Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Git server Plugin 117.veb_68868fa_027
* Script Security Plugin 1336.vf33a_a_9863911

Additionally, we announce unresolved security issues in the following plugins:

* Subversion Partial Release Manager Plugin
* Telegram Bot Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2024-05-02/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/02A07ADE-C348-4655-B2A4-0553B49D2FE1%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* AppSpider Plugin 1.0.17
* Bitbucket Branch Source Plugin 871.v28d74e8b_4226
* Delphix Plugin 3.0.2 and 3.1.1
* HTML Publisher Plugin 1.32.1
* MQ Notifier Plugin 1.4.1
* OWASP Dependency-Check Plugin 5.4.6
* Trilead API Plugin 2.141.v284120fd0c46

Additionally, we announce unresolved security issues in the following plugins:

* Build Monitor View Plugin
* docker-build-step Plugin
* GitBucket Plugin
* iceScrum Plugin
* Subversion Partial Release Manager Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2024-03-06/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/56A40637-4110-4500-8B78-547461D3DD2B%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, March 6. The highest severity is 'High' and affects plugins 
installed on between 25% and 75% of known instances. The most popular included 
plugins are installed on more than 75% of known instances and have 'Medium' 
severity issues. The advisory includes issues that will be published without a 
fix as outlined at https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/706BAC5D-641F-43CE-A4F6-021E75EE810C%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Analysis Model API Plugin 11.13.0
* Nexus Platform Plugin 3.18.1-01
* Scriptler Plugin 344.v5a_ddb_5f9e685

Additionally, we announce unresolved security issues in the following plugins:

* Deployment Dashboard Plugin
* Dingding JSON Pusher Plugin
* HTMLResource Plugin
* OpenId Connect Authentication Plugin
* PaaSLane Estimate Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-12-13/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/48BD9A15-CD49-4E96-AD10-1AE77F18F7A4%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Kevin Guerroudj' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on
Wednesday, December 13. The highest severity is 'High' and affects plugins
installed on between 1% and 3% of known instances. The most popular
included plugins are installed on between 3% and 10% of known instances and
have 'Medium' severity issues. The advisory includes issues that will be
published without a fix as outlined at
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAKG2iZhXkLgFioamKAL5B9Yd0kKcLGUtFKXxct5YAq8wtXWAbA%40mail.gmail.com.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Google Compute Engine Plugin 4.551.v5a_4dc98f6962
* Jira Plugin 3.12
* MATLAB Plugin 2.11.1
* NeuVector Vulnerability Scanner Plugin 2.2

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-11-29/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/8E3D0608-23E1-4A56-9E14-D1ECFD213E3D%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Kevin Guerroudj' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on
Wednesday, November 29. The highest severity is 'High' and affects plugins
installed on less than 1% of known instances. The most popular included
plugins are installed on between 10% and 25% of known instances and have
'Medium' severity issues.

This affects only Jenkins plugins, there will be no corresponding security
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAKG2iZiDBJAf6HZJCGp_Odf_RgVTJB%2BFYitQVU8j%3DjckNzs0Hg%40mail.gmail.com.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* CloudBees CD Plugin 1.1.33
* GitHub Plugin 1.37.3.1
* lambdatest-automation Plugin 1.20.10 and 1.21.0
* Warnings Plugin 10.5.1

Additionally, we announce unresolved security issues in the following plugins:

* Edgewall Trac Plugin
* Gogs Plugin
* MSTeams Webhook Trigger Plugin
* Multibranch Scan Webhook Trigger Plugin
* Zanata Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-10-25/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/D6FC051E-E7DC-4871-9D97-2FA35F246A6E%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Kevin Guerroudj' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on
Wednesday, October 25. The highest severity is 'High'. The most popular
included plugin is installed on more than 75% of known instances. The
advisory includes issues that will be published without a fix as outlined
at https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAKG2iZjz34S5PHcoPWsvoDsMuaJa2M_pVWcGB9Dc7R6dLSfEfw%40mail.gmail.com.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Azure AD Plugin 397.v907382dd9b_98 and 378.380.v545b_1154b_3fb_
* Bitbucket Push and Pull Request Plugin 2.8.4
* Google Login Plugin 1.8
* Job Configuration History Plugin 1229.v3039470161a_d
* Pipeline Maven Integration Plugin 1331.v003efa_fd6e81
* Qualys Container Scanning Connector Plugin 1.6.2.7
* SSH2 Easy Plugin 1.6

Additionally, we announce unresolved security issues in the following plugins:

* Assembla Auth Plugin
* AWS CodeCommit Trigger Plugin
* Frugal Testing Plugin
* Ivy Plugin
* TAP Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-09-06/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/8D03C30B-8815-4723-8BA7-33199ED5E1DF%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, September 6. The highest severity is 'High'. The most popular 
included plugin is installed on between 10% and 25% of known instances. The 
advisory includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/949C2B9C-6838-4F1A-94C7-A1FDD5DA90C8%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Blue Ocean Plugin 1.27.5.1
* Config File Provider Plugin 953.v0432a_802e4d2
* Delphix Plugin 3.0.3
* Flaky Test Handler Plugin 1.2.3
* Folders Plugin 6.848.ve3b_fd7839a_81
* Fortify Plugin 22.2.39
* NodeJS Plugin 1.6.0.1
* Shortcut Job Plugin 0.5
* Tuleap Authentication Plugin 1.1.21

Additionally, we announce unresolved security issues in the following plugins:

* Docker Swarm Plugin
* Favorite View Plugin
* Gogs Plugin
* Maven Artifact ChoiceListProvider (Nexus) Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-08-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/1BED31F7-2591-46F1-8F1F-DE199FCBD609%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, August 16. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances. The advisory includes 
issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/29C5299E-504E-443B-891B-8C6202BAAE2F%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Active Directory Plugin 2.30.1
* Datadog Plugin 5.4.2
* External Monitor Job Type Plugin 207.v98a_a_37a_85525
* mabl Plugin 0.0.47
* OpenShift Login Plugin 1.1.0.230.v5d7030b_f5432
* Oracle Cloud Infrastructure Compute Plugin 1.0.17
* Orka by MacStadium Plugin 1.34
* SAML Single Sign On(SSO) Plugin 2.3.1

