Thanks Daniel! We do have the Ant plugin installed, but our version is
updated beyond the affected patch level.
On Thu, Apr 19, 2018 at 6:57 AM, Daniel Beck wrote:
>
> > On 18. Apr 2018, at 16:33, Mark Waite wrote:
> >
> > Likewise, I would assume that the other plugins mentioned in the
> 2018
Thanks Mark! That's good info. I'll break it down and see where we stand.
On Tue, Apr 17, 2018 at 2:36 PM, Mark Waite
wrote:
> Your mail doesn't tell us what security vulnerability is believed to exist.
>
> Can you explain further what the report means and what you believe should
> be done?
>
> On 18. Apr 2018, at 16:33, Mark Waite wrote:
>
> Likewise, I would assume that the other plugins mentioned in the 2018-01-22
> advisory need to be upgraded to at least those versions.
Just a quirk of our advisory format. Unless another plugin is specifically
mentioned as affected by this, i
On Wed, Apr 18, 2018 at 7:26 AM Eric Fetzer wrote:
> Sorry Mark, not sure if you see "SECURITY-624" in the Table I posted.
> Here's the Jenkins Security Advisory:
>
> https://jenkins.io/security/advisory/2017-12-05/
>
> But then the Jenkins change log shows that with version 2.107, this was
> add
Sorry Mark, not sure if you see "SECURITY-624" in the Table I posted.
Here's the Jenkins Security Advisory:
https://jenkins.io/security/advisory/2017-12-05/
But then the Jenkins change log shows that with version 2.107, this was
addressed (more than just a work around): https://jenkins.io/change
Your mail doesn't tell us what security vulnerability is believed to exist.
Can you explain further what the report means and what you believe should
be done?
Mark Waite
On Tue, Apr 17, 2018, 9:02 AM Eric Fetzer wrote:
> No one has any ideas about this at all?
>
>
>
> On Friday, April 13, 2018
No one has any ideas about this at all?
On Friday, April 13, 2018 at 12:21:36 PM UTC-6, Eric Fetzer wrote:
>
> We're getting gigged on a security scan that looking at Jenkins
> documentation, should not be happening. The scan is turning up:
>
>
> *Vulnerability*
>
> *Host*
>
> *IP*
>
> *Port*
We're getting gigged on a security scan that looking at Jenkins
documentation, should not be happening. The scan is turning up:
*Vulnerability*
*Host*
*IP*
*Port*
*201701*
*201702*
*201703*
*201704*
*201705*
*201706*
*201707*
Jenkins JDK / Ant Tools Job Configuration Stored XSS Vulne
