Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.444
* Jenkins LTS 2.440.2

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2024-03-20/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/2A8F5E7F-EB6D-4D78-A92F-259B5F9CD808%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.442
* Jenkins LTS 2.426.3

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Git server Plugin 99.101.v720e86326c09
* GitLab Branch Source Plugin 688.v5fa_356ee8520
* Matrix Project Plugin 822.824.v14451b_c0fd42
* Qualys Policy Compliance Scanning Connector Plugin 1.0.6
* Red Hat Dependency Analytics Plugin 0.9.0

Additionally, we announce unresolved security issues in the following plugins:

* Log Command Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2024-01-24/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/89CA59E4-CD9B-44E7-9DE3-282516E6FD47%40beckweb.net.

Jenkins security advisory pre-announcement

['Kevin Guerroudj' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS
2.426.3) on Wednesday, January 24. These updates will contain fixes for
security issues present in current versions of Jenkins. The highest
severity is "Critical". The security advisory will be issued at the same
time to provide further information.

Additionally, we will provide a workaround for anyone unable to immediately
update Jenkins.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAKG2iZjiLOPi9GNFv9kDZrEB5nT2khkmEvN7mkXPKL4Fi5A0cw%40mail.gmail.com.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.428
* Jenkins LTS 2.414.3

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-10-18/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/59EC32F5-EE1C-4A6D-910E-C22DB3B5BB7A%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.424
* Jenkins LTS 2.414.2

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Build Failure Analyzer Plugin 2.4.2

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-09-20/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/F96EEAA8-1328-4E57-B80D-E046FBDE8C2A%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.414.2) on Wednesday, September 20. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"High". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/591F2B9D-7657-44E3-9FAD-218AF18CD618%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.416
* Jenkins LTS 2.401.3

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* GitLab Authentication Plugin 1.18
* Gradle Plugin 2.8.1
* Qualys Web App Scanning Connector Plugin 2.0.11
* ServiceNow DevOps Plugin 1.38.1

Additionally, we announce unresolved security issues in the following plugins:

* Bazaar Plugin
* Chef Identity Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-07-26/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B50D1824-4207-4EC9-B349-859BFEEC0A93%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.401.3) on Wednesday, July 26. These updates will contain fixes for security 
issues present in current versions of Jenkins. The highest severity is "High". 
The security advisory will be issued at the same time to provide further 
information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/89DC0B45-BAB3-4275-BA98-33F1FBBE4713%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.400 (released 2023-04-11)
* Jenkins LTS 2.401.1 (released 2023-05-31)

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Checkmarx Plugin 2023.2.6
* Dimensions Plugin 0.9.3.1
* Team Concert Plugin 2.4.2

Additionally, we announce unresolved security issues in the following plugins:

* AWS CodeCommit Trigger Plugin
* Digital.ai App Management Publisher Plugin
* Maven Repository Server Plugin
* Sonargraph Integration Plugin
* Template Workflows Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-06-14/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/875BA1D6-6507-4EC2-9EBA-DF9CD0B03844%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project will publish a security advisory for Jenkins and Jenkins 
plugins on Wednesday, June 14.

It announces a security vulnerability that is already fixed in the latest 
weekly releases and Jenkins LTS 2.401.1. Its severity is 'High'.

Additionally, it announces security issues in Jenkins plugins. The highest 
severity is 'High' and affects plugins installed on less than 1% of known 
instances. The most popular included plugins are installed on between 1% and 3% 
of known instances and have 'Medium' severity issues. The advisory includes 
issues that will be published without a fix as outlined at 
https://www.jenkins.io/security/plugins/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/09F7357F-B41B-4589-BBF3-E2A7B9A4AC9A%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.394
* Jenkins LTS 2.375.4 and 2.387.1

The following Jenkins component updates contain fixes for security 
vulnerabilities:

* update-center2 3.15

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-03-08/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/0C283B1A-1CDE-4C1B-AF10-ADE14ACF7F66%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly, LTS 2.375.4, 
and LTS 2.387.1) on Wednesday, March 8. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"High". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/9DAAECBD-B015-44CC-8AAE-AEB11A5E8970%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins deliverables contain fixes for security vulnerabilities:

