Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #36822 Move AV scan build step from ClamAV 0.103 to 1.0
    Actions
    Infos
    #36822
    Thomas Gerbet (tgerbet)
    2024-02-13 11:14
    2024-02-13 07:08
    38422
    Details
    Move AV scan build step from ClamAV 0.103 to 1.0

    ClamAV is used in the final steps of the build pipeline to scan the packages.

    This step is currently using ClamAV 0.103 which is EOL and vulnerable to CVE-2024-20290.

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2024-02-13
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #35498 Tuleap Releases 15.6 Delivered 2024-03-04 15:49 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #36822

    Git commit

    tuleap/tools/jenkinsfile-library

    ci: request #36822 Move AV scan build step from ClamAV 0.103 to 1.0 master 8fa86424a9
    User avatar Thomas Gerbet (tgerbet) , 2024-02-13 07:25
    fix: ClamScan should recursively scan all the files master ce1b038552
    User avatar Thomas Gerbet (tgerbet) , 2024-02-13 10:48

    Git Pull Request

    tuleap/tools/jenkinsfile-library

    ci: request #36822 Move AV scan build step from ClamAV 0.103 to 1.0 Merged
    User avatar Thomas Gerbet (tgerbet) , 2024-02-13 07:29
    Referenced by request #36822

    Artifact Tracker v5

    rel #35498 15.6

    Git Pull Request

    tuleap/tools/jenkinsfile-library

    ci: request #36822 Move AV scan build step from ClamAV 0.103 to 1.0 Merged
    User avatar Thomas Gerbet (tgerbet) , 2024-02-13 07:29
    Display settings

    Follow-ups