> On 18. Apr 2018, at 16:33, Mark Waite <mark.earl.wa...@gmail.com> wrote: > > Likewise, I would assume that the other plugins mentioned in the 2018-01-22 > advisory need to be upgraded to at least those versions.
Just a quirk of our advisory format. Unless another plugin is specifically mentioned as affected by this, it is not believed to be. Regarding whether the core update is sufficient, I'm not sure off hand. It could be. That said, unless you have a strictly locked down Jenkins instance, admins can already XSS other users, so this isn't an issue relevant to most of the real world. Regarding the security scan, I wouldn't be surprised if they found a reference to Ant (the build tool) and confuse it for Ant (the plugin). Most of what we get reported from security scan tools is complete garbage. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6C4A6238-491C-4F1F-9B47-28D051532931%40beckweb.net. For more options, visit https://groups.google.com/d/optout.
