Upgrading Jython to use a full release version. This will probably
noit remove security problem but upgrades Jython to the most popular
version.
A warning is added telling developers to check extra pcakages in the
Jython plugin documentation.
Issue-ID: POLICY-1065
Change-Id: I83275204c1905bd48dd5ea58e98dcbbd9c47195f
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
<dependency>
<groupId>org.python</groupId>
<artifactId>jython-standalone</artifactId>
- <version>2.7.1b3</version>
+ <version>2.7.1</version>
</dependency>
</dependencies>
== Configure the Jython Executor
+WARNING: The Jython plugin allows you to use extra Python packages installed with *_pip_* or at
+startup using the *_setup.py_* or *_build_py.py_* configuration files. Extra modules must be checked
+by developers prior to installation to ensure that they are not malicious and do not exploit the
+Python Path Traversal vulnerability. the Jython plugin does *NOT* check extra modules for security
+vulnerabilities.
+
+
The Jython executor is added to the configuration as follows:
[source%nowrap,json]
}
}
}
-----
Code Review / policy / apex-pdp.git / commitdiff