The following Jenkins updates contain fixes for security vulnerabilities: * Jenkins 2.370 [see footnote 1]
The following Jenkins plugin updates contain fixes for security vulnerabilities: * Anchore Container Image Scanner Plugin 1.0.25 * Compuware Common Configuration Plugin 1.0.15 * NS-ND Integration Performance Publisher Plugin 4.8.0.130 Additionally, we announce unresolved security issues in the following plugins: * Apprenda Plugin * BigPanda Notifier Plugin * Build-Publisher Plugin * CONS3RT Plugin * DotCi Plugin * extreme-feedback Plugin * NS-ND Integration Performance Publisher Plugin * RQM Plugin * Rundeck Plugin * SCM HttpClient Plugin * Security Inspector Plugin * SmallTest Plugin * View26 Test-Reporting Plugin * Walti Plugin * WildFly Deployer Plugin * Worksoft Execution Manager Plugin Please see the advisory for more information: https://www.jenkins.io/security/advisory/2022-09-21/ 1: This update was not mentioned in the pre-announcement sent yesterday, as it fixes an issue we've only become aware of after I sent the pre-announcement. As the issue was being discussed publicly, we decided to publish a fix with today's advisory. Please note that the issue is very unlikely to be exploitable, and Jenkins LTS is unaffected. -- You received this message because you are subscribed to the Google Groups "Jenkins Advisories" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-advisories/87E2AA92-2288-47B3-B967-E11C8311D709%40beckweb.net.