* Jenkins controller and agent Docker images

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2023-02-09/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/07A4313D-F2E8-43EE-8379-4BCED6B92B00%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.370 [see footnote 1]

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Anchore Container Image Scanner Plugin 1.0.25
* Compuware Common Configuration Plugin 1.0.15
* NS-ND Integration Performance Publisher Plugin 4.8.0.130

Additionally, we announce unresolved security issues in the following plugins:

* Apprenda Plugin
* BigPanda Notifier Plugin
* Build-Publisher Plugin
* CONS3RT Plugin
* DotCi Plugin
* extreme-feedback Plugin
* NS-ND Integration Performance Publisher Plugin
* RQM Plugin
* Rundeck Plugin
* SCM HttpClient Plugin
* Security Inspector Plugin
* SmallTest Plugin
* View26 Test-Reporting Plugin
* Walti Plugin
* WildFly Deployer Plugin
* Worksoft Execution Manager Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-09-21/


1: This update was not mentioned in the pre-announcement sent yesterday, as it
fixes an issue we've only become aware of after I sent the pre-announcement.
As the issue was being discussed publicly, we decided to publish a fix with
today's advisory. Please note that the issue is very unlikely to be exploitable,
and Jenkins LTS is unaffected.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/87E2AA92-2288-47B3-B967-E11C8311D709%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.263
* Jenkins LTS 2.361.1

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-09-09/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/93A9601D-E867-46B4-A545-D88037244E54%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.356
* Jenkins LTS 2.332.4 and 2.346.1

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Embeddable Build Status Plugin 2.0.4
* Hidden Parameter Plugin 0.0.5
* JUnit Plugin 1119.1121.vc43d0fc45561
* Nested View Plugin 1.26
* Pipeline: Input Step Plugin 449.v77f0e8b_845c4
* REST List Parameter Plugin 1.6.0
* xUnit Plugin 3.1.0

Additionally, we announce unresolved security issues in the following plugins:

* Agent Server Parameter Plugin
* Beaker builder Plugin
* Convertigo Mobile Platform Plugin
* CRX Content Package Deployer Plugin
* Date Parameter Plugin
* Dynamic Extended Choice Parameter Plugin
* EasyQA Plugin
* Filesystem List Parameter Plugin
* Image Tag Parameter Plugin
* Jianliao Notification Plugin
* Maven Metadata Plugin for Jenkins CI server Plugin
* NS-ND Integration Performance Publisher Plugin
* ontrack Jenkins Plugin
* Package Version Plugin
* Readonly Parameter Plugin
* Repository Connector Plugin
* Sauce OnDemand Plugin
* Squash TM Publisher (Squash4Jenkins) Plugin
* Stash Branch Parameter Plugin
* ThreadFix Plugin
* vRealize Orchestrator Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-06-22/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/70DF13BE-9A61-4F5D-A672-D977D790ED72%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly, LTS 2.332.4, 
and LTS 2.346.1) on Wednesday, June 22. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"High". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/BC98B955-5BCA-40D8-B63D-6AF0C17A59A6%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.334
* Jenkins LTS 2.319.3

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-02-09/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/0F40D10A-4667-4D53-ABB7-16635E6FAAEF%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.319.3) on Wednesday, February 9. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"Medium". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B0866B20-7674-4820-B1BE-E37EA16A5692%40beckweb.net.

Jenkins security advisory

['Wadeck Follonier' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.330
* Jenkins LTS 2.319.2

The following Jenkins plugin updates contain fixes for security
vulnerabilities:

* Active Directory Plugin 2.25.1
* Badge Plugin 1.9.1
* Bitbucket Branch Source Plugin 746.v350d2781c184
* Configuration as Code Plugin 1.55.1
* Credentials Binding Plugin 1.27.1
* Docker Commons Plugin 1.18
* HashiCorp Vault Plugin 3.8.0
* Mailer Plugin 408.vd726a_1130320
* Matrix Project Plugin 1.20
* Metrics Plugin 4.0.2.8.1
* SSH Agent Plugin 1.23.2
* Warnings Next Generation Plugin 9.10.3

Additionally, we announce unresolved security issues in the following
plugins:

* batch task Plugin
* Conjur Secrets Plugin
* Debian Package Builder Plugin
* Publish Over SSH Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2022-01-12/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAAWM14dSML0kYU1SL9882M1mZjJHieYGjVUu_YzV13YcomCJdg%40mail.gmail.com.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.319.2) on Wednesday, January 12. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"Medium". The security advisory will be issued at the same time to provide 
further information.

