diff options
| author |   liamfallon <liam.fallon@ericsson.com> | 2018-11-01 14:59:21 +0000 |
|---|---|---|
| committer | Liam Fallon <liam.fallon@ericsson.com> | 2018-11-08 17:53:43 +0000 |
| commit | 8e6b49616df8e47a1c00629b20dcf947ea0bca68 (patch) | |
| tree | 1e1a4d63f54934107ef4014084726b65c99fba7a | |
| parent | ad6efc439440e991df30694ef2da17d640f20bdf (diff) | |
Upgrade Jython for security, add doc warning
Upgrading Jython to use a full release version. This will probably
noit remove security problem but upgrades Jython to the most popular
version.
A warning is added telling developers to check extra pcakages in the
Jython plugin documentation.
Issue-ID: POLICY-1065
Change-Id: I83275204c1905bd48dd5ea58e98dcbbd9c47195f
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
(cherry picked from commit 9dc414a0cabc9074e87a7c9cd5c3e5ceee733e5a)
| -rw-r--r-- | plugins/plugins-executor/plugins-executor-jython/pom.xml | 2 | ||||
| -rw-r--r-- | plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc | 8 |
2 files changed, 8 insertions, 2 deletions
diff --git a/plugins/plugins-executor/plugins-executor-jython/pom.xml b/plugins/plugins-executor/plugins-executor-jython/pom.xml index 7670f8079..13010b413 100644 --- a/plugins/plugins-executor/plugins-executor-jython/pom.xml +++ b/plugins/plugins-executor/plugins-executor-jython/pom.xml @@ -33,7 +33,7 @@ <dependency> <groupId>org.python</groupId> <artifactId>jython-standalone</artifactId> - <version>2.7.1b3</version> + <version>2.7.1</version> </dependency> </dependencies> diff --git a/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc b/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc index 53431b3aa..a838857ae 100644 --- a/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc +++ b/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc @@ -13,6 +13,13 @@ == Configure the Jython Executor +WARNING: The Jython plugin allows you to use extra Python packages installed with *_pip_* or at +startup using the *_setup.py_* or *_build_py.py_* configuration files. Extra modules must be checked +by developers prior to installation to ensure that they are not malicious and do not exploit the +Python Path Traversal vulnerability. the Jython plugin does *NOT* check extra modules for security +vulnerabilities. + + The Jython executor is added to the configuration as follows: [source%nowrap,json] @@ -27,4 +34,3 @@ The Jython executor is added to the configuration as follows: } } } ----- |