search

nodejs / build

Better build and test infra for Node.
504 stars 165 forks source link

Jenkins plugins security advisory (Nov 4) #2470

Closed rvagg closed 3 years ago

rvagg commented 3 years ago

The Jenkins project will publish a security advisory for Jenkins plugins on Wednesday, November 4. The highest severity is 'Critical'. The most popular included plugin is installed on between 10% and 25% of known instances. The advisory includes issues that will be published without a fix as outlined at https://www.jenkins.io/security/plugins/

Depending on what the "Critical" is and whether it impacts something we're running, this update will either be done ASAP (by me or someone else who has access and gets these alerts), or I'll just wait until the slow period in my mid-afternoon when I usually do these updates (Jenkins' quietest time of day, basically nobody is around).

rvagg commented 3 years ago

Updated jenkins and plugins today, it was a bit awkward with timing, probably too late in the day because I was bumping up against people's jobs, and I had to cancel a bunch of auto-jobs that kept on getting into the queue so benchmarks and coverage will be missing from today.

Both went from jenkins v2.249.2 to v2.249.3. Plugins updated:

ci-release

Bootstrap 4 API 4.5.3-1 <- 4.5.2-1 Branch API 2.6.1 <- 2.6.0 Command Agent Launcher 1.5 <- 1.4 Copy Artifact 1.45.2 <- 1.45.1 Credentials Binding 1.24 <- 1.23 ECharts API 4.9.0-2 <- 4.9.0-1 Font Awesome API 5.15.1-1 <- 5.14.0-1 Git 4.4.5 <- 4.4.4 GitHub 1.32.0 <- 1.31.0 JQuery3 API 3.5.1-2 <- 3.5.1-1 JUnit 1.43 <- 1.38 Matrix Authorization Strategy 2.6.4 <- 2.6.3 Maven Integration 3.8 <- 3.7 Pipeline: Groovy 2.84 <- 2.83 Pipeline: Step API 2.23 <- 2.22 Plugin Utilities API 1.4.0 <- 1.2.5 Popper.js API 1.16.0-7 <- 1.16.0-6 SubversioSource Code Management 2.13.2 <- 2.13.1 (security) Timestamper 1.11.8 <- 1.11.5 Trilead API 1.0.12 <- 1.0.11

ci

Ansible 1.1 <- 1.0 (SECURITY) Bitbucket Pipeline for Blue Ocean 1.24.3 <- 1.24.1 Blue Ocean 1.24.3 <- 1.24.1 Blue Ocean Core JS 1.24.3 <- 1.24.1 Blue Ocean Pipeline Editor 1.24.3 <- 1.24.1 Bootstrap 4 API 4.5.3-1 <- 4.5.2-1 Branch API 2.6.1 <- 2.6.0 Command Agent Launcher 1.5 <- 1.4 Common API for Blue Ocean 1.24.3 <- 1.24.1 Config API for Blue Ocean 1.24.3 <- 1.24.1 Copy Artifact 1.45.2 <- 1.45.1 Credentials Binding 1.24 <- 1.23 Dashboard for Blue Ocean 1.24.3 <- 1.24.1 Dashboard View 2.14 <- 2.13 Blue Ocean Executor Info 1.24.3 <- 1.24.1 Design Language 1.24.3 <- 1.24.1 ECharts API 4.9.0-2 <- 4.9.0-1 Email Extension 2.79 <- 2.77 Email Extension Template 1.2 <- 1.1 Events API for Blue Ocean 1.24.3 <- 1.24.1 Font Awesome API 5.15.1-1 <- 5.14.0-1 Git 4.4.5 <- 4.4.4 Git Pipeline for Blue Ocean 1.24.3 <- 1.24.1 GitHub 1.32.0 <- 1.31.0 GitHub Pipeline for Blue Ocean 1.24.3 <- 1.24.1 i18n for Blue Ocean 1.24.3 <- 1.24.1 JIRA Integration for Blue Ocean 1.24.3 <- 1.24.1 JQuery3 API 3.5.1-2 <- 3.5.1-1 JUnit 1.43 <- 1.38 JWT for Blue Ocean 1.24.3 <- 1.24.1 Matrix Authorization Strategy 2.6.4 <- 2.6.3 Maven Integration 3.8 <- 3.7 Mercurial 2.12 <- 2.10 (SECURITY) Source Code Management 2.11 <- 2.10 Monitoring 1.86.0 <- 1.85.0 Personalization for Blue Ocean 1.24.3 <- 1.24.1 Pipeline implementation for Blue Ocean 1.24.3 <- 1.24.1 Pipeline SCM API for Blue Ocean 1.24.3 <- 1.24.1 Pipeline: Groovy 2.84 <- 2.83 Pipeline: REST API 2.18 <- 2.16 Pipeline: Stage View 2.18 <- 2.16 Pipeline: Step API 2.23 <- 2.22 Plugin Utilities API 1.4.0 <- 1.2.5 Popper.js API 1.16.0-7 <- 1.16.0-6 Publish Over SSH Build ToolsArtifact Uploaders 1.22 <- 1.20.1 REST API for Blue Ocean 1.24.3 <- 1.24.1 REST Implementation for Blue Ocean 1.24.3 <- 1.24.1 Server Sent Events (SSE) Gateway 1.24 <- 1.23 Subversion 2.13.2 <- 2.13.1 (SECURITY) Timestamper 1.11.8 <- 1.11.5 Trilead API 1.0.12 <- 1.0.11 Web for Blue Ocean 1.24.3 <- 1.24.1 xUnit 2.4.0 <- 2.3.9