Update Jenkins to fix security vulnerabilities

[destijl]

It looks like this currently deploys Jenkins 2.7.2 which was released in May 2016: https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes/blob/master/jenkins/k8s/jenkins.yaml#L29

Since then there have been a number of very serious security vulnerabilities, including remote code execution: https://jenkins.io/security/advisories/ https://jenkins.io/security/advisory/2016-11-16/ https://jenkins.io/security/advisory/2017-02-01/

Can we please get it updated to the latest release? Latest on dockerhub is 2.60.1

[tylerl]

I'd recommend using the :latest label in all codelabs and documentation where it wouldn't be problematic to do so. Beginners should use :latest so as to optimize for safety.

Pinning to a specific version number should be considered an advanced mode of operation to be undertaken only by admins who have both the expertise and the time to monitor health and activities of underlying project so as to be able to know when it's necessary to update.

[viglesiasce]

Thanks for bringing this up @destijl. I'll work on patching this up ASAP.

@tylerl unfortunately Jenkins and its plugins are a case where being on latest would be problematic. It has been the case that updating Jenkins has required plugin updates and vice-versa.

I will be moving to using the Jenkins chart such that the Jenkins and plugin versions can be easily updated and verified in sync.

[viglesiasce]

From my testing so far swapping out the current image for jenkinsci/jenkins:2.67 works for the flow in this tutorial so I'll likely push that change today and then update to use the Helm chart moving forward.

[viglesiasce]

Updated to 2.67 in #88