AppSpider

🔒 Security

Fix SECURITY-3144.


Installation options

Installation options

Changes

  • Jenkins version requirement change to 2.348 to address security concerns
  • report name changed to use . rather than _ for consistency
  • minor bug fixes and security fixes addressed by upgrading dependencies

Installation options

Changes

  • multi-client/system-administrator support added, requiring AppSpider Enterprise 3.8.227 or above
  • new check box in global settings to enable multi-client/system-administrator support, enabling it will add this support but no longer be compatible with older versions of AppSpider Enterprise

Installation options

Description

Addressed the following security issue

SECURITY-2058 / CVE-2020-2314

AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file com.rapid7.jenkinspider.PostBuildScan.xml on the Jenkins controller as part of its configuration.

This password can be viewed by users with access to the Jenkins controller file system.

AppSpider Plugin 1.0.13 stores a password encrypted once its configuration is saved again.


Installation options
  • added configuration option to allow self-signed certificate errors to be ignored when using HTTPS
  • additional logging to aid in diagnosis of issues
  • minor stability improvements

Installation options
Installation options
Installation options
Installation options
Installation options
Installation options
Installation options
Installation options
Installation options
Installation options