Thanks Daniel! We do have the Ant plugin installed, but our version is updated beyond the affected patch level.
On Thu, Apr 19, 2018 at 6:57 AM, Daniel Beck <[email protected]> wrote: > > > On 18. Apr 2018, at 16:33, Mark Waite <[email protected]> wrote: > > > > Likewise, I would assume that the other plugins mentioned in the > 2018-01-22 advisory need to be upgraded to at least those versions. > > Just a quirk of our advisory format. Unless another plugin is specifically > mentioned as affected by this, it is not believed to be. > > Regarding whether the core update is sufficient, I'm not sure off hand. It > could be. > > That said, unless you have a strictly locked down Jenkins instance, admins > can already XSS other users, so this isn't an issue relevant to most of the > real world. > > Regarding the security scan, I wouldn't be surprised if they found a > reference to Ant (the build tool) and confuse it for Ant (the plugin). Most > of what we get reported from security scan tools is complete garbage. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/jenkinsci-users/fKY3_xmAPkk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/6C4A6238-491C-4F1F-9B47-28D051532931%40beckweb.net. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAByBicYhOwvcm_2PwZ6gUypmooWhh%3DbaK%3Dnc_HDp351sYG1AqQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