Additionally, we will announce security issues in plugins in this security 
advisory. The highest severity is "High" and these issues affect plugins 
installed on more than 75% of known instances.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/8514BA49-D834-4808-B650-6AF085DCB927%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.319
* Jenkins LTS 2.303.3

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Subversion Plugin 2.15.1

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-11-04/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/2961ECFD-1B6E-468C-AB98-1B0BB55B3694%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.303.3) on Thursday, November 4. These updates will contain fixes for security 
issues present in current versions of Jenkins. The highest severity is 
"Critical". The security advisory will be issued at the same time to provide 
further information.

Additionally, we will provide a workaround for anyone unable to immediately 
update Jenkins.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/6125D95B-82C0-4952-B055-85FE34F1387E%40beckweb.net.

Jenkins security advisory

['Wadeck Follonier' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.315
* Jenkins LTS 2.303.2

The following Jenkins plugin updates contain fixes for security
vulnerabilities:

* Git Plugin 4.8.3

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-10-06/


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAAWM14d_TQ8LdNEYWtk-ZdRDE1Cuo3ytjsCH-FgEsYQHPfaQEw%40mail.gmail.com.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.303.2) on Wednesday, October 6. These updates will contain fixes for security 
issues present in current versions of Jenkins. The highest severity is 
"Medium". The security advisory will be issued at the same time to provide 
further information.

Additionally, we will announce fixes for security issues in plugins in this 
security advisory. The highest severity is "High" and these issues affect 
plugins installed on more than 75% of known instances.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/710D67F5-8184-468B-8446-EFEC793AD273%40beckweb.net.

Jenkins security advisory

['Daniel Beck' via Jenkins Advisories]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.300
* Jenkins LTS 2.289.2

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* CAS Plugin 1.6.1
* requests-plugin 2.2.7, 2.2.8, and 2.2.13
* Selenium HTML report Plugin 1.1

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-06-30/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/04785AC0-97EF-4519-97FC-552880166E49%40beckweb.net.

Jenkins security advisory pre-announcement

['Daniel Beck' via Jenkins Advisories]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.289.2) on Wednesday, June 30. These updates will contain fixes for security 
issues present in current versions of Jenkins. The highest severity is "High". 
The security advisory will be issued at the same time to provide further 
information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/D666209E-145B-41F8-A5DE-B7A18AC719DF%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.286
* Jenkins LTS 2.277.3

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-04-20/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/EB0AA451-705F-4BD7-B416-45F9370C114D%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.287
* Jenkins LTS 2.277.2

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Micro Focus Application Automation Tools Plugin 6.8
* promoted builds Plugin 3.9.1

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-04-07/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/2D475096-4D91-481B-B54F-6CEB9124950B%40beckweb.net.

Jenkins security advisory pre-announcement

[Daniel Beck]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.277.2) on Wednesday, April 7. These updates will contain fixes for security 
issues present in current versions of Jenkins. The highest severity is 
"Medium". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/35777D07-DC76-4B8F-B86A-D97D1F26CFC0%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.280

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-02-19/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/98676155-E9A9-4FB2-8CAA-6AEE980B7F6E%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.276
* Jenkins LTS 2.263.3

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-01-26/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/EBD0F964-B563-479F-8D72-EB19D97C2057%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.275
* Jenkins LTS 2.263.2

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Bumblebee HP ALM Plugin 4.1.6
* TICS Plugin 2020.3.0.7
* TraceTronic ECU-TEST Plugin 2.24

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2021-01-13/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/424DA9FF-F325-495C-8685-C1AC2893F0C6%40beckweb.net.

