So it mean the LTS 2.235.5 is not cover by those security fix? jquery 1.11 is old, like 2014 and security patch stopped in 2015.
From: jenkinsci-users@googlegroups.com <jenkinsci-users@googlegroups.com> On Behalf Of vince bailey Sent: August 26, 2020 10:45 AM To: 'Björn Pedersen' via Jenkins Users <jenkinsci-users@googlegroups.com> Subject: Re: Vulnerability in JQuery on Jenkins Hi All, You need to go to min 2.241 or 2.251 there are security issues on older version. docker containers jenkins/jenkins:2.241 jenkins/jenkins:2.51 or go to this website https://www.jenkins.io/download/ -- Regards, Vince Bailey Live long and prosper !!! [cid:image001.png@01D67B96.CBC31940] On 26 Aug 2020, at 15:38, eric....@gmail.com<http://gmail.com> <eric.fet...@gmail.com<mailto:eric.fet...@gmail.com>> wrote: Hi All, Just got gigged by our security team for a vulnerability in Jenkins with the version of JQuery installed. How do I go about updating the version of JQuery Jenkins runs? Here's the specifics of the vulnerability: Plugin Output: URL : http://myMachine:8081/js/jquery-1.11.1.min.js<http://mymachine:8081/js/jquery-1.11.1.min.js> Installed version : 1.11.1 Fixed version : 3.5.0 I'm running version 2.235.5 of Jenkins. Thanks, Eric -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com<mailto:jenkinsci-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/13c921b1-02f4-4f00-a474-266fe766ced0n%40googlegroups.com<https://groups.google.com/d/msgid/jenkinsci-users/13c921b1-02f4-4f00-a474-266fe766ced0n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com<mailto:jenkinsci-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/33DD337C-B069-4D01-BC86-7EF5CD46BBEA%40dns-direct.com<https://groups.google.com/d/msgid/jenkinsci-users/33DD337C-B069-4D01-BC86-7EF5CD46BBEA%40dns-direct.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/YTOPR0101MB2315311913EB71AE7810DE58CD540%40YTOPR0101MB2315.CANPRD01.PROD.OUTLOOK.COM.
