sample-1-skc4k 0/1 ContainerCreating 0 0s openshift-jee-sample-docker-1-build 0/1 Completed 0 59s openshift-jee-sample-1-skc4k 0/1 ContainerCreating 0 3s openshift-jee-sample-1-skc4k 0/1 ContainerCreating 0 11s openshift-jee-sample-1-skc4k 0/1 Running 0 28s openshift-jee-sample-1-skc4k 1/1 Running 0 64s openshift-jee-sample-1-deploy 0/1 Completed 0 67s openshift-jee-sample-1-deploy 0/1 Completed 0 67s openshift-jee-sample-1-deploy 0/1 Completed 0 74s
Moving to ON_QA considering the recent update on this
VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.3.40 jenkins-2-plugins security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4265