Jenkins security advisory pre-announcement

[Daniel Beck]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.263.2) on Wednesday, January 13. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"High". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/3D810A4B-2101-4524-82B4-03F1AC64CFA4%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Chaos Monkey Plugin 0.4 and 0.4.1
* CVS Plugin 2.17
* Plugin Installation Manager Tool 2.2.0
* Shelve Project Plugin 3.1

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-12-03/?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B72B128F-679D-46C0-9543-292F31122016%40beckweb.net.

Jenkins security advisory pre-announcement

[Daniel Beck]

The Jenkins project will publish a security advisory for Jenkins plugins and 
other components on Thursday, December 3. The highest severity is 'High'. The 
most popular included plugin is installed on between 10% and 25% of known 
instances.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/FFC5B567-CE45-4FC3-A19D-878ABF6C4CB6%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.243 (originally released 2020-06-30)
* Jenkins LTS 2.235.5

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-08-17/?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/DF1CF1E7-1FB4-4239-9AF4-0EC465A025A9%40beckweb.net.

Jenkins security advisory pre-announcement

[Daniel Beck]

The Jenkins project plans to publish a new Jenkins LTS release (2.235.5) next 
week (week of August 17). This update will contain a fix for a security issue 
present in the current version of Jenkins LTS. The severity is "Critical". The 
security advisory will be issued at the same time to provide further 
information. We plan to publish the release as soon as it's ready, so we are 
unable to provide an exact release date beforehand.

The current release of Jenkins (weekly) is unaffected by this issue.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/3368481D-F80F-48B2-A3F9-1771DFE91C85%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.252
* Jenkins LTS 2.235.4

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Email Extension Plugin 2.74
* Pipeline Maven Integration Plugin 3.8.3
* Yet Another Build Visualizer Plugin 1.12

Additionally, we announce unresolved security issues in the following plugins:

* Flaky Test Handler Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2020-08-12/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/D60947A0-9656-42C4-877A-6C571F6605D5%40beckweb.net.

Jenkins security advisory pre-announcement

[Daniel Beck]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.235.4) on Wednesday, August 12. These updates will contain fixes for security 
issues present in current versions of Jenkins. The highest severity is "High". 
The security advisory will be issued at the same time to provide further 
information.

If you are currently using Jenkins LTS 2.235.2 or older installed from our 
Debian or Red Hat package repositories, we recommend updating to 2.235.3 now to 
ensure you're set up to apply the 2.235.4 update. See 
https://www.jenkins.io/doc/upgrade-guide/2.235/#repository-signing-key-update 
for details.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/8526DD92-26C3-4399-9D3A-46BB0198621E%40beckweb.net.

Jenkins security advisory

[Wadeck Follonier]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.245
* Jenkins LTS 2.235.2

The following Jenkins plugin updates contain fixes for security
vulnerabilities:

* Deployer Framework Plugin 1.3
* Gitlab Authentication Plugin 1.6
* Matrix Authorization Strategy Plugin 2.6.2
* Matrix Project Plugin 1.17

Please see the advisory for more information:
https://jenkins.io/security/advisory/2020-07-15/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAAWM14fUH0uA7e2LO%3DX8tjuoKQVjbCouiGH4-tsqOwSe5qiayA%40mail.gmail.com.

Jenkins security advisory pre-announcement

[Wadeck Follonier]

The Jenkins project plans to publish new Jenkins releases (2.245, LTS
2.235.2) on Wednesday, July 15. These updates will contain fixes for
security issues present in current versions of Jenkins. The highest
severity is "High". The security advisory will be issued at the same time
to provide further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/CAAWM14dRfzF%2BW-F5zgHLzBkfraAGBOjD99XDQVzQdLcwwpsJKA%40mail.gmail.com.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.228
* Jenkins LTS 2.204.6 and 2.222.1

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Artifactory Plugin 3.6.0 and 3.6.1
* Azure Container Service Plugin 1.0.2
* OpenShift Pipeline Plugin 1.0.57
* Pipeline: AWS Steps Plugin 1.41
* Queue cleanup Plugin 1.4
* RapidDeploy Plugin 4.2.1

Please see the advisory for more information: 
https://jenkins.io/security/advisory/2020-03-25/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/EAD65782-2829-4603-92CE-BB522FFC614C%40beckweb.net.