Additionally, we announce unresolved security issues in the following plugins:

* Assembla Auth Plugin
* Benchmark Evaluator Plugin
* ElasticBox CI Plugin
* MathWorks Polyspace Plugin
* Pipeline restFul API Plugin
* Rebuilder Plugin
* Sumologic Publisher Plugin
* Test Results Aggregator Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-07-12/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B226FBB6-72EC-49E5-B0BF-805C6C917F8A%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, July 12. The highest severity is 'High'. The most popular included 
plugin is installed on between 25% and 75% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/7FDDFE75-7AB8-415D-8625-231A86E674BC%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Ansible Plugin 205.v4cb_c48657c21
* AppSpider Plugin 1.0.16
* Azure VM Agents Plugin 853.v4a_1a_dd947520
* CAS Plugin 1.6.3
* Code Dx Plugin 4.0.0
* Email Extension Plugin 2.96.1
* File Parameter Plugin 285.287.v4b_7b_29d3469d
* LDAP Plugin 676.vfa_64cf6b_b_002
* NS-ND Integration Performance Publisher Plugin 4.11.0.48
* Pipeline Utility Steps Plugin 2.15.3
* Pipeline: Job Plugin 1295.v395eb_745
* Reverse Proxy Auth Plugin 1.7.5
* SAML Single Sign On(SSO) Plugin 2.0.1, 2.1.0, and 2.2.0
* Sidebar Link Plugin 2.2.2
* TestNG Results Plugin 730.732.v959a_3a_a_eb_a_72

Additionally, we announce unresolved security issues in the following plugins:

* HashiCorp Vault Plugin
* LoadComplete support Plugin
* Tag Profiler Plugin
* TestComplete support Plugin
* WSO2 Oauth Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-05-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/14303B33-022D-46DC-9310-0D982C2C7F84%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, May 16. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances. The advisory includes 
issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/F08350A2-3417-4767-BEBB-C00B4D3B3FFD%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Azure Key Vault Plugin 188.vf46b_7fa_846a_1
* Kubernetes Plugin 3910.ve59cec5e33ea_

Additionally, we announce unresolved security issues in the following plugins:

* Assembla merge request builder Plugin
* Consul KV Builder Plugin
* Fogbugz Plugin
* Image Tag Parameter Plugin
* Lucene-Search Plugin
* NeuVector Vulnerability Scanner Plugin
* Quay.io trigger Plugin
* Report Portal Plugin
* Thycotic DevOps Secrets Vault Plugin
* Thycotic Secret Server Plugin
* TurboScript Plugin
* WSO2 Oauth Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-04-12/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/20925639-DFED-4131-9351-44CC34FDF4DE%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, April 12. The highest severity is 'High' and affects plugins 
installed on less than 1% of known instances. The most popular included plugins 
are installed on between 10% and 25% of known instances and have 'Medium' 
severity issues. The advisory includes issues that will be published without a 
fix as outlined at https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/1714DC47-9D6F-4FB5-A126-2F9DAC1B1819%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* JaCoCo Plugin 3.3.2.1
* OctoPerf Load Testing Plugin 4.5.1, 4.5.2, and 4.5.3
* Pipeline Aggregator View Plugin 1.14
* Role-based Authorization Strategy Plugin 587.588.v850a_20a_30162

Additionally, we announce unresolved security issues in the following plugins:

* AbsInt a³ Plugin
* Convert To Pipeline Plugin
* Cppcheck Plugin
* Crap4J Plugin
* Mashup Portlets Plugin
* Performance Publisher Plugin
* Phabricator Differential Plugin
* remote-jobs-view-plugin Plugin
* Visual Studio Code Metrics Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-03-21/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/195CF61E-BE1B-485B-91C4-19394312B83E%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, March 21. The highest severity is 'High' and affects plugins installed 
on between 3% and 10% of known instances. The most popular included plugins are 
installed on between 25% and 75% of known instances and have 'Medium' severity 
issues. The advisory includes issues that will be published without a fix as 
outlined at https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/3D09AB5B-08B7-4BF6-8838-951F121A5BBD%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Azure Credentials Plugin 254.v64da_8176c83a
* Email Extension Plugin 2.93.1
* JUnit Plugin 1166.1168.vd6b_8042a_06de
* Pipeline: Build Step Plugin 2.18.1
* Synopsys Coverity Plugin 3.0.3

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-02-15/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/4A96957F-987B-4A51-9E9D-DE80F73147E3%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, February 15. The highest severity is 'High'. The most popular 
included plugin is installed on more than 75% of known instances. 

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/F3B42EB1-BBD7-4D93-8C2A-170F4D34F195%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Azure AD Plugin 306.va_7083923fd50
* Bitbucket OAuth Plugin 0.13
* Gerrit Trigger Plugin 2.38.1
* Kubernetes Credentials Provider Plugin 1.209.v862c6e5fb_1ef
* OpenId Connect Authentication Plugin 2.5
* Orka by MacStadium Plugin 1.32
* Script Security Plugin 1229.v4880b_b_e905a_6
* Semantic Versioning Plugin 1.15

Additionally, we announce unresolved security issues in the following plugins:

* BearyChat Plugin
* Cisco Spark Notifier Plugin
* GitHub Pull Request Builder Plugin
* GitHub Pull Request Coverage Status Plugin
* JIRA Pipeline Steps Plugin
* Keycloak Authentication Plugin
* MSTest Plugin
* OpenID Plugin
* PWauth Security Realm Plugin
* RabbitMQ Consumer Plugin
* TestComplete support Plugin
* TestQuality Updater Plugin
* view-cloner Plugin
* visualexpert Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-01-24/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/99B41C9B-29FD-402E-A635-29E405DB3B28%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, January 24. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances. The advisory includes 
issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CA4B3927-23BE-4A98-B9F6-494FB49ABDA3%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Checkmarx Plugin 2022.4.3
* Custom Build Properties Plugin 2.82.v16d5b_d3590c7
* Gitea Plugin 1.4.5
* Google Login Plugin 1.7
* Plot Plugin 2.1.12
* Spring Config Plugin 2.0.1

