Update bundled Apache Mina-sshd plugins (#7623)
Embed Apache mina sshd plugins 2.9.2 (common and core) Update `sshd-common` plugin and `sshd-core` plugin from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a Changelog https://github.com/apache/mina-sshd/blob/master/docs/changes/2.9.2.md links to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047 Unsafe deserialization in SimpleGeneratorHostKeyProvider Jenkins core does not reference the SimpleGeneratorHostKeyProvider class. It is referenced from sshd plugin at https://github.com/jenkinsci/sshd-plugin/blob/251d59011530b4d3a4db4a3e6ee8f076c61c3bfe/src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java#L162 Users can upgrade the plugin themselves during installation but it is easier if we bundle the updated plugin version with new releases rather than requiring that the user perform the update.
Please register or sign in to comment