The following Jenkins updates contain fixes for security vulnerabilities: * Jenkins 2.370 [see footnote 1]
The following Jenkins plugin updates contain fixes for security vulnerabilities: * Anchore Container Image Scanner Plugin 1.0.25 * Compuware Common Configuration Plugin 1.0.15 * NS-ND Integration Performance Publisher Plugin 4.8.0.130 Additionally, we announce unresolved security issues in the following plugins: * Apprenda Plugin * BigPanda Notifier Plugin * Build-Publisher Plugin * CONS3RT Plugin * DotCi Plugin * extreme-feedback Plugin * NS-ND Integration Performance Publisher Plugin * RQM Plugin * Rundeck Plugin * SCM HttpClient Plugin * Security Inspector Plugin * SmallTest Plugin * View26 Test-Reporting Plugin * Walti Plugin * WildFly Deployer Plugin * Worksoft Execution Manager Plugin Please see the advisory for more information: https://www.jenkins.io/security/advisory/2022-09-21/ 1: This update was not mentioned in the pre-announcement sent yesterday, as it fixes an issue we've only become aware of after I sent the pre-announcement. As the issue was being discussed publicly, we decided to publish a fix with today's advisory. Please note that the issue is very unlikely to be exploitable, and Jenkins LTS is unaffected. -- You received this message because you are subscribed to the Google Groups "Jenkins Advisories" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-advisories+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-advisories/87E2AA92-2288-47B3-B967-E11C8311D709%40beckweb.net.