Additionally, we announce unresolved security issues in the following plugins:

* Sonar Gerrit Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-12-07/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/4C7A4E5E-F3DF-48D8-A1E5-7BB5F461D201%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, December 7. The highest severity is 'High'. The most popular 
included plugin is installed on between 1% and 3% of known instances. The 
advisory includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/3E31DCB2-98DA-4695-BFDE-A3FCE4B53A2D%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* CloudBees Docker Hub/Registry Notification Plugin 2.6.2.1
* JUnit Plugin 1160.vf1f01a_a_ea_b_7f
* Naginator Plugin 1.18.2
* NS-ND Integration Performance Publisher Plugin 4.8.0.146
* Pipeline Utility Steps Plugin 2.13.1 and 2.13.2
* Reverse Proxy Auth Plugin 1.7.4
* Script Security Plugin 1190.v65867a_a_47126
* Support Core Plugin 1206.1208.v9b_7a_1d48db_0f

Additionally, we announce unresolved security issues in the following plugins:

* Associated Files Plugin
* BART Plugin
*  Plugin
* Cluster Statistics Plugin
* Config Rotator Plugin
* Delete log Plugin
* JAPEX Plugin
* loader.io Plugin
* NS-ND Integration Performance Publisher Plugin
* OSF Builder Suite :: XML Linter Plugin
* SourceMonitor Plugin
* Violations Plugin
* XP-Dev Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-11-15/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/E9ED39AE-ED03-4C16-B8DF-DFAC0F313283%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, November 15. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances. The advisory includes 
issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/249805ED-2328-4BB1-A71E-6D66B52F2D44%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.13
* Compuware Topaz Utilities Plugin 1.0.9
* Compuware Xpediter Code Coverage Plugin 1.0.8
* Contrast Continuous Application Security Plugin 3.10
* Generic Webhook Trigger Plugin 1.84.2
* GitLab Plugin 1.5.36
* Job Import Plugin 3.6
* Katalon Plugin 1.0.33 and 1.0.34
* Mercurial Plugin 1260.vdfb_723cdcc81
* NUnit Plugin 0.28
* Pipeline: Deprecated Groovy Libraries Plugin 588.v576c103a_ff86
* Pipeline: Groovy Libraries Plugin 613.v9c41a_160233f
* Pipeline: Groovy Plugin 2803.v1a_f77ffcc773
* Pipeline: Input Step Plugin 456.vd8a_957db_5b_e9
* Pipeline: Stage View Plugin 2.27
* Pipeline: Supporting APIs Plugin 839.v35e2736cfd5c
* REPO Plugin 1.16.0
* Script Security Plugin 1184.v85d16b_d851b_3
* Tuleap Git Branch Source Plugin 3.2.5

Additionally, we announce unresolved security issues in the following plugins:

* 360 FireLine Plugin
* Compuware Strobe Measurement Plugin
* Compuware Topaz for Total Test Plugin
* Custom Checkbox Parameter Plugin
* NeuVector Vulnerability Scanner Plugin
* S3 Explorer Plugin
* ScreenRecorder Plugin
* XFramium Builder Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-10-19/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B1C701B5-6DF4-44DD-8B2B-E7AFB5932DB5%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, October 19. The highest severity is 'High'. The most popular 
included plugin is installed on more than 75% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/13512DC3-A13A-4313-B88D-8035885083F9%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, September 21. The highest severity is 'High'. The most popular 
included plugin is installed on less than 1% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/3DEC36E8-DB24-4AC7-8C10-271ECCE22804%40beckweb.net.

Jenkins plugins security advisory

['Wadeck Follonier' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security
vulnerabilities:

* CollabNet Plugins Plugin 2.0.9
* Git Plugin 4.11.5
* Job Configuration History Plugin 1166.vc9f255f45b_8a

Additionally, we announce unresolved security issues in the following
plugins:

* Kubernetes Continuous Deploy Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-08-23/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAAWM14eV156AAsLSLjKYsnTTuZZqGRBZ4UW55tkv3DNuUrArRg%40mail.gmail.com.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, August 23. The highest severity is 'High' and affects plugins 
installed on between 10% and 25% of known instances. The most popular included 
plugins are installed on more than 75% of known instances and have 'Medium' 
severity issues. The advisory includes issues that will be published without a 
fix as outlined at https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/A9E0BCBA-9C8A-4963-AFA4-86C1018B9E0C%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Compuware ISPW Operations Plugin 1.0.9
* Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.13
* Compuware Topaz Utilities Plugin 1.0.9
* Compuware Xpediter Code Coverage Plugin 1.0.8
* Compuware zAdviser API Plugin 1.0.4
* Deployer Framework Plugin 86.v7b_a_4a_55b_f3ec
* External Monitor Job Type Plugin 192.ve979ca_8b_3ccd
* Git client Plugin 3.11.1
* Git Plugin 4.11.4
* GitHub Plugin 1.34.5
* HashiCorp Vault Plugin 355.v3b_38d767a_b_a_8
* Job Configuration History Plugin 1156.v536a_97b_8d649
* rhnpush-plugin Plugin 0.5.2
* rpmsign-plugin Plugin 0.5.1

Additionally, we announce unresolved security issues in the following plugins:

