Thank you very much for replying to my question. We have plan to update Jenkins from 1.409.1 to 1.424.1 in too many mission critical server machines soon. And we have examined many plugins and functions to update Jenkins from 1.409.1 to 1.424.1. If we have to update Jenkins from 1.409.1 to 1.454 immediately, We must reexamine many plugins and functions to prove that there are no problem. By using vast cost. But we don't have enough time and money. So, we can not update Jenkins from 1.409.1 to 1.454(and Jenkins LTS 1.424.6) immediately.
If all pages of Jenkins have the risk of XSS, we should reexamine the above plan. But if only Manage pages have the risk of XSS, we need not update Jenkins from 1.409.1 to 1.454 immediately. Because, Manage pages are accessed by only administrator. So, we want to know what kind of pages has the risk of XSS in Jenkins. -- Masato Izumiya On 3ζ12ζ₯, εεΎ9:20, Jesse Farinacci <jie...@gmail.com> wrote: > Greetings, > > On Mon, Mar 12, 2012 at 5:41 AM, Masato Izumiya > > <masato.izumiya....@gmail.com> wrote: > > We are using Jenkins ver. 1.409.1 now. > > > But, it is difficult for us to update Jenkins right now. > > If only manage pages are at risk of XSS, we don't update Jenkins from > > 1.409.1 to 1.454 immediately. > > If that is too much of a jump, try Jenkins LTS 1.424.6. > > -Jesse > > -- > There are 10 types of people in this world, those > that can read binary and those that can not.
