#46: upgrade jenkins.ovirt.org to latest LTS version -----------------------+------------------------ Reporter: eedri | Owner: infra@… Type: outage | Status: new Priority: critical | Milestone: oVirt 3.3 Component: Jenkins | Version: Production Severity: High | Keywords: Blocked By: | Blocking: -----------------------+------------------------ due to recent security vulnerabilities we must upgrade our jenkins master server. What's new in 1.509.1 (2013/05/01) FilePath.installIfNecessaryFrom routes download over remoting channel (issue 17330) Add 'Are you sure' on Reload configuration from disk (issue 15340) MavenAbstractArtifactRecord.doRedeploy should require POST (SECURITY-69) Hover-over "Build Now" broken for parameterized jobs: "This page expects a form submission" (issue 17110) XSS issue, where an internal attacker can cause a remote stylesheet to be loaded and containing scripts executed. (SECURITY-67) CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer (SECURITY-71) Jenkins.doEval checks ADMINISTER rather than RUN_SCRIPTS; doScript CSRF (SECURITY-63) Jenkins is no more WinXP compliant : CreateSymbolicLinkW is not available (issue 17343) probably best to backup the configuration 1st and then upgrade. -- Ticket URL: <https://fedorahosted.org/ovirt/ticket/46> ovirt <http://www.ovirt.org/> oVirt - virtualization made easy.