* Android Signing Plugin
* Buckminster Plugin
* CLIF Performance Testing Plugin
* Coverity Plugin
* Dynamic Extended Choice Parameter Plugin
* Files Found Trigger Plugin
* Google Cloud Backup Plugin
* HTTP Request Plugin
* Lucene-Search Plugin
* Maven Metadata Plugin for Jenkins CI server Plugin
* OpenShift Deployer Plugin
* Openstack Heat Plugin
* Repository Connector Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-07-27/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/5C059491-984B-4358-96E4-D4A636918A7E%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, July 27. The highest severity is 'High' and affects plugins 
installed on between 1% and 3% of known instances. The most popular included 
plugins are installed on more than 75% of known instances and have 'Medium' 
severity issues. The advisory includes issues that will be published without a 
fix as outlined at https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/71349DF0-AB42-4BDA-B492-D9ABE5D4619C%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* GitLab Plugin 1.5.35
* requests-plugin Plugin 2.2.17
* TestNG Results Plugin 555.va0d5f66521e3
* XebiaLabs XL Release Plugin 22.0.1

Additionally, we announce unresolved security issues in the following plugins:

* Build Notifications Plugin
* build-metrics Plugin
* Cisco Spark Plugin
* Deployment Dashboard Plugin
* Elasticsearch Query Plugin
* eXtreme Feedback Panel Plugin
* Failed Job Deactivator Plugin
* HPE Network Virtualization Plugin
* Jigomerge Plugin
* Matrix Reloaded Plugin
* OpsGenie Plugin
* Plot Plugin
* Project Inheritance Plugin
* Recipe Plugin
* Request Rename Or Delete Plugin
* Rich Text Publisher Plugin
* RocketChat Notifier Plugin
* RQM Plugin
* Skype notifier Plugin
* Validating Email Parameter Plugin
* XPath Configuration Viewer Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-06-30/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B1FD654E-0F73-4E2C-906A-F1C5229F1E8B%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Thursday, June 30. The highest severity is 'High'. The most popular included 
plugin is installed on between 10% and 25% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/312C05A5-F60A-4325-9BAE-B6FD1A8FA63D%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Application Detector Plugin 1.0.9
* Blue Ocean Plugin 1.25.4
* Git Plugin 4.11.2
* GitLab Plugin 1.5.32
* Mercurial Plugin 2.16.1
* Multiselect parameter Plugin 1.4
* Pipeline SCM API for Blue Ocean Plugin 1.25.4
* Pipeline: Groovy Plugin 2692.v76b_089ccd026
* REPO Plugin 1.14.1
* Rundeck Plugin 3.6.11
* Script Security Plugin 1172.v35f6a_0b_8207e
* WMI Windows Agents Plugin 1.8.1

Additionally, we announce unresolved security issues in the following plugins:

* Autocomplete Parameter Plugin
* Global Variable String Parameter Plugin
* JDK Parameter Plugin
* Promoted Builds (Simple) Plugin
* Random String Parameter Plugin
* Selection tasks Plugin
* SSH Plugin
* Storable Configs Plugin
* vboxwrapper Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-05-17/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/32FF33C8-1A3F-4C8C-A0E9-708993574D4D%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, May 17. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances. 

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/EB07DAA3-8002-4BAB-9F31-885CE071914C%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Credentials Plugin 1112.vc87b_7a_3597f6, 1087.1089.v2f1b_9a_b_040e4, 
1074.1076.v39c30cecb_0e2, and 2.6.1.1
* CVS Plugin 2.19.1
* Gerrit Trigger Plugin 2.35.3
* Git Parameter Plugin 0.9.16
* Google Compute Engine Plugin 4.3.9
* Jira Plugin 3.7.1 and 3.6.1
* Mask Passwords Plugin 3.1
* Node and Label parameter Plugin 1.10.3.1
* Pipeline: Shared Groovy Libraries Plugin 566.vd0a_a_3334a_555 and 2.21.3
* promoted builds Plugin 876.v99d29788b_36b_ and 3.10.1
* Publish Over FTP Plugin 1.17
* Subversion Plugin 2.15.4

Additionally, we announce unresolved security issues in the following plugins:

* Extended Choice Parameter Plugin
* Job Generator Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-04-12/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B4CBB1CE-ECB5-4F86-8780-AE59D07D1B18%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, April 12. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/239FE2FF-0461-4350-A50F-FAA30E72EFDF%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Bitbucket Server Integration Plugin 3.2.0
* Continuous Integration with Toad Edge Plugin 2.4
* Flaky Test Handler Plugin 1.2.2
* instant-messaging Plugin 1.42
* JiraTestResultReporter Plugin 166.v0cc6208295b5
* Proxmox Plugin 0.6.0, 0.7.0, and 0.7.1
* RocketChat Notifier Plugin 1.5.0

Additionally, we announce unresolved security issues in the following plugins:

* Coverage/Complexity Scatter Plot Plugin
* Job and Node ownership Plugin
* Pipeline: Phoenix AutoTest Plugin
* SiteMonitor Plugin
* Tests Selector Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-03-29/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/E87D794E-5452-403A-8048-FF52498C8767%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, March 29. The highest severity is 'High'. The most popular included 
plugin is installed on between 1% and 3% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/53737825-F7D2-4A23-966D-CCC186796F95%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* CloudBees AWS Credentials Plugin 191.vcb_f183ce58b_9
* Dashboard View Plugin 2.18.1
* Favorite Plugin 2.4.1
* Folder-based Authorization Strategy Plugin 1.4
* Parameterized Trigger Plugin 2.43.1
* Semantic Versioning Plugin 1.14

Additionally, we announce unresolved security issues in the following plugins:

* dbCharts Plugin
* Environment Dashboard Plugin
* Extended Choice Parameter Plugin
* GitLab Authentication Plugin
* global-build-stats Plugin
* incapptic connect uploader Plugin
* Kubernetes Continuous Deploy Plugin
* List Git Branches Parameter Plugin
* Release Helper Plugin
* Vmware vRealize CodeStream Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-03-15/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CF9A5529-9F61-4CE3-B818-987F353AE184%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, March 15. The highest severity is 'High'. The most popular included 
plugin is installed on between 25% and 75% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CB003EE5-CEDC-4CED-986D-499D5ED7A71F%40beckweb.net.

Jenkins plugins security advisory

['Wadeck Follonier' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security
vulnerabilities:

* Agent Server Parameter Plugin 1.1
* autonomiq Plugin 1.16
* Conjur Secrets Plugin 1.0.12
* Custom Checkbox Parameter Plugin 1.2
* Fortify Plugin 20.2.35
* Generic Webhook Trigger Plugin 1.82
* HashiCorp Vault Plugin 336.v182c0fbaaeb7
* Pipeline: Build Step Plugin 2.15.1
* Pipeline: Groovy Plugin 2656.vf7a_e7b_75a_457
* Pipeline: Multibranch Plugin 707.v71c3f0a_6ccdb_
* Pipeline: Shared Groovy Libraries Plugin 561.va_ce0de3c2d69
* Snow Commander Plugin 2.0
* Support Core Plugin 2.79.1

Additionally, we announce unresolved security issues in the following
plugins:

* Checkmarx Plugin
* Chef Sinatra Plugin
* Convertigo Mobile Platform Plugin
* dbCharts Plugin
* Doktor Plugin
* GitLab Authentication Plugin
* HashiCorp Vault Plugin
* Promoted Builds (Simple) Plugin
* SCP publisher Plugin
* SWAMP Plugin
* Team Views Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-02-15/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAAWM14ckXDFUMH6KGA8CVu-%3D7vLAGaBWVyvKViaEybsYHq%2BukQ%40mail.gmail.com.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, February 15. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances. The advisory includes 
issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/7EE18A7C-2DED-47A8-951D-6BE8EF0F3007%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Active Choices Plugin 2.5.7
* Scriptler Plugin 3.4

Additionally, we announce unresolved security issues in the following plugins:

* OWASP Dependency-Check Plugin
* Performance Plugin
* pom2config Plugin
* Squash TM Publisher (Squash4Jenkins) Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-11-12/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/DA68933F-B144-4014-B110-F6433DBA547B%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Friday, November 12. The highest severity is 'High'. The most popular included 
plugin is installed on between 3% and 10% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/4D095D53-15ED-4424-9212-F5A99035254F%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Azure AD Plugin 180.v8b1e80e6f242
* Code Coverage API Plugin 1.4.1
* Nested View Plugin 1.21
* Nomad Plugin 0.7.5
* SAML Plugin 2.0.8

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-08-31/


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/0EF0ED0A-E6E2-4850-AE9D-A04AD34B8A8E%40beckweb.net.

Jenkins plugins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, August 31. The highest severity is 'High'. The most popular included 
plugin is installed on between 3% and 10% of known instances.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/8F8A2080-7CB2-45BD-A85A-5C7C4FC487FC%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Generic Webhook Trigger Plugin 1.74

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-06-18/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/BDE8C9DB-EC8E-4FC6-9192-57C2B72486C9%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Scriptler Plugin 3.2 and 3.3

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-06-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/AC2F4812-802E-432E-B1D2-C9899731832D%40beckweb.net.

Jenkins plugins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Kiuwan Plugin 1.6.1
* Kubernetes CLI Plugin 1.10.1
* XebiaLabs XL Deploy Plugin 10.0.2

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-06-10/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/ACCC3F77-36F4-4B80-95F5-93DD74F8B1E9%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Filesystem Trigger Plugin 0.41
* Markdown Formatter Plugin 0.2.0
* Nuget Plugin 1.1
* URLTrigger Plugin 0.49

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-05-25/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/3CE6762D-5D0A-4AF6-88F5-917ECAB7E741%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Credentials Plugin 2.3.19
* Dashboard View Plugin 2.16
* P4 Plugin 1.11.5
* S3 publisher Plugin 0.11.7
* Xcode integration Plugin 2.0.15
* Xray - Test Management for Jira Plugin 2.4.1

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-05-11/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/6053C124-EC1F-4FA3-B9A5-4E2C2176F2B8%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, May 11. The highest severity is 'High'. The most popular included 
plugin is installed on more than 75% of known instances.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/75F799DD-748F-4152-8417-AC4978EFB970%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* CloudBees CD Plugin 1.1.22
* Config File Provider Plugin 3.7.1
* Templating Engine Plugin 2.2

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-04-21/


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CE360788-1C25-4693-908C-62144BB37825%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, April 21. The highest severity is 'High'. The most popular included 
plugin is installed on between 25% and 75% of known instances.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/6CCEB2DF-0FC6-4AD6-BE92-3394CCB2DAFF%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Build With Parameters Plugin 1.5.1
* Cloud Statistics Plugin 0.27
* Extra Columns Plugin 1.23
* Jabber (XMPP) notifier and control Plugin 1.42
* OWASP Dependency-Track Plugin 3.1.1
* REST List Parameter Plugin 1.3.1

Additionally, we announce unresolved security issues in the following plugins:

* Team Foundation Server Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-03-30/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/E0F9F5BC-F39E-46B8-88B7-87A806D269ED%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, March 30. The highest severity is 'High'. The most popular included 
plugin is installed on between 3% and 10% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/835077C1-1167-4931-8205-4336641105ED%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* CloudBees AWS Credentials Plugin 1.28.1
* Libvirt Agents Plugin 1.9.1
* Matrix Authorization Strategy Plugin 2.6.6
* Role-based Authorization Strategy Plugin 3.1.1
* Warnings Next Generation Plugin 8.5.0

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-03-18/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/E7DFF44F-BF94-4373-A704-B84E0D967BC3%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Thursday, March 18. The highest severity is 'Medium'. The most popular included 
plugin is installed on more than 75% of known instances.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/74BB7750-FF62-4253-BFD3-21F1B0026010%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Active Choices Plugin 2.5.3
* Artifact Repository Parameter Plugin 1.0.1
* Claim Plugin 2.18.2
* Configuration Slicing Plugin 1.52
* Repository Connector Plugin 2.0.3
* Support Core Plugin 2.72.1

