Goal

Ensure we are issuing bug fix and security advisories for Jenkins during the OCP 4.18 release cycle.

Why is this important?

• Minimize security risks for customers and Red Hat users running Jenkins.

Plan      

• Jenkins next release work
  • CVEs 
  • P1 - Konflux migration
    • Need to understand the architecture and what he has done so far
    • See new repos too

• • P1 - Embargoes issue
  • Plugin release
    • More efforts are in testing
    • Otherwise for plugin release a ticket is required to create for upstream

• • Dependbot PRs against Client+login plugin
    • Might need to cut a release though lets wait first to hear back from prodSec on plugin vulnerabilities/releases notification

• • Jenkins forum queries
  • 4.18 pipeline if we go via CPaas - mostly need to consider this by 10th april

Acceptance Criteria (Mandatory)

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• ...

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. …

Open questions::

1. …

Done Checklist

• Acceptance criteria are met
• Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
• User Journey automation is delivered
• Support and SRE teams are provided with enough skills to support the feature in production environment