From 9dc414a0cabc9074e87a7c9cd5c3e5ceee733e5a Mon Sep 17 00:00:00 2001 From: liamfallon Date: Thu, 1 Nov 2018 14:59:21 +0000 Subject: Upgrade Jython for security, add doc warning Upgrading Jython to use a full release version. This will probably noit remove security problem but upgrades Jython to the most popular version. A warning is added telling developers to check extra pcakages in the Jython plugin documentation. Issue-ID: POLICY-1065 Change-Id: I83275204c1905bd48dd5ea58e98dcbbd9c47195f Signed-off-by: liamfallon --- .../src/site-docs/adoc/fragments/jython-config.adoc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc') diff --git a/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc b/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc index 53431b3aa..a838857ae 100644 --- a/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc +++ b/plugins/plugins-executor/plugins-executor-jython/src/site-docs/adoc/fragments/jython-config.adoc @@ -13,6 +13,13 @@ == Configure the Jython Executor +WARNING: The Jython plugin allows you to use extra Python packages installed with *_pip_* or at +startup using the *_setup.py_* or *_build_py.py_* configuration files. Extra modules must be checked +by developers prior to installation to ensure that they are not malicious and do not exploit the +Python Path Traversal vulnerability. the Jython plugin does *NOT* check extra modules for security +vulnerabilities. + + The Jython executor is added to the configuration as follows: [source%nowrap,json] @@ -27,4 +34,3 @@ The Jython executor is added to the configuration as follows: } } } ----- -- cgit 1.2.3-korg