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-02-24/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B3C4F372-E699-4C2A-93C3-0D4469B879DD%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, February 24. The highest severity is 'High'. The most popular 
included plugin is installed on between 3% and 10% of known instances.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/BA2AB797-17F1-4AB7-8A07-00A8F47E845D%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Active Directory Plugin 2.20
* Ansible Plugin 1.1
* AppSpider Plugin 1.0.13
* AWS Global Configuration Plugin 1.6
* Azure Key Vault Plugin 2.1
* Kubernetes Plugin 1.27.4
* Mercurial Plugin 2.12
* SQLPlus Script Runner Plugin 2.0.13
* Subversion Plugin 2.13.2
* Visualworks Store Plugin 1.1.4

Additionally, we announce unresolved security issues in the following plugins:

* FindBugs Plugin
* Mail Commander Plugin for Jenkins-ci Plugin
* Static Analysis Utilities Plugin
* VMware Lab Manager Slaves Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-11-04/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B5AA5E41-D7CE-470C-BB28-5D1AA75A30C3%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, November 4. The highest severity is 'Critical'. The most popular 
included plugin is installed on between 10% and 25% of known instances. The 
advisory includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/F67A40B8-7048-4BB2-8450-9253F8CEA25A%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Active Choices Plugin 2.5
* Audit Trail Plugin 3.7
* couchdb-statistics Plugin 0.4
* Role-based Authorization Strategy Plugin 3.1

Additionally, we announce unresolved security issues in the following plugins:

* Maven Cascade Release Plugin
* Nerrvana Plugin
* Persona Plugin
* Release Plugin
* Shared Objects Plugin
* SMS Notification Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-10-08/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/389A5F4B-7FD7-4047-B1E9-0D7617DF9AC5%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Thursday, October 8. The highest severity is 'High'. The most popular included 
plugin is installed on between 25% and 75% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/68647C93-6397-4356-8220-B9A9284D3046%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Implied Labels Plugin 0.7
* Liquibase Runner Plugin 1.4.8
* Lockable Resources Plugin 2.9
* Script Security Plugin 1.75
* Warnings Plugin 5.0.2

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-09-23/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/21E29A0E-223E-4D4D-AEA1-84DF7A5E1402%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, September 23. The highest severity is 'High'. The most popular 
included plugin is installed on more than 75% of known instances. 

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/C3AD3448-DA4C-446D-BC92-013579CB3389%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Blue Ocean Plugin 1.23.3
* computer-queue-plugin Plugin 1.6
* Email Extension Plugin 2.76
* Health Advisor by CloudBees Plugin 3.2.1
* Mailer Plugin 1.32.1
* Perfecto Plugin 1.18
* Pipeline Maven Integration Plugin 3.9.3
* Validating String Parameter Plugin 2.5

Additionally, we announce unresolved security issues in the following plugins:

* Android Lint Plugin
* chosen-views-tabbar Plugin
* ClearCase Release Plugin
* Copy data to workspace Plugin
* Coverage/Complexity Scatter Plot Plugin
* Custom Job Icon Plugin
* Description Column Plugin
* ElasTest Plugin
* Locked Files Report Plugin
* MongoDB Plugin
* Radiator View Plugin
* Selection tasks Plugin
* Storable Configs Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-09-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/98A57605-5046-459E-91EB-70BB13C9D114%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, September 16. The highest severity is 'High' and affects plugins 
installed on between 3% and 10% of known instances. The most popular included 
plugins are installed on more than 75% of known instances and have 'Medium' 
severity issues. The advisory includes issues that will be published without a 
fix as outlined at https://www.jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/BEAC0D3F-9AB6-4F7A-9A1D-9C4B2038AA5A%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Build Failure Analyzer Plugin 1.27.1
* Cadence vManager Plugin 3.0.5
* database Plugin 1.7
* Git Parameter Plugin 0.9.13
* Parameterized Remote Trigger Plugin 3.1.4
* SoapUI Pro Functional Testing Plugin 1.4

Additionally, we announce unresolved security issues in the following plugins:

* JSGames Plugin
* Klocwork Analysis Plugin
* SoapUI Pro Functional Testing Plugin
* Team Foundation Server Plugin
* Valgrind Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-09-01/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/77343BED-ECAF-4373-9E6C-3A5BCB3ED375%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, September 1. The highest severity is 'High'. The most popular included 
plugin is installed on between 10% and 25% of known instances. The advisory 
includes issues that will be published without a fix as outlined at 
https://jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/BD6D09D9-7F6E-4675-884D-0C642C14D181%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Thursday, July 2. The highest severity is 'High' and affects plugins installed 
on less than 1% of known instances. The most popular included plugins are 
installed on between 1% and 3% of known instances and have 'Medium' severity 
issues. The advisory includes issues that will be published without a fix as 
outlined at https://jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CE4D3443-4E26-4FCD-95ED-AE7C28010CB2%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Compact Columns Plugin 1.12
* ECharts API Plugin 4.7.0-4
* Script Security Plugin 1.73
* Self-Organizing Swarm Plug-in Modules Plugin 3.21

Additionally, we announce unresolved security issues in the following plugins:

* Play Framework Plugin
* Project Inheritance Plugin
* Selenium Plugin
* Subversion Partial Release Manager Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2020-06-03/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/44C6C80A-EAF4-4999-A3E4-1CC6811E9ECF%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, June 3. The highest severity is 'High' and affects plugins installed 
on between 1% and 3% of known instances. The most popular included plugins are 
installed on more than 75% of known instances and have 'Medium' severity 
issues. The advisory includes issues that will be published without a fix as 
outlined at https://jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/6F474302-35E6-4D69-8D26-65C75484FE57%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, May 6. The highest severity is 'High' and affects plugins installed 
on less than 1% of known instances. The most popular included plugins are 
installed on more than 75% of known instances and have 'Medium' severity issues.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/80A3F0F0-DC48-4300-ABEB-2A43AAFAEA13%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* AWS SAM Plugin 1.2.3
* Copr Plugin 0.6.1
* Parasoft Findings Plugin 10.4.4
* Yaml Axis Plugin 0.2.1

Please see the advisory for more information:
https://jenkins.io/security/advisory/2020-04-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/45EB0883-70A1-4C15-8E3D-46425322BBBA%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Thursday, April 16. The highest severity is 'High'. The most popular included 
plugin is installed on less than 1% of known instances.

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/C965DD33-6EDC-4DC2-A9E5-AFF49CFEC486%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* AWSEB Deployment Plugin 0.3.20
* Code Coverage API Plugin 1.1.5
* FitNesse Plugin 1.33
* Gatling Plugin 1.3.0
* useMango Runner Plugin 1.5

Please see the advisory for more information: 
https://jenkins.io/security/advisory/2020-04-07/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/1D9CB524-4F76-48E7-849E-D82683C128D1%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, April 7. The highest severity is 'High'. The most popular included 
plugin is installed on between 3% and 10% of known instances. The advisory may 
include issues that will be published without a fix as outlined at 
https://jenkins.io/security/plugins/

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/1FF2A650-8876-4A98-85DF-51D6EDEA3B23%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Wednesday, February 12. The highest severity is 'High'. The most popular 
included plugin has more than 200,000 reported installations. The advisory 
includes issues that will be published without a fix as outlined at 
https://jenkins.io/security/#vulnerabilities-in-plugins

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/805A8C11-5A10-4457-8706-C2CE3242337A%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Amazon EC2 Plugin 1.48
* Health Advisor by CloudBees Plugin 3.0.1
* Redgate SQL Change Automation Plugin 2.0.5
* Robot Framework Plugin 2.0.1

Additionally, we announce unresolved security issues in the following plugins:

* Gitlab Hook Plugin
* Sounds Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2020-01-15/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/089D18E3-72DD-4192-902C-7EDBFB79C3B4%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Wadeck Follonier]

The Jenkins project will publish a security advisory for Jenkins plugins on
Wednesday, January 15. The highest severity is 'High' and affects plugins
with between 5,000 and 10,000 reported installations. The most popular
included plugins have between 10,000 and 25,000 reported installations and
have 'Medium' severity issues. The advisory includes issues that will be
published without a fix as outlined at
https://jenkins.io/security/#vulnerabilities-in-plugins.

This affects only Jenkins plugins, there will be no corresponding security
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAAWM14dryDcorfpaQX3HouD9FmwxRzNrkq5-xarKoVgcasuwjw%40mail.gmail.com.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Build Failure Analyzer Plugin 1.24.2
* Gerrit Trigger Plugin 2.30.2
* Maven Release Plugin 0.16.2
* Pipeline Aggregator View Plugin 1.9
* Redgate SQL Change Automation Plugin 2.0.4
* Rundeck Plugin 3.6.6
* Spira Importer Plugin 3.2.4

Additionally, we announce unresolved security issues in the following plugins:

* Alauda DevOps Pipeline Plugin
* Alauda Kubernetes Suport Plugin
* buildgraph-view Plugin
* Mantis Plugin
* Mission Control Plugin
* RapidDeploy Plugin
* SCTMExecutor Plugin
* Team Concert Plugin
* WebSphere Deployer Plugin
* Weibo Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-12-17/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B6D9D077-B6E8-4408-9BA4-14799C96D14A%40beckweb.net.

Jenkins plugins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins on 
Tuesday, December 17. The highest severity is 'High'. The most popular included 
plugin has between 10,000 and 25,000 reported installations. The advisory 
includes issues that will be published without a fix as outlined at 
https://jenkins.io/security/#vulnerabilities-in-plugins

This affects only Jenkins plugins, there will be no corresponding security 
update for Jenkins itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/6C3018A6-DB59-4EA4-8292-22372B9962A2%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released to fix security 
vulnerabilities:

* Aqua Security Serverless Scanner Plugin 1.0.5
* Beaker builder Plugin 1.10
* Build Environment Plugin 1.7
* Dashboard View Plugin 2.12
* Git client Plugin 2.8.5
* Script Security Plugin 1.63

Please see the advisory for more information:

https://jenkins.io/security/advisory/2019-09-12/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/0CDFD0F7-2555-4B1A-BB3E-EA3ACEA7359A%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released to fix security 
vulnerabilities:

* Amazon EC2 Plugin 1.44
* Configuration as Code Plugin 1.25
* Google Kubernetes Engine Plugin 0.6.3
* Maven Integration Plugin 3.4
* Maven Release Plug-in Plugin 0.15.0
* Pipeline: Shared Groovy Libraries Plugin 2.15
* Script Security Plugin 1.62
* Skytap Cloud CI Plugin 2.07

Please see the advisory for more information:

https://jenkins.io/security/advisory/2019-07-31/


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/7534BFEB-3643-409F-9A9A-66EFD9642C7D%40beckweb.net.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released to fix security 
vulnerabilities:

* ElectricFlow Plugin 1.1.7
* JX Resources Plugin 1.0.37
* Token Macro Plugin 2.8

Please see the advisory for more information:

https://jenkins.io/security/advisory/2019-06-11/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/1BF8B6B7-9A07-418E-B2CF-2A9BF8849441%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates fix security vulnerabilities:

* Azure PublisherSettings Credentials Plugin 1.5
* GitLab Plugin 1.5.12
* jira-ext Plugin 0.9
* ontrack Jenkins Plugin 3.4.1

We also announce unresolved security issues in the following plugins:

* XebiaLabs XL Deploy Plugin

Please see the advisory and announcement blog post for more information:

https://jenkins.io/security/advisory/2019-04-17/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have recently been released to fix 
security vulnerabilities:

* Netsparker Cloud Scan Plugin 1.1.6
* Youtrack Plugin 0.7.2 

We also announce unresolved security issues in the following plugins:

