Release plugin XSS vulnerability - alternatives?

[David Hearn]

Hi

 

Jenkins is reporting that the Release plugin (https://plugins.jenkins.io/release/) has a Stored XSS vulnerability (https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1928) meaning it may not be safe to use.  Given this plugin appears to have not been updated in 2 years, I’m not expecting any imminent security fixes.

 

Can anyone recommend any alternative plugins or methods to replicate what this plugin does?  Some of the particularly useful bits were input parameters for a release build – both dynamic and choices from a list, but I’m sure there’s other things which it made easier as well.

 

Thanks

 

David