Jenkins uses the update center metadata to show applicable warnings. It would be a bit of a hack, and use internals not meant for public consumption, but you could do that, too. See the bottom of https://updates.jenkins.io/update-center.actual.json for the warning definitions. (No complaining if we change the format without prior warning etc.!)
On Mon, Sep 23, 2019 at 5:52 PM Eric Engstrom <eric.engst...@gmail.com> wrote: > Yes, I'm subscribed to the "Security advisories" mailing list > <https://groups.google.com/forum/m/#!forum/jenkinsci-advisories>, and > while it provides indications of core updates w.r.t. vulnerabilities, it's > not as helpful for plug-ins - that is, not only would I have to look at all > the plug-ins that are listed as being patched, but it doesn't, AFAICT, tell > me when there are unpatched vulnerabilities. > Counterexample: https://groups.google.com/d/msg/jenkinsci-advisories/T3Zt01nhGao/kn_VhKasCgAJ (Aug 7 this year, second email in the "thread" -- Thanks Google!) -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAMo7PtK49kO_r%3DWinU6%2BwYcf-ScxiPM%2BQxxRyegnZyYoEDVpkg%40mail.gmail.com.
