Jenkins uses the update center metadata to show applicable warnings. It would be a bit of a hack, and use internals not meant for public consumption, but you could do that, too. See the bottom of https://updates.jenkins.io/update-center.actual.json for the warning definitions. (No complaining if we change the format without prior warning etc.!)
On Mon, Sep 23, 2019 at 5:52 PM Eric Engstrom <[email protected]> wrote: > Yes, I'm subscribed to the "Security advisories" mailing list > <https://groups.google.com/forum/m/#!forum/jenkinsci-advisories>, and > while it provides indications of core updates w.r.t. vulnerabilities, it's > not as helpful for plug-ins - that is, not only would I have to look at all > the plug-ins that are listed as being patched, but it doesn't, AFAICT, tell > me when there are unpatched vulnerabilities. > Counterexample: https://groups.google.com/d/msg/jenkinsci-advisories/T3Zt01nhGao/kn_VhKasCgAJ (Aug 7 this year, second email in the "thread" -- Thanks Google!) -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAMo7PtK49kO_r%3DWinU6%2BwYcf-ScxiPM%2BQxxRyegnZyYoEDVpkg%40mail.gmail.com.
