Out-of-date version(YUI)

[s.p...@gmail.com]

Our web scans shows out-of-date version(YUI) vulnerability. I'm not able to 
find anything on how to remediate this finding. Any help is appreciated. TIA
Example :  /static/01babc68/scripts/yui/yahoo/yahoo-min.js 
Affected versions of the package are vulnerable to Cross-site 
Scripting(XSS) via .swf files, allowing arbitary code injection into 
hosting server CVE-2012-5881 CVE-2012-5883

*Jenkins version - 2.250 , windows 2012 server.*

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/15ccf650-8458-468b-ae4c-f5f8d6b4cf87n%40googlegroups.com.

Re: Out-of-date version(YUI)

[s.p...@gmail.com]

Thank you, Oleg. Thank you for sharing the link to report the 
vulnerabilities. Appreciate your help!

On Sunday, May 30, 2021 at 2:46:39 PM UTC-4 o.v.ne...@gmail.com wrote:

> Hello,
>
> Thanks for your report. I will let the Jenkins security team members to 
> comment on that. Just for your information, we have an official process for 
> reporting security vulnerabilities. I highly recommend following this 
> process. Please see 
> https://www.jenkins.io/security/#reporting-vulnerabilities
>
> Best regards,
> Oleg Nenashev
>
>
>
> On Sunday, May 30, 2021 at 3:05:00 AM UTC+2 s.p...@gmail.com wrote:
>
>> Our web scans shows out-of-date version(YUI) vulnerability. I'm not able 
>> to find anything on how to remediate this finding. Any help is appreciated. 
>> TIA
>> Example :  /static/01babc68/scripts/yui/yahoo/yahoo-min.js 
>> Affected versions of the package are vulnerable to Cross-site 
>> Scripting(XSS) via .swf files, allowing arbitary code injection into 
>> hosting server CVE-2012-5881 CVE-2012-5883
>>
>> *Jenkins version - 2.250 , windows 2012 server.*
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/551379fa-d0b6-401e-b369-dbc40721f587n%40googlegroups.com.

Jenkins upgrade from 2.250 to 2.275

[s.p...@gmail.com]

After I upgraded Jenkins from 2.250 to 2.275, I noticed that the UI for the 
Jobs configuration looks different. The section for Source Code 
Management/Build Triggers/Build Environment/build/Post-build actions are 
missing at the top of the job configuration page and I see a couple of 
Artifactory configuration sections(tabs). Also, the SSH 
settings/configuration that we set up for each job are missing. Not sure 
how to turn off the Artifactory configuration and restore the SSH settings. 
Please the attached screenshots. Please help. TIA
Jenkins is running on Windows 2012R2 server.


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/b7470c7d-aa1c-4e60-a2ef-80642ccc21d2n%40googlegroups.com.

Re: Jenkins upgrade from 2.250 to 2.275

[s.p...@gmail.com]

Thank you Björn . I will look into this. Are there any steps I need to 
consider before migrating from weekly versions to LTS or just download the 
war and replace it with the current war file?  Really appreciate your help !

On Monday, May 31, 2021 at 2:51:24 AM UTC-4 ice...@googlemail.com wrote:

> BTW, if you don't want to do too frequent updates (upgrade each week and 
> check for all changes each time), I would consider switching to the LTS 
> series (2.277.1 in your case).
> Then such changes would be easier to find in the LTS changelog. 
>
> Björn
>
> Björn Pedersen schrieb am Montag, 31. Mai 2021 um 08:47:46 UTC+2:
>
>> Hi,
>>
>> it seems you  did not upgrade all plugins as well. These effects are 
>> caused by the tables-to-div migrations.
>>
>> See https://www.jenkins.io/doc/developer/views/table-to-div-migration/ 
>> for more details...
>>
>> Björn
>>
>> s.p...@gmail.com schrieb am Montag, 31. Mai 2021 um 02:52:14 UTC+2:
>>
>>> After I upgraded Jenkins from 2.250 to 2.275, I noticed that the UI for 
>>> the Jobs configuration looks different. The section for Source Code 
>>> Management/Build Triggers/Build Environment/build/Post-build actions are 
>>> missing at the top of the job configuration page and I see a couple of 
>>> Artifactory configuration sections(tabs). Also, the SSH 
>>> settings/configuration that we set up for each job are missing. Not sure 
>>> how to turn off the Artifactory configuration and restore the SSH settings. 
>>> Please the attached screenshots. Please help. TIA
>>> Jenkins is running on Windows 2012R2 server.
>>>
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/3ce232d1-70a7-4b6b-9acf-039611542eacn%40googlegroups.com.