Jenkins security advisory pre-announcement

[Daniel Beck]

The Jenkins project plans to publish new Jenkins releases (weekly, LTS 2.204.6, 
and LTS 2.222.1) on Wednesday, March 25. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"High". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/57C39582-376F-4C3A-983C-153EB3C3B0D8%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates contain fixes for security vulnerabilities:

* Jenkins 2.219
* Jenkins LTS 2.204.2

The following Jenkins plugin updates contain fixes for security vulnerabilities:

* Code Coverage API Plugin 1.1.3
* Fortify Plugin 19.2.30

Additionally, we announce unresolved security issues in the following plugins:

* WebSphere Deployer Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2020-01-29/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/ADAE230A-9F19-4AD6-920C-1E5EB5BD113D%40beckweb.net.

Jenkins security advisory pre-announcement

[Daniel Beck]

The Jenkins project plans to publish new Jenkins releases (weekly and LTS 
2.204.2) on Wednesday, January 29. These updates will contain fixes for 
security issues present in current versions of Jenkins. The highest severity is 
"High". The security advisory will be issued at the same time to provide 
further information.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/63175E9A-4E47-42AF-8376-B071FD15BCC5%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released to fix security 
vulnerabilities:

* Anchore Container Image Scanner Plugin 1.0.20
* Google Compute Engine Plugin 4.2.0
* JIRA Plugin 3.0.11
* QMetry for JIRA - Test Management Plugin 1.13
* Script Security Plugin 1.68
* Spira Importer Plugin 3.2.3
* Support Core Plugin 2.64

Additionally, we announce unresolved security issues in the following plugins:

* QMetry for JIRA - Test Management Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-11-21/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/B015C3A0-B441-4B93-837E-F84798315892%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released to fix security 
vulnerabilities:

* Bitbucket OAuth Plugin 0.10
* Dynatrace Application Monitoring Plugin 2.1.4
* Mattermost Notification Plugin 2.7.1
* Zulip Plugin 1.1.1

Additionally, we announce unresolved security issues in the following plugins:

* 360 FireLine Plugin
* build-metrics Plugin
* Deploy WebLogic Plugin
* Dynatrace Application Monitoring Plugin
* ElasticBox Jenkins Kubernetes CI/CD Plugin
* Global Post Script Plugin
* Libvirt Slaves Plugin
* Sonar Gerrit Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-10-23/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/EAE412CF-437B-4B27-B645-A9B1D738AA75%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins plugin updates have been released to fix security 
vulnerabilities:

* Bumblebee HP ALM Plugin 4.1.4
* Cadence vManager Plugin 2.7.1
* CRX Content Package Deployer Plugin 1.9
* Google Kubernetes Engine Plugin 0.7.1
* Google OAuth Credentials Plugin 0.10
* iceScrum Plugin 1.1.6
* NeoLoad Plugin 2.2.6

Additionally, we announce unresolved security issues in the following plugins:

* Delphix Plugin
* ElasticBox CI Plugin
* Extensive Testing Plugin
* Fortify on Demand Plugin
* Puppet Enterprise Pipeline Plugin
* Oracle Cloud Infrastructure Compute Classic Plugin
* Rundeck Plugin
* SOASTA CloudTest Plugin
* Sofy.AI Plugin
* View26 Test-Reporting Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-10-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/DE53BA99-BCAD-412C-94E8-16F0FD522CF6%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.197
* Jenkins LTS 2.176.4 and 2.190.1

The following Jenkins plugin updates have been released to fix security 
vulnerabilities:

* Aqua MicroScanner Plugin 1.0.8
* Aqua Security Scanner Plugin 3.0.18
* Data Theorem: CI/CD Plugin 1.4.0
* Git Changelog Plugin 2.18
* GitLab Logo Plugin 1.0.4
* Inedo BuildMaster Plugin Plugin 2.5.0
* Inedo ProGet Plugin Plugin 1.3
* Log Parser Plugin 2.1
* NeuVector Vulnerability Scanner Plugin version 1.6
* Project Inheritance Plugin 19.08.02
* Violation Comments to GitLab Plugin 2.29 

Additionally, we announce unresolved security issues in the following plugins: 

* Assembla Plugin
* Azure Event Grid Build Notifier Plugin
* Call Remote Job Plugin
* CodeScan Plugin
* elOyente Plugin
* Gem Publisher Plugin
* Google Calendar Plugin
* Kubernetes :: Pipeline :: Arquillian Steps Plugin
* Kubernetes :: Pipeline :: Kubernetes Steps Plugin
* vFabric Application Director Plugin

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-09-25/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/7B07493B-4155-4C61-B5C7-21294D8F0A40%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.192
* Jenkins LTS 2.176.3

Additionally, the following plugin updates have been released to fix security 
vulnerabilities:

* IBM Application Security on Cloud 1.2.5
* Splunk Plugin 1.8.0

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-08-28/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-advisories/8A6061C4-5DCB-48E7-8BE7-9C5EC0890810%40beckweb.net.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.172
* Jenkins LTS 2.164.2

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-04-10/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.160
* Jenkins LTS 2.150.2

Please see the advisory for more information:
https://jenkins.io/security/advisory/2019-01-16/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.146
* Jenkins LTS 2.138.2

Please see the advisory and announcement blog post for more information:
https://jenkins.io/security/advisory/2018-10-10/
https://jenkins.io/blog/2018/10/10/security-updates/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.138
* Jenkins LTS 2.121.3

Please see the advisory and announcement blog post for more information:
https://jenkins.io/security/advisory/2018-08-15/
https://jenkins.io/blog/2018/08/15/security-updates/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.121
* Jenkins LTS 2.107.3

Additionally, we're announcing security fixes in these previous plugin releases:

* Black Duck Hub Plugin 4.0.0 (released 2018-04-25)
* Groovy Postbuild 2.4 (released 2018-04-25)

We also announce unresolved security issues in the following plugins:

* Gitlab Hook Plugin

Please see the advisory and announcement blog post for more information:
https://jenkins.io/security/advisory/2018-05-09/
https://jenkins.io/blog/2018/05/09/security-advisory/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.116
* Jenkins LTS 2.107.2

Please see the advisory and announcement blog post for more information:
https://jenkins.io/security/advisory/2018-04-11/
https://jenkins.io/blog/2018/04/11/security-updates/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.107
* Jenkins LTS 2.89.4

Please see the advisory and announcement blog post for more information:
https://jenkins.io/security/advisory/2018-02-14/
https://jenkins.io/blog/2018/02/14/security-updates/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The following Jenkins updates have been released to fix security 
vulnerabilities:

* Jenkins weekly 2.95
* Jenkins LTS 2.89.2

Please see the advisory and announcement blog post for more information:
https://jenkins.io/security/advisory/2017-12-14/
https://jenkins.io/blog/2017/12/14/security-update/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

The Jenkins project published a security advisory today:
https://jenkins.io/security/advisory/2017-12-05/

This is not the advisory I announced yesterday, that one is still scheduled for 
tomorrow.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenkins security advisory

[Daniel Beck]

We've released new versions of Jenkins and Swarm Plugin today to fix several 
security vulnerabilities.

These vulnerabilities affect all previous releases:
- weekly releases up to and including 2.83
- LTS releases up to and including 2.73.1
- Swarm Plugin (client) up to and including 3.4

We recommend updating to the new releases:
- Jenkins weekly 2.84
- Jenkins LTS 2.73.2
- Swarm Plugin (client) 3.5

Additionally, the recently released Maven Plugin 3.0 fixes a vulnerability, and 
distribution of Speaks! Plugin has been suspended due to a vulnerability for 
which there is no fix available.

Please see the advisory for more details:
https://jenkins.io/security/advisory/2017-10-11/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Advisories" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-advisories+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.