Hi All, It’s is because of the plugins mainly, LTS versions are more stable and are supported for a long time but they are not update to fix security holes and your jenkins server will often ask you to update your war file. Or what ever process you use to update Jenkins.
PS if your jenkins sits on an OS like windows/linux/mac you must update they're security patches often. I am running a docker container version 2.251 and it’s great new look new features and connectively to thinks like atlanian products work much better. -- Regards, Vince Bailey Live long and prosper !!! The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender Vince Bailey email address vi...@dns-direct.com and delete the material from any computer. > On 26 Aug 2020, at 15:51, Jérôme Godbout <godbo...@amotus.ca> wrote: > > So it mean the LTS 2.235.5 is not cover by those security fix? jquery 1.11 is > old, like 2014 and security patch stopped in 2015. > > From: jenkinsci-users@googlegroups.com > <mailto:jenkinsci-users@googlegroups.com> <jenkinsci-users@googlegroups.com > <mailto:jenkinsci-users@googlegroups.com>> On Behalf Of vince bailey > Sent: August 26, 2020 10:45 AM > To: 'Björn Pedersen' via Jenkins Users <jenkinsci-users@googlegroups.com > <mailto:jenkinsci-users@googlegroups.com>> > Subject: Re: Vulnerability in JQuery on Jenkins > > Hi All, > > You need to go to min 2.241 or 2.251 there are security issues on older > version. > > docker containers > jenkins/jenkins:2.241 > jenkins/jenkins:2.51 > > or go to this website > > https://www.jenkins.io/download/ <https://www.jenkins.io/download/> > > > -- > Regards, > > Vince Bailey > > Live long and prosper !!! > > > <image001.png> > > > > > > On 26 Aug 2020, at 15:38, eric....@gmail.com <http://gmail.com/> > <eric.fet...@gmail.com <mailto:eric.fet...@gmail.com>> wrote: > > Hi All, > > Just got gigged by our security team for a vulnerability in Jenkins with the > version of JQuery installed. How do I go about updating the version of > JQuery Jenkins runs? Here's the specifics of the vulnerability: > > Plugin Output: > URL : http://myMachine:8081/js/jquery-1.11.1.min.js > <http://mymachine:8081/js/jquery-1.11.1.min.js> > Installed version : 1.11.1 > Fixed version : 3.5.0 > > I'm running version 2.235.5 of Jenkins. > > Thanks, > Eric > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tojenkinsci-users+unsubscr...@googlegroups.com > <mailto:jenkinsci-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/13c921b1-02f4-4f00-a474-266fe766ced0n%40googlegroups.com > > <https://groups.google.com/d/msgid/jenkinsci-users/13c921b1-02f4-4f00-a474-266fe766ced0n%40googlegroups.com?utm_medium=email&utm_source=footer>. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com > <mailto:jenkinsci-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/33DD337C-B069-4D01-BC86-7EF5CD46BBEA%40dns-direct.com > > <https://groups.google.com/d/msgid/jenkinsci-users/33DD337C-B069-4D01-BC86-7EF5CD46BBEA%40dns-direct.com?utm_medium=email&utm_source=footer>. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com > <mailto:jenkinsci-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/YTOPR0101MB2315311913EB71AE7810DE58CD540%40YTOPR0101MB2315.CANPRD01.PROD.OUTLOOK.COM > > <https://groups.google.com/d/msgid/jenkinsci-users/YTOPR0101MB2315311913EB71AE7810DE58CD540%40YTOPR0101MB2315.CANPRD01.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/DE9019DF-AC18-4178-9CF3-48FA9ADACD2B%40dns-direct.com.