* Amazon SNS Build Notifier Plugin
* Aqua Security Scanner Plugin
* Assembla Auth Plugin
* Audit to Database Plugin
* AWS CloudWatch Logs Publisher Plugin
* AWS Elastic Beanstalk Publisher Plugin
* aws-device-farm Plugin
* Bitbucket Approve Plugin
* Bugzilla Plugin
* Chef Sinatra Plugin
* CloudCoreo DeployTime Plugin
* CloudShare Docker-Machine Plugin
* crittercism-dsym Plugin
* Crowd Integration Plugin
* DeployHub Plugin
* Diawi Upload Plugin
* Fabric Beta Publisher Plugin
* FTP publisher Plugin
* Gearman Plugin
* HockeyApp Plugin
* Hyper.sh Commons Plugin
* IRC Plugin
* Jabber Server Plugin
* jenkins-cloudformation-plugin Plugin
* jenkins-reviewbot Plugin
* Jira Issue Updater Plugin
* Klaros-Testmanagement Plugin
* Kmap Plugin
* Koji Plugin
* mabl Plugin
* Minio Storage Plugin
* Nomad Plugin
* OctopusDeploy Plugin
* Official OWASP ZAP Plugin
* Open STF Plugin
* openid Plugin
* OpenShift Deployer Plugin
* Perfecto Mobile Plugin
* Relution Enterprise Appstore Publisher Plugin
* Sametime Plugin
* Serena SRA Deploy Plugin
* SOASTA CloudTest Plugin
* StarTeam Plugin
* TestFairy Plugin
* Trac Publisher Plugin
* Upload to pgyer Plugin
* veracode-scanner Plugin
* VMware Lab Manager Slaves Plugin
* VMware vRealize Automation Plugin
* VS Team Services Continuous Deployment Plugin
* WebSphere Deployer Plugin
* WildFly Deployer Plugin
* Zephyr Enterprise Test Management Plugin

Please see the advisory and announcement blog post for more information:

https://jenkins.io/security/advisory/2019-04-03/
https://jenkins.io/blog/2019/04/03/security-advisory/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released today to fix security 
vulnerabilities:

* Script Security Plugin 1.53
* Cloud Foundry Plugin 2.3.2

We recommend that administrators update Script Security Plugin as soon as 
possible.

Additionally we announce security fixes in these previously released plugin 
updates:

* Acunetix Plugin 1.1.0 (released 2018-10-24)
* Arxan MAM Publisher Plugin 2.0 (released 2018-11-14)
* ElectricFlow Plugin 1.1.5 (released 2018-12-19)
* JMS Messaging Plugin 1.1.2 (released 2019-02-11)
* Mattermost Notification Plugin 2.6.3 (released 2019-02-12)
* OctopusDeploy Plugin 1.9.0 (released 2018-11-05)

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-02-19/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released today to fix security 
vulnerabilities:

* Active Directory Plugin 2.11
* Blue Ocean Plugin 1.10.2
* Config File Provider Plugin 3.5
* Git Plugin 3.9.2
* Groovy Plugin 2.1
* Job Import Plugin 3.1
* Script Security Plugin 1.51
* Token Macro Plugin 2.6
* Warnings Plugin 5.0.1
* Warnings Next Generation Plugin 2.1.2

Additionally we announce security fixes in these previously released plugin 
updates:

* GitHub Authentication Plugin 0.31 (released 2018-12-07)
* Job Import Plugin 3.0 (released 2018-05-30)
* Kanboard Plugin 1.5.11 (released 2018-09-25)
* Monitoring Plugin 1.75.0 (released 2018-12-09)
* OpenId Connect Authentication Plugin 1.5 (released 2019-01-20)
* Warnings Next Generation Plugin 2.0.0 (released 2019-01-20)

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-01-28/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released today to fix security 
vulnerabilities:

* Pipeline: Declarative Plugin 1.3.4.1
* Pipeline: Groovy Plugin 2.61.1
* Script Security Plugin 1.50

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-01-08/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released today to fix security 
vulnerabilities:

* Pipeline: Groovy 2.60
* Script Security 1.48

Please see the advisory for more information:
https://jenkins.io/security/advisory/2018-10-29/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released today to fix security 
vulnerabilities:

* Config File Provider Plugin 3.2
* Crowd 2 Integration Plugin 2.0.1
* Email Extension Template Plugin 1.1
* HipChat Plugin 2.2.1
* JIRA Plugin 3.0.2
* Job Configuration History Plugin 2.18.1
* JUnit Plugin 1.26
* mesos Plugin 0.18.1
* MQ Notifier Plugin 1.2.7
* Rebuilder Plugin 1.29

Additionally, we're announcing security fixes in these previous plugin releases:

* Arachni Scanner Plugin 1.0.0 (published 2018-09-05)
* Argus Notifier Plugin 1.0.2 (published 2018-08-10)
* Artifactory Plugin 2.16.2 (published 2018-07-09)
* Chatter Notifier Plugin 2.0.5 (published 2018-08-13)
* Dimensions Plugin 0.8.15 (published 2018-09-12)
* Git Changelog Plugin 2.7 (published 2018-08-22)
* Monitoring Plugin 1.74.0 (published 2018-09-04)
* PAM Authentication Plugin 1.4 (published 2018-08-22)
* Publish Over Dropbox Plugin 1.2.5 (published 2018-09-24)
* SonarQube Scanner Plugin 2.8.1 (published 2018-09-18)

We also announce unresolved security issues in the following plugins:

* Metadata Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2018-09-25/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins plugins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released today to fix security 
vulnerabilities:

* Google Login 1.3.1
* HTML Publisher 1.16

Additionally, we're announcing security fixes in these previous plugin releases:

* Email Extension 2.62 (released 2018-03-23)
* S3 Publisher Plugin 0.11.0 (released 2018-02-08)

Please see the advisory for more information:
https://jenkins.io/security/advisory/2018-04-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.