Jenkins upgrade due to critical security notice
Eyal Edri
eedri at redhat.com
Fri Nov 23 09:38:14 UTC 2012
fyi,
i've upgraded jenkins.ovirt.org to latest LTS version, due to security alert. [1]
jenkins is now running 1.480.1
changelog:
What's new in 1.480.1 (2012/11/17)
FilePath.validateAntFileMask too slow for /configure (issue 7214)
java.io.InvalidClassException (issue 14667)
Log recorders do not work reliably (issue 15226)
Invalid JSON is produced during remote api operations when a changeSet contains duplicate keys. (issue 13336)
Memory exhaustion parsing large test stdio from Surefire (issue 15382)
Fixed security vulnerabilities. (SECURITY-43,SECURITY-44,SECURITY-45)
Eyal Edri.
[1]
----- Forwarded Message -----
From: "Kohsuke Kawaguchi" <kk at kohsuke.org>
To: "Jenkins advisories" <jenkinsci-advisories at googlegroups.com>
Sent: Wednesday, November 21, 2012 1:14:15 AM
Subject: Security advisory in Jenkins core
We've identified and fixed several high vulnerabilities in Jenkins core.
This affects all the releases to date:
- mainline release <= 1.490
- LTS release <= 1.466.2
These vulnerabilities are discovered by Soroush Dalili, and we'd like to
thank him.
Please see [1] for more details. Customers of Jenkins Enterprise by
CloudBees and DEV at cloud, please see the corresponding security advisory
by CloudBees [2].
For more information about security advisories and ways to get notified,
please see [3].
[1]
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
[2]
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
[3] https://wiki.jenkins-ci.org/display/JENKINS/Security+Advisories
--
Kohsuke Kawaguchi http://kohsuke.org/
More information about the Infra
mailing list