Thank you for giving advice to us. We have started to consider updating Jenkins from Jenkins 1.409.1 to Jenkins LTS 1.424.6.
However, if you knew what kind of pages has the risk of XSS in Jenkins, please teach us that kind of pages. -- Masato Izumiya On 3ζ13ζ₯, εεΎ10:05, Jesse Farinacci <[email protected]> wrote: > Greetings, > > On Tue, Mar 13, 2012 at 4:49 AM, masato izumiya > > <[email protected]> wrote: > > If all pages of Jenkins have the risk of XSS, we should reexamine the > > above plan. > > But if only Manage pages have the risk of XSS, we need not update > > Jenkins from 1.409.1 to 1.454 immediately. > > I think there may be some confusion here. I recommended v1.424.6 > because it is the latest LTS release and it includes the fix for the > XSS attack. See the > announcement:http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2... > > -Jesse > > -- > There are 10 types of people in this world, those > that can read binary and those that can not.
