Re: Jenkins upgrade from 2.250 to 2.275

BTW, if you don't want to do too frequent updates (upgrade each week and check for all changes each time), I would consider switching to the LTS series (2.277.1 in your case). Then such changes would be easier to find in the LTS changelog. Björn Björn Pedersen schrieb am Montag, 31. Mai 2021 u

Re: Out-of-date version(YUI)

> On 30. May 2021, at 03:05, s.p...@gmail.com wrote: > > Affected versions of the package are vulnerable to Cross-site Scripting(XSS) > via .swf files, allowing arbitary code injection into hosting server > CVE-2012-5881 CVE-2012-5883 > While we include YUI, we do not include the vulnerabl

Re: Out-of-date version(YUI)

Hello there, Nothing to care about at the moment for YUI as all the known vulnerabilities are related to the presence of the Flash files ("via .swf files"), they were removed from the library before it was included in Jenkins. But the out-of-date status is still valid unfortunately. Best regar

Re: Jenkins upgrade from 2.250 to 2.275

Hi, it seems you did not upgrade all plugins as well. These effects are caused by the tables-to-div migrations. See https://www.jenkins.io/doc/developer/views/table-to-div-migration/ for more details... Björn s.p...@gmail.com schrieb am Montag, 31. Mai 2021 um 02:52:14 UTC+2: > After I upgr

Jenkins upgrade from 2.250 to 2.275

After I upgraded Jenkins from 2.250 to 2.275, I noticed that the UI for the Jobs configuration looks different. The section for Source Code Management/Build Triggers/Build Environment/build/Post-build actions are missing at the top of the job configuration page and I see a couple of Artifactory

Re: Out-of-date version(YUI)

Thank you, Oleg. Thank you for sharing the link to report the vulnerabilities. Appreciate your help! On Sunday, May 30, 2021 at 2:46:39 PM UTC-4 o.v.ne...@gmail.com wrote: > Hello, > > Thanks for your report. I will let the Jenkins security team members to > comment on that. Just for your infor

Re: Out-of-date version(YUI)

Hello, Thanks for your report. I will let the Jenkins security team members to comment on that. Just for your information, we have an official process for reporting security vulnerabilities. I highly recommend following this process. Please see https://www.jenkins.io/security/#reporting-vulner

Re: [IMPORTANT] plugins deprecation for Digester removal

Thanks to Baptiste for bringing it up explicitly! Many plugins from the list can be fixed, and there are already pull requests created by Adrien Lecharpentier and Carroll Chiou. It would be great to help them landed, but many plugins are effectively abandoned. I highly recommend that the pull r