Recently, my team introduced WhiteSource Security in pipeline. We kept getting same vulnerability after we had upgraded the required packages. In the screenshot (Fig 1.1), it shows the two CVE-2019-0820 vulnerabilities are remediated but the CVE-2019-0820 show up again in New vulnerabilities when running pipeline.
Any ideas of how to fix this? Is it the issue coming from WhiteSoure?
Related
Scout is an exploratory testing tool that interacts with Tableau's Server or Desktop product in order to capture performance metrics for specific User actions across a set of workbooks.
Scout was updated to v1.5 on December 3rd, 2021, just before the log4j vulnerability. We have been unable to use Scout due to the vulnerability and are looking for options to get Scout running again.
Scout Getting Started page:
https://community.tableau.com/s/question/0D54T00000G54CPSAZ/getting-started-scout
You need to upgrade to the latest Patch version of Tableau Server for any major version (which includes the logj4 update), they have resolved all vulnerabilities related to log4J.
Tableau Scout has been updated to 1.6, which includes fixing the log4j vulnerability.
The error message i'm getting is "current version of the following service is not supported: GitOdb".
Build pipeline is for ASP.NET CORE(v3) API project.
When i click on the error it says "Build not found"
After investigation, there is a recently event of availability degradation of Azure DevOps, which affected these services, and it has been resolved now. If you want to know more information, please click here: https://status.dev.azure.com/_event/188718946 .
The issue is now fully mitigated. To mitigate, we stopped updates and
upgraded the impacted databases. We recognize the wide impact this had
to our customers in this region and will be following up on learnings
and improvements to prevent the chance of recurrence. We apologize for
the impact this caused.
In this case, many users encountered the same problem (starting a build pipeline immediately fails with TF400860: The current version of the following service is not supported: GitOdb. Version: 1700, MinVersion: 1700), which has now been fixed.
I'm using Red gate DLM Automation version 2 on VSTS. I installed DLM on the build server, it's fully licensed, and I have noth the build and release VSTS plugins installed. But now, when I perform a build on VSTS, I receive the following error message:
System.Management.Automation.CmdletInvocationException: A parameter cannot be found that matches parameter name 'transactionIsolationLevel'. ---> System.Management.Automation.ParameterBindingException: A parameter cannot be found that matches parameter name 'transactionIsolationLevel'.
My initial guess is that I have a version conflict between some Red Gate PowerShell libraries, but I cannot find any further information on this error.The build server is running PowerShell v4. The SQL code being built does not have any references to "transaction isolation" in it, but I don't think that's the problem. I have completed successful builds on this VSTS server in the past and am now confused what caused this error to start appearing.
Thank you!
You need at least 2.0.3 of the DLMA install on the local agent to work with the VSTS plugin - we added the Transaction Isolation Level option very recently, and VSTS auto-updates, but the DLMA install doesn't.
Sorry about that - we are looking into better update / communication mechanisms to keep these things in sync in future (or at least tell you what the problem is) but aren't quite there yet.
If you're still having trouble after updating the DLMA install on the local agent, please do get in touch via support#red-gate.com and we'll sort it out for you.
Can some one please help me connecting to JIRA 7 in SonarQube JIRA plugin ?
After giving correct inputs for
server url, username, password, JIRA Project key
Its not working and show error as "Impossible to connect to the JIRA server ".
sonar log also does not show any error related to this.
SOAP base url in JIRA plugin setting in SonarQube is blank and also accessing http://{my jira url}/rpc/soap/jirasoapservice-v2 give 404 error.
even though its enabled in my JIRA 7.
In below SonarQube page, it seems its last update is in December related to version descriptions.
http://docs.sonarqube.org/display/PLUG/JIRA+Plugin#JIRAPlugin-Requirements
http://docs.sonarqube.org/pages/diffpagesbyversion.action?pageId=1442016&selectedPageVersions=101&selectedPageVersions=102
Searching on Google finding few post where it says
"The JIRA Plugin is not compatible with JIRA 7 or newer."
SonarQube cannot connect to JIRA 7 with REST API
"Jira SOAP API has been removed in Jira 7"
https://github.com/SonarSource/sonar-jira/issues/3
So please let me know if anyone khows how to connect to JIRA 7 in SonarQube JIRA plugin.
My SonarQube verion is 5.2 and also checked with 5.4.
SonarQUbe JIRA plugin version is 1.2.
My JIRA version is 7.2.0-OD-05-030.
Thanks,
Sandeep
You found out the answer already: Jira Plugin is not compatible with Jira 7. There is no workaround/fix, otherwise it would already be mentioned in the related GitHub issue.
Note that the underlying functionality of linking SonarQube issues to 3rd-party ticketing systems is being dropped altogether (SONAR-6717). Equivalent grouping/planning of issues can be done using tags and filters, see this blog post for more details.
We upgraded firewall firmware on servers, and the firmware update contains shellshock protection.
Suddenly whenever we do deploy with Capistrano the firewall block our office so we get "Blocked because of IPS attack" from firewall.
I bundle update Capistrano and all dependencies to latest version and same result. Anyone had and know fix for this issue ?
my versions
capistrano (3.2.1 8290d3f)
capistrano-bundler (1.1.3)
capistrano-rails (1.1.2)
capistrano-rbenv (2.0.2)
The problem was me being too stupid. Few weeks ago I installed extension to my browser for specifying custom headers. I created some custom malicious headers and was trying to crack my page to see what will happen. Of course I forget to turn it of.
each time I was doing deployment I checked it with the web-browser (with faulty extension) therefore locking my access and blaming it on deployment.
more info here https://github.com/capistrano/capistrano/issues/1176#issuecomment-62020915