Re: Out-of-date version(YUI)

[s.p...@gmail.com]

Thank you Wadeck. 

On Monday, May 31, 2021 at 2:50:34 AM UTC-4 wfoll...@cloudbees.com wrote:

> Hello there,
>
> Nothing to care about at the moment for YUI as all the known 
> vulnerabilities are related to the presence of the Flash files ("via .swf 
> files"), they were removed from the library before it was included in 
> Jenkins.
> But the out-of-date status is still valid unfortunately.
>
> Best regards,
>
> Wadeck
> On Monday, May 31, 2021 at 2:33:00 AM UTC+2 s.p...@gmail.com wrote:
>
>> Thank you, Oleg. Thank you for sharing the link to report the 
>> vulnerabilities. Appreciate your help!
>>
>> On Sunday, May 30, 2021 at 2:46:39 PM UTC-4 o.v.ne...@gmail.com wrote:
>>
>>> Hello,
>>>
>>> Thanks for your report. I will let the Jenkins security team members to 
>>> comment on that. Just for your information, we have an official process for 
>>> reporting security vulnerabilities. I highly recommend following this 
>>> process. Please see 
>>> https://www.jenkins.io/security/#reporting-vulnerabilities
>>>
>>> Best regards,
>>> Oleg Nenashev
>>>
>>>
>>>
>>> On Sunday, May 30, 2021 at 3:05:00 AM UTC+2 s.p...@gmail.com wrote:
>>>
>>>> Our web scans shows out-of-date version(YUI) vulnerability. I'm not 
>>>> able to find anything on how to remediate this finding. Any help is 
>>>> appreciated. TIA
>>>> Example :  /static/01babc68/scripts/yui/yahoo/yahoo-min.js 
>>>> Affected versions of the package are vulnerable to Cross-site 
>>>> Scripting(XSS) via .swf files, allowing arbitary code injection into 
>>>> hosting server CVE-2012-5881 CVE-2012-5883
>>>>
>>>> *Jenkins version - 2.250 , windows 2012 server.*
>>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/4291ea18-1e42-4547-9ffa-b4c0fc070220n%40googlegroups.com.

weak ciphers enabled

[s.p...@gmail.com]

In our web scans, we are seeing weak ciphers-enabled vulnerability.  Any 
help is really appreciated. TIA

example: Netsparker Enterprise detected that weak ciphers are enabled during
secure communication (SSL).
You should allow only strong ciphers on your webserver to protect
secure communication with your visitors.
List of Supported Weak Ciphers
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)

I tried the remediation suggested in the following link and updated java. 
security file as below but no luck. The vulnerability keeps appearing. Am I 
missing anything? 
https://support.cloudbees.com/hc/en-us/articles/216526298-Disabling-Specific-Ciphers-In-Jenkins

jdk.tls.disabledAlgorithms=MD5,SSLv3,DSA, DESede,DES,3DES, RSA keySize < 
2048, CBC, TLSv1, TLSv1.1, RC4,DES-CBC3-SHA keySize <256, 
3DES_EDE_CBC,RC4,,MD5withRSA, DH keySize < 1024, \
EC keySize < 224, anon, NULL, \

Windows -2012R2 server
Jdk1.8.0_281 
Jenkins  url: https::8443

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/b1f634f9-07b7-44a5-8c2e-b8ad17c1ff83n%40googlegroups.com.

weak ciphers-enabled vulnerability

[s.p...@gmail.com]

