The following Jenkins updates contain fixes for security vulnerabilities:
* Jenkins 2.370 [see footnote 1]
The following Jenkins plugin updates contain fixes for security vulnerabilities:
* Anchore Container Image Scanner Plugin 1.0.25
* Compuware Common Configuration Plugin 1.0.15
* NS-ND Integration Performance Publisher Plugin 4.8.0.130
Additionally, we announce unresolved security issues in the following plugins:
* Apprenda Plugin
* BigPanda Notifier Plugin
* Build-Publisher Plugin
* CONS3RT Plugin
* DotCi Plugin
* extreme-feedback Plugin
* NS-ND Integration Performance Publisher Plugin
* RQM Plugin
* Rundeck Plugin
* SCM HttpClient Plugin
* Security Inspector Plugin
* SmallTest Plugin
* View26 Test-Reporting Plugin
* Walti Plugin
* WildFly Deployer Plugin
* Worksoft Execution Manager Plugin
Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-09-21/
1: This update was not mentioned in the pre-announcement sent yesterday, as it
fixes an issue we've only become aware of after I sent the pre-announcement.
As the issue was being discussed publicly, we decided to publish a fix with
today's advisory. Please note that the issue is very unlikely to be exploitable,
and Jenkins LTS is unaffected.