Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

In the security warnings popup, show recommended actions #7046

Merged
merged 4 commits into from
Sep 12, 2022
Merged

In the security warnings popup, show recommended actions #7046

merged 4 commits into from
Sep 12, 2022

Conversation

daniel-beck
Copy link
Member

@daniel-beck daniel-beck commented Aug 31, 2022
edited
Loading

This adds information about the (un)availability of fixes to the security warning popup.

The warnings are changed into an inner class to have a reference to the related update site to check whether an update fixing the issue is being offered. We're not bothering with understanding the semantics of plugin updates offered across different update sites here, which might be the correct thing to do or not, unsure. I expect this is very unusual, so we have very little data to reason about the optimal behavior, and it's probably not worth the time either.

Screenshot:

Before

Screenshot 2022-08-31 at 13 57 12

After

Screenshot 2022-08-31 at 13 53 12

Proposed changelog entries

  • Show recommended actions (e.g., to update affected plugins) in security warnings popup.

Proposed upgrade guidelines

N/A

Submitter checklist

  • (If applicable) Jira issue is well described
  • Changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developer, depending on the change) and are in the imperative mood. Examples
    • Fill-in the Proposed changelog entries section only if there are breaking changes or other changes which may require extra steps from users during the upgrade
  • Appropriate autotests or explanation to why this change has no tests
  • New public classes, fields, and methods are annotated with @Restricted or have @since TODO Javadoc, as appropriate.
  • New deprecations are annotated with @Deprecated(since = "TODO") or @Deprecated(forRemoval = true, since = "TODO") if applicable.
  • New or substantially changed JavaScript is not defined inline and does not call eval to ease future introduction of Content-Security-Policy directives (see documentation on jenkins.io).
  • For dependency updates: links to external changelogs and, if possible, full diffs

Desired reviewers

@mention

Maintainer checklist

Before the changes are marked as ready-for-merge:

  • There are at least 2 approvals for the pull request and no outstanding requests for change
  • Conversations in the pull request are over OR it is explicit that a reviewer does not block the change
  • Changelog entries in the PR title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood
  • Proper changelog labels are set so that the changelog can be generated automatically
  • If the change needs additional upgrade steps from users, upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the PR title. (example)
  • If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).

@daniel-beck daniel-beck added rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted squash-merge-me Unclean or useless commit history, should be merged only with squash-merge labels Aug 31, 2022
Wadeck
Wadeck approved these changes Sep 2, 2022
View reviewed changes
Copy link
Contributor

@Wadeck Wadeck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for update on it. I imagine the recommendation to uninstall the plugin without a fix is "sufficient" to be in written format like this 👍

@NotMyFault
Copy link
Member

This PR is now ready for merge. We will merge it after ~24 hours if there is no negative feedback.
Please see the merge process documentation for more information about the merge process.
Thanks!

@NotMyFault NotMyFault added the ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback label Sep 3, 2022
@timja timja merged commit b8d7346 into jenkinsci:master Sep 12, 2022
@daniel-beck daniel-beck mentioned this pull request Sep 17, 2022
Merged
13 tasks
@daniel-beck daniel-beck mentioned this pull request Mar 13, 2023
Merged
14 tasks
@daniel-beck daniel-beck mentioned this pull request Nov 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwnusbaum dwnusbaum dwnusbaum approved these changes

@Wadeck Wadeck Wadeck approved these changes

@NotMyFault NotMyFault NotMyFault approved these changes

Assignees
No one assigned
Labels
ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted squash-merge-me Unclean or useless commit history, should be merged only with squash-merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@daniel-beck @NotMyFault @dwnusbaum @Wadeck @timja