Our web scans shows out-of-date version(YUI) vulnerability. I'm not able to
find anything on how to remediate this finding. Any help is appreciated. TIA
Example : /static/01babc68/scripts/yui/yahoo/yahoo-min.js
Affected versions of the package are vulnerable to Cross-site
Scripting(XSS) via .sw
ust for your information, we have an official process for
> reporting security vulnerabilities. I highly recommend following this
> process. Please see
> https://www.jenkins.io/security/#reporting-vulnerabilities
>
> Best regards,
> Oleg Nenashev
>
>
>
> On Su
After I upgraded Jenkins from 2.250 to 2.275, I noticed that the UI for the
Jobs configuration looks different. The section for Source Code
Management/Build Triggers/Build Environment/build/Post-build actions are
missing at the top of the job configuration page and I see a couple of
Artifactory
rn Pedersen schrieb am Montag, 31. Mai 2021 um 08:47:46 UTC+2:
>
>> Hi,
>>
>> it seems you did not upgrade all plugins as well. These effects are
>> caused by the tables-to-div migrations.
>>
>> See https://www.jenkins.io/doc/developer/views/table-to-div-m
removed from the library before it was included in
> Jenkins.
> But the out-of-date status is still valid unfortunately.
>
> Best regards,
>
> Wadeck
> On Monday, May 31, 2021 at 2:33:00 AM UTC+2 s.p...@gmail.com wrote:
>
>> Thank you, Oleg. Thank you for sharing the
In our web scans, we are seeing weak ciphers-enabled vulnerability. Any
help is really appreciated. TIA
example: Netsparker Enterprise detected that weak ciphers are enabled during
secure communication (SSL).
You should allow only strong ciphers on your webserver to protect
secure communication
In our web scans, we are seeing weak ciphers-enabled vulnerability.
*example:* Netsparker Enterprise detected that weak ciphers are enabled
during
secure communication (SSL).
You should allow only strong ciphers on your webserver to protect
secure communication with your visitors.
List of Support
wait for the next LTS to be released above that (which will be about 3
> months time).
>
>
> On Monday, May 31, 2021 at 6:34:52 PM UTC+1 s.p...@gmail.com wrote:
>
>> Thank you Björn . I will look into this. Are there any steps I need to
>> consider before migrating from
3:17:31 PM UTC-4 s.p...@gmail.com wrote:
> Thank you.I will try.
>
> On Tuesday, June 8, 2021 at 7:56:55 AM UTC-4 jn...@cloudbees.com wrote:
>
>> you can just switch the war.
>> Make sure you do not go to a lower version though. in other words if you
>> are on 2
SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
EC keySize < 224, anon, NULL, \
On Wednesday, June 2, 2021 at 10:49:07 AM UTC-4 s.p...@gmail.com wrote:
> In our web scans, we are seeing weak ciphers-enabled v
I'm not able to start Jenkins as windows service or from the command line.
I'm receiving the following error.
Unhandled Exception: System.BadImageFormatException: Could not load file or
asse
mbly 'jenkins.exe' or one of its dependencies. This assembly is built by a
runti
me newer than the curr
After I upgraded Jenkins to 2.303.2, I'm seeing an alert as below. J. I
think Java 11 is OpenJDK and we are using java 1.8.0_301. Is Java 1.8 no
longer supported ? Any inputs are really appreciated. TIA
"Java11 is the recommended version to run Jenkins on; please consider
upgrading."
--
You
that transition.
>
> On Wednesday, November 3, 2021 at 8:24:47 AM UTC-6 s.p...@gmail.com wrote:
>
>> After I upgraded Jenkins to 2.303.2, I'm seeing an alert as below. J. I
>> think Java 11 is OpenJDK and we are using java 1.8.0_301. Is Java 1.8 no
>> longer sup
There is a STored XSS vulