We're getting gigged on a security scan that looking at Jenkins documentation, should not be happening. The scan is turning up:
*Vulnerability* *Host* *IP* *Port* *201701* *201702* *201703* *201704* *201705* *201706* *201707* Jenkins JDK / Ant Tools Job Configuration Stored XSS Vulnerability (SECURITY-624) <redacted> <redacted> TCP:8080 NO NO NO NO NO NO NO In the documentation, I see 2 places where this could be turning up. Ant plugin prior to 1.8, and Jenkins version prior to 2.93. Our Jenkins version is 2.107.1 and we just upgraded our Ant plugin to 1.8. Anyone have an idea what's getting us here? Thanks, Eric -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7b99d896-52f0-4879-b863-45ce3492a651%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
