So it mean the LTS 2.235.5 is not cover by those security fix? jquery 1.11 is old, like 2014 and security patch stopped in 2015.
From: [email protected] <[email protected]> On Behalf Of vince bailey Sent: August 26, 2020 10:45 AM To: 'Björn Pedersen' via Jenkins Users <[email protected]> Subject: Re: Vulnerability in JQuery on Jenkins Hi All, You need to go to min 2.241 or 2.251 there are security issues on older version. docker containers jenkins/jenkins:2.241 jenkins/jenkins:2.51 or go to this website https://www.jenkins.io/download/ -- Regards, Vince Bailey Live long and prosper !!! [cid:[email protected]] On 26 Aug 2020, at 15:38, [email protected]<http://gmail.com> <[email protected]<mailto:[email protected]>> wrote: Hi All, Just got gigged by our security team for a vulnerability in Jenkins with the version of JQuery installed. How do I go about updating the version of JQuery Jenkins runs? Here's the specifics of the vulnerability: Plugin Output: URL : http://myMachine:8081/js/jquery-1.11.1.min.js<http://mymachine:8081/js/jquery-1.11.1.min.js> Installed version : 1.11.1 Fixed version : 3.5.0 I'm running version 2.235.5 of Jenkins. Thanks, Eric -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/13c921b1-02f4-4f00-a474-266fe766ced0n%40googlegroups.com<https://groups.google.com/d/msgid/jenkinsci-users/13c921b1-02f4-4f00-a474-266fe766ced0n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/33DD337C-B069-4D01-BC86-7EF5CD46BBEA%40dns-direct.com<https://groups.google.com/d/msgid/jenkinsci-users/33DD337C-B069-4D01-BC86-7EF5CD46BBEA%40dns-direct.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/YTOPR0101MB2315311913EB71AE7810DE58CD540%40YTOPR0101MB2315.CANPRD01.PROD.OUTLOOK.COM.
