Page MenuHomePhabricator
Create Task
Maniphest T359415

Jenkins plugins security advisory 2024-03-06
Closed, ResolvedPublic
Actions

Description

The following Jenkins plugin updates contain fixes for security vulnerabilities:

  • AppSpider Plugin 1.0.17
  • Bitbucket Branch Source Plugin 871.v28d74e8b_4226
  • Delphix Plugin 3.0.2 and 3.1.1
  • HTML Publisher Plugin 1.32.1
  • MQ Notifier Plugin 1.4.1
  • OWASP Dependency-Check Plugin 5.4.6
  • Trilead API Plugin 2.141.v284120fd0c46

Additionally, we announce unresolved security issues in the following plugins:

  • Build Monitor View Plugin
  • docker-build-step Plugin
  • GitBucket Plugin
  • iceScrum Plugin
  • Subversion Partial Release Manager Plugin

Please see the advisory for more information:
https://www.jenkins.io/security/advisory/2024-03-06/

Details

TitleReferenceAuthorSource BranchDest Branch
jenkins-rel: updating plugin versions to address vulnerabilitiesrepos/releng/jenkins-deploy!49jnucheT359415master
Customize query in GitLab

Event Timeline

jnuche created this task.Mar 6 2024, 4:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 6 2024, 4:11 PM
jnuche added a comment.Mar 6 2024, 4:42 PM

Releases instance has affected plugins:

In the case of the CI instance, only https://plugins.jenkins.io/trilead-api

CodeReviewBot added a project: Patch-For-Review.Mar 6 2024, 5:05 PM

jnuche opened https://gitlab.wikimedia.org/repos/releng/jenkins-deploy/-/merge_requests/49

jenkins-rel: updating plugin versions to address vulnerabilities

CodeReviewBot added a comment.Mar 6 2024, 6:00 PM

jnuche merged https://gitlab.wikimedia.org/repos/releng/jenkins-deploy/-/merge_requests/49

jenkins-rel: updating plugin versions to address vulnerabilities

Maintenance_bot removed a project: Patch-For-Review.Mar 6 2024, 6:30 PM
jnuche added a comment.Mar 6 2024, 6:48 PM

I've updated the releases instance.

I'll do the CI instance as soon as I can find the time.

jnuche closed this task as Resolved.Mar 7 2024, 10:39 AM
jnuche claimed this task.

Both instances have now been updated.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits