Thanks Daniel! We do have the Ant plugin installed, but our version is updated beyond the affected patch level.
On Thu, Apr 19, 2018 at 6:57 AM, Daniel Beck <m...@beckweb.net> wrote: > > > On 18. Apr 2018, at 16:33, Mark Waite <mark.earl.wa...@gmail.com> wrote: > > > > Likewise, I would assume that the other plugins mentioned in the > 2018-01-22 advisory need to be upgraded to at least those versions. > > Just a quirk of our advisory format. Unless another plugin is specifically > mentioned as affected by this, it is not believed to be. > > Regarding whether the core update is sufficient, I'm not sure off hand. It > could be. > > That said, unless you have a strictly locked down Jenkins instance, admins > can already XSS other users, so this isn't an issue relevant to most of the > real world. > > Regarding the security scan, I wouldn't be surprised if they found a > reference to Ant (the build tool) and confuse it for Ant (the plugin). Most > of what we get reported from security scan tools is complete garbage. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/jenkinsci-users/fKY3_xmAPkk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/6C4A6238-491C-4F1F-9B47-28D051532931%40beckweb.net. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAByBicYhOwvcm_2PwZ6gUypmooWhh%3DbaK%3Dnc_HDp351sYG1AqQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
