We've released new versions of Jenkins and Swarm Plugin today to fix several security vulnerabilities.
These vulnerabilities affect all previous releases:
- weekly releases up to and including 2.83
- LTS releases up to and including 2.73.1
- Swarm Plugin (client) up to and including 3.4
We recommend updating to the new releases:
- Jenkins weekly 2.84
- Jenkins LTS 2.73.2**
- Swarm Plugin (client) 3.5
Additionally, the recently released Maven Plugin 3.0 fixes a vulnerability, and distribution of Speaks! Plugin has been suspended due to a vulnerability for which there is no fix available.
Please see the advisory for more details:
https://jenkins.io/security/advisory/2017-10-11/
- Maven Plugin up to and including 2.17
- some arbitrary execution command on the master (we are not affected)
- Update to commons-httpclient which is bundled in several plugins