In our web scans, we are seeing weak ciphers-enabled vulnerability. 
*example:* Netsparker Enterprise detected that weak ciphers are enabled 
during
secure communication (SSL).
You should allow only strong ciphers on your webserver to protect
secure communication with your visitors.
List of Supported Weak Ciphers
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)

I tried the remediation suggested in the following link and updated java. 
security file as below but no luck. The vulnerability keeps appearing. Am I 
missing anything? 
https://support.cloudbees.com/hc/en-us/articles/216526298-Disabling-Specific-Ciphers-In-Jenkins

jdk.tls.disabledAlgorithms=MD5,SSLv3,DSA, DESede,DES,3DES, RSA keySize < 
2048, CBC, TLSv1, TLSv1.1, RC4,DES-CBC3-SHA keySize <256, 
3DES_EDE_CBC,RC4,,MD5withRSA, DH keySize < 1024, \
EC keySize < 224, anon, NULL, \

Windows -2012R2 server
Jdk1.8.0_281 
Jenkins  url: https::8443

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/5355c6d5-3f00-4894-8263-b3eb55dcc866n%40googlegroups.com.

Re: Jenkins upgrade from 2.250 to 2.275

[s.p...@gmail.com]

Thank you.I will try. 

On Tuesday, June 8, 2021 at 7:56:55 AM UTC-4 jn...@cloudbees.com wrote:

> you can just switch the war.
> Make sure you do not go to a lower version though.  in other words if you 
> are on 2.275  you could use 2.289.1 but you use 2.292 then you will have to 
> wait for the next LTS to be released above that (which will be about 3 
> months time).
>
>
> On Monday, May 31, 2021 at 6:34:52 PM UTC+1 s.p...@gmail.com wrote:
>
>> Thank you Björn . I will look into this. Are there any steps I need to 
>> consider before migrating from weekly versions to LTS or just download the 
>> war and replace it with the current war file?  Really appreciate your help !
>>
>> On Monday, May 31, 2021 at 2:51:24 AM UTC-4 ice...@googlemail.com wrote:
>>
>>> BTW, if you don't want to do too frequent updates (upgrade each week and 
>>> check for all changes each time), I would consider switching to the LTS 
>>> series (2.277.1 in your case).
>>> Then such changes would be easier to find in the LTS changelog. 
>>>
>>> Björn
>>>
>>> Björn Pedersen schrieb am Montag, 31. Mai 2021 um 08:47:46 UTC+2:
>>>
>>>> Hi,
>>>>
>>>> it seems you  did not upgrade all plugins as well. These effects are 
>>>> caused by the tables-to-div migrations.
>>>>
>>>> See https://www.jenkins.io/doc/developer/views/table-to-div-migration/ 
>>>> for more details...
>>>>
>>>> Björn
>>>>
>>>> s.p...@gmail.com schrieb am Montag, 31. Mai 2021 um 02:52:14 UTC+2:
>>>>
>>>>> After I upgraded Jenkins from 2.250 to 2.275, I noticed that the UI 
>>>>> for the Jobs configuration looks different. The section for Source Code 
>>>>> Management/Build Triggers/Build Environment/build/Post-build actions are 
>>>>> missing at the top of the job configuration page and I see a couple of 
>>>>> Artifactory configuration sections(tabs). Also, the SSH 
>>>>> settings/configuration that we set up for each job are missing. Not sure 
>>>>> how to turn off the Artifactory configuration and restore the SSH 
>>>>> settings. 
>>>>> Please the attached screenshots. Please help. TIA
>>>>> Jenkins is running on Windows 2012R2 server.
>>>>>
>>>>>
>>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/7f90419e-62f0-4752-9def-b9e13e00f92cn%40googlegroups.com.

Re: Jenkins upgrade from 2.250 to 2.275

[s.p...@gmail.com]

I was able to switch from Jenkins weekly to LTS (2.250 to 2.277.3) . After 
the upgrade, the Save option is not working. I'm receiving this error: This 
page isn't working, didn't send any data. ERR_EMPTY_RESPONSE. Any 
suggestions? Thanks in Advance.

On Wednesday, June 9, 2021 at 3:17:31 PM UTC-4 s.p...@gmail.com wrote:

> Thank you.I will try. 
>
> On Tuesday, June 8, 2021 at 7:56:55 AM UTC-4 jn...@cloudbees.com wrote:
>
>> you can just switch the war.
>> Make sure you do not go to a lower version though.  in other words if you 
>> are on 2.275  you could use 2.289.1 but you use 2.292 then you will have to 
>> wait for the next LTS to be released above that (which will be about 3 
>> months time).
>>
>>
>> On Monday, May 31, 2021 at 6:34:52 PM UTC+1 s.p...@gmail.com wrote:
>>
>>> Thank you Björn . I will look into this. Are there any steps I need to 
>>> consider before migrating from weekly versions to LTS or just download the 
>>> war and replace it with the current war file?  Really appreciate your help !
>>>
>>> On Monday, May 31, 2021 at 2:51:24 AM UTC-4 ice...@googlemail.com wrote:
>>>
>>>> BTW, if you don't want to do too frequent updates (upgrade each week 
>>>> and check for all changes each time), I would consider switching to the 
>>>> LTS 
>>>> series (2.277.1 in your case).
>>>> Then such changes would be easier to find in the LTS changelog. 
>>>>
>>>> Björn
>>>>
>>>> Björn Pedersen schrieb am Montag, 31. Mai 2021 um 08:47:46 UTC+2:
>>>>
>>>>> Hi,
>>>>>
>>>>> it seems you  did not upgrade all plugins as well. These effects are 
>>>>> caused by the tables-to-div migrations.
>>>>>
>>>>> See https://www.jenkins.io/doc/developer/views/table-to-div-migration/ 
>>>>> for more details...
>>>>>
>>>>> Björn
>>>>>
>>>>> s.p...@gmail.com schrieb am Montag, 31. Mai 2021 um 02:52:14 UTC+2:
>>>>>
>>>>>> After I upgraded Jenkins from 2.250 to 2.275, I noticed that the UI 
>>>>>> for the Jobs configuration looks different. The section for Source Code 
>>>>>> Management/Build Triggers/Build Environment/build/Post-build actions are 
>>>>>> missing at the top of the job configuration page and I see a couple of 
>>>>>> Artifactory configuration sections(tabs). Also, the SSH 
>>>>>> settings/configuration that we set up for each job are missing. Not sure 
>>>>>> how to turn off the Artifactory configuration and restore the SSH 
>>>>>> settings. 
>>>>>> Please the attached screenshots. Please help. TIA
>>>>>> Jenkins is running on Windows 2012R2 server.
>>>>>>
>>>>>>
>>>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/44101097-00f3-474d-a9f1-04633e83aa87n%40googlegroups.com.

Re: weak ciphers-enabled vulnerability

[s.p...@gmail.com]

I was able to remediate the weak ciphers finding by updating 
jdk.tls.disabledAlgorithms as below:

jdk.tls.disabledAlgorithms=MD5,SSLv3,DSA, DESede,DES,3DES, RSA keySize < 
2048, CBC, TLSv1, TLSv1.1, RC4, 3DES_EDE_CBC, RC4, MD5withRSA, DH keySize < 
1024, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
EC keySize < 224, anon, NULL, \

On Wednesday, June 2, 2021 at 10:49:07 AM UTC-4 s.p...@gmail.com wrote:

> In our web scans, we are seeing weak ciphers-enabled vulnerability. 
> *example:* Netsparker Enterprise detected that weak ciphers are enabled 
> during
> secure communication (SSL).
> You should allow only strong ciphers on your webserver to protect
> secure communication with your visitors.
> List of Supported Weak Ciphers
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
>
> I tried the remediation suggested in the following link and updated java. 
> security file as below but no luck. The vulnerability keeps appearing. Am I 
> missing anything? 
> https://support.cloudbees.com/hc/en-us/articles/216526298-Disabling-Specific-Ciphers-In-Jenkins
>
> jdk.tls.disabledAlgorithms=MD5,SSLv3,DSA, DESede,DES,3DES, RSA keySize < 
> 2048, CBC, TLSv1, TLSv1.1, RC4,DES-CBC3-SHA keySize <256, 
> 3DES_EDE_CBC,RC4,,MD5withRSA, DH keySize < 1024, \
> EC keySize < 224, anon, NULL, \
>
> Windows -2012R2 server
> Jdk1.8.0_281 
> Jenkins  url: https::8443
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/fc61d0a7-ef1f-4347-b134-0898779e5772n%40googlegroups.com.

Unable to start Jenkins windows service

[s.p...@gmail.com]

I'm not able to start Jenkins as windows service or from the command line. 
I'm receiving the following error.

Unhandled Exception: System.BadImageFormatException: Could not load file or 
asse
mbly 'jenkins.exe' or one of its dependencies. This assembly is built by a 
runti
me newer than the currently loaded runtime and cannot be loaded.
File name: 'jenkins.exe

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/6caaeb8a-f285-4067-a191-fbe0ed3bf45an%40googlegroups.com.

Java 11 is the recommended version to run Jenkins on

[s.p...@gmail.com]

After I upgraded Jenkins to 2.303.2, I'm seeing an alert as below. J. I 
think Java 11 is OpenJDK and we are using java 1.8.0_301. Is Java 1.8 no 
longer supported ? Any inputs are really appreciated. TIA

"Java11 is the recommended version to run Jenkins on; please consider 
upgrading."



-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/0cdabb8b-b73d-47a8-89dc-205dce4b78f2n%40googlegroups.com.

Re: Java 11 is the recommended version to run Jenkins on

[s.p...@gmail.com]

Thank you Mark!

On Wednesday, November 3, 2021 at 10:38:28 AM UTC-4 Mark Waite wrote:

> Jenkins continues to support Java 8.  We recommend Java 11.
>
> See 
> https://www.jenkins.io/blog/2021/08/17/docker-images-use-jdk-11-by-default/ 
> for more details on the rationale for that transition.
>
> On Wednesday, November 3, 2021 at 8:24:47 AM UTC-6 s.p...@gmail.com wrote:
>
>> After I upgraded Jenkins to 2.303.2, I'm seeing an alert as below. J. I 
>> think Java 11 is OpenJDK and we are using java 1.8.0_301. Is Java 1.8 no 
>> longer supported ? Any inputs are really appreciated. TIA
>>
>> "Java11 is the recommended version to run Jenkins on; please consider 
>> upgrading."
>>
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/6d0d835c-4cf5-48e8-802f-af02c09e28bfn%40googlegroups.com.

JDK parameter plugin

[s.p...@gmail.com]

There is a STored XSS vulnerability for the JDK Parameter plugin.We use 
this plugin to specify the JDK version for our Builds compilation. Is there 
any plans to upgrade the plugin or can I use the any other plugin ? TIA

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/846abe7e-c050-4520-ac2a-c700cf306402n%40googlegroups.com.

Scans showing low vulnerability for our Jenkins instance

[s.p...@gmail.com]

Hi, 

Jenkins is installed on windows server. Our web scans show three low 
findings .

1) cookie not marked as HttpOnly 
2) [Possible] Cross-site Request Forgery
3) Missing X-frame-options header.

Installed Missing X-frame plugin and the set the option as SAMEORIGIN but 
the scans still shows as low finding. For the other two , I'm not able to 
find any resolution in google search. Appreciate any inputs on this. Thanks 
in Advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/cdf27f70-6cdf-4d40-9177-4e6fcef1310bn%40googlegroups.com.

Dockerfile Detected

[s.p...@gmail.com]

Our web scans are showing Dockerfile detected vulnerability . Jenkins 
version 2..414.2 . Jenkins is running on windows server. What is the 
remediation for this ? Any help is appreciated. TIA

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/c051ab51-3b0e-4db2-8670-ffb985baa9f6n%40googlegroups.com.

Version Disclosure (JQuery/YUI/Prototypejs)

[s.p...@gmail.com]

Our web scans are showing Version disclosure for Jquery/YUI/Prototyejs . 
Jenkins is running on windows server . Version is 2.426.3 The remedy our 
security team suggesting is : Configure your web server to prevent 
information leakage.I'm not sure how to configure the web server.Any 
steps/information is really appreaciated. TIA

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/1e7ca647-a1b2-4f2f-9e67-eb5d8b5cf327n%40googlegroups.com.

Re: Version Disclosure (JQuery/YUI/Prototypejs)

[s.p...@gmail.com]

Please help.

On Wednesday, March 13, 2024 at 3:27:25 PM UTC-4 s.p...@gmail.com wrote:

> Our web scans are showing Version disclosure for Jquery/YUI/Prototyejs . 
> Jenkins is running on windows server . Version is 2.426.3 The remedy our 
> security team suggesting is : Configure your web server to prevent 
> information leakage.I'm not sure how to configure the web server.Any 
> steps/information is really appreaciated. TIA

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/c5a03cc5-a71c-427e-bbac-6ec757533267n%40googlegroups.com.

jQuery 1.12.4 plugin

[s.p...@gmail.com]

Our scan reports are showing an out-of-date version of jQuery. Upon some 
investigation, I figured out there are two jQuery plugins installed. 1) 
jQuery 1.12.4-1   2) jQuery 3.7.1-2 . I'm not able to delete the older 
jQuery plugin either from the UI or from the server. How do I remove the 
older plugin ? Does it break any other plugins? Please advise.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/2ab6f4d6-5f0e-4d02-9ff6-51e159b5c7fdn%40googlegroups.com.

Re: jQuery 1.12.4 plugin

[s.p...@gmail.com]

Thank you. I disabled the plugin.

On Monday, May 6, 2024 at 5:53:12 AM UTC-4 ullrich...@gmail.com wrote:

> You can have a look here to see which plugins depend on jQuery 1:
> https://plugins.jenkins.io/jquery/dependencies/
>
> If you do not need one of those then it should be safe to remove  jQuery 1 
> as well...
>
> Am 02.05.2024 um 23:39 schrieb s.p...@gmail.com :
>
> Our scan reports are showing an out-of-date version of jQuery. Upon some 
> investigation, I figured out there are two jQuery plugins installed. 1) 
> jQuery 1.12.4-1   2) jQuery 3.7.1-2 . I'm not able to delete the older 
> jQuery plugin either from the UI or from the server. How do I remove the 
> older plugin ? Does it break any other plugins? Please advise. 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-users/2ab6f4d6-5f0e-4d02-9ff6-51e159b5c7fdn%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/jenkinsci-users/2ab6f4d6-5f0e-4d02-9ff6-51e159b5c7fdn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/e8127b54-9b6f-47c1-a040-630778af684cn%40googlegroups.com.

Java upgrade from Java11 to Java 17

[s.p...@gmail.com]

After upgrading Java to Java  17 Jenkins is not working. Upgraded all the 
plugins as well. It is installed on windows server .The service is looping 
between start and stop. Jenkins is not coming up. 

Version: Jenkins 2.452.3


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20fb979d-102e-4bae-befb-8639275d6330n%40googlegroups.com.

Re: Java upgrade from Java11 to Java 17

[s.p...@gmail.com]

Sorry Mark, if I'm not clear. I updated the Java path in Jenkins.xml to 
Java17 and restarted Jenkins from the Windows service. However, the service 
automatically starts and stops Jenkins. When I try to access the Jenkins 
application it throws a message that, the site is unreachable. When the 
Java path is reverted to Java 11, it works fine. 


On Friday, August 16, 2024 at 2:34:17 PM UTC-4 Mark Waite wrote:

> On Friday, August 16, 2024 at 12:26:06 PM UTC-6 you wrote:
>
> After upgrading Java to Java  17 Jenkins is not working. Upgraded all the 
> plugins as well. It is installed on windows server .The service is looping 
> between start and stop. Jenkins is not coming up. 
>
> Version: Jenkins 2.452.3
>
>
>  I'm sorry to hear that.  In order for others to help you, they'll need 
> much more information than "Jenkins is not working".  "How to report an 
> issue"  describes the 
> type of information that is needed so that others can help you.
>
> Mark Waite
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/c3ab7f79-427b-4bac-b1c4-d01442724a26n%40googlegroups.com.