summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@ericsson.com>2018-11-01 14:59:21 +0000
committerliamfallon <liam.fallon@ericsson.com>2018-11-01 15:21:08 +0000
commit9dc414a0cabc9074e87a7c9cd5c3e5ceee733e5a (patch)
treee896625dde30007026202775548021ebc86234c6
parent3aa7cbec7f96dba5503757482bb604921116b6c1 (diff)
Upgrade Jython for security, add doc warning
Upgrading Jython to use a full release version. This will probably noit remove security problem but upgrades Jython to the most popular version. A warning is added telling developers to check extra pcakages in the Jython plugin documentation. Issue-ID: POLICY-1065 Change-Id: I83275204c1905bd48dd5ea58e98dcbbd9c47195f Signed-off-by: liamfallon <liam.fallon@ericsson.com>
-rw-r--r--plugins/plugins-executor/plugins-executor-jython/pom.xml2
-rw-r--r--plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc8
2 files changed, 8 insertions, 2 deletions
diff --git a/plugins/plugins-executor/plugins-executor-jython/pom.xml b/plugins/plugins-executor/plugins-executor-jython/pom.xml
index cc9cee772..a6b2e8035 100644
--- a/plugins/plugins-executor/plugins-executor-jython/pom.xml
+++ b/plugins/plugins-executor/plugins-executor-jython/pom.xml
@@ -33,7 +33,7 @@
<dependency>
<groupId>org.python</groupId>
<artifactId>jython-standalone</artifactId>
- <version>2.7.1b3</version>
+ <version>2.7.1</version>
</dependency>
</dependencies>
diff --git a/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc b/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc
index 53431b3aa..a838857ae 100644
--- a/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc
+++ b/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc
@@ -13,6 +13,13 @@
== Configure the Jython Executor
+WARNING: The Jython plugin allows you to use extra Python packages installed with *_pip_* or at
+startup using the *_setup.py_* or *_build_py.py_* configuration files. Extra modules must be checked
+by developers prior to installation to ensure that they are not malicious and do not exploit the
+Python Path Traversal vulnerability. the Jython plugin does *NOT* check extra modules for security
+vulnerabilities.
+
+
The Jython executor is added to the configuration as follows:
[source%nowrap,json]
@@ -27,4 +34,3 @@ The Jython executor is added to the configuration as follows:
}
}
}
-----