Greetings, On Tue, Mar 13, 2012 at 4:49 AM, masato izumiya <[email protected]> wrote: > If all pages of Jenkins have the risk of XSS, we should reexamine the > above plan. > But if only Manage pages have the risk of XSS, we need not update > Jenkins from 1.409.1 to 1.454 immediately.
I think there may be some confusion here. I recommended v1.424.6 because it is the latest LTS release and it includes the fix for the XSS attack. See the announcement: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not.
