Security advisory in Jenkins core
926 views
Skip to first unread message
Kohsuke Kawaguchi
Jan 7, 2013, 4:28:55 PM1/7/13
to Jenkins advisories
We've identified and fixed a critical vulnerability in Jenkins core.
This affects all the releases to date:
- mainline release <= 1.497
- LTS release <= 1.480.1
Please see [1] for more details. Customers of Jenkins Enterprise by
CloudBees and DEV@cloud, please see the corresponding security advisory
by CloudBees [2]. While the title of the advisory is dated Jan 4th, it
is actually release today, not on Jan 4th.
For more information about security advisories and ways to get notified,
please see [3].
Unlike our typical other vulnerabilities, this one requires
administrators to take some actions after upgrading to fully plug the
problem. Once again, see the security advisory for details.
[1]
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
[2]
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
[3] https://wiki.jenkins-ci.org/display/JENKINS/Security+Advisories
--
Kohsuke Kawaguchi http://kohsuke.org/
This affects all the releases to date:
- mainline release <= 1.497
- LTS release <= 1.480.1
Please see [1] for more details. Customers of Jenkins Enterprise by
CloudBees and DEV@cloud, please see the corresponding security advisory
by CloudBees [2]. While the title of the advisory is dated Jan 4th, it
is actually release today, not on Jan 4th.
For more information about security advisories and ways to get notified,
please see [3].
Unlike our typical other vulnerabilities, this one requires
administrators to take some actions after upgrading to fully plug the
problem. Once again, see the security advisory for details.
[1]
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
[2]
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb
[3] https://wiki.jenkins-ci.org/display/JENKINS/Security+Advisories
--
Kohsuke Kawaguchi http://kohsuke.org/
Reply all
Reply to author
Forward
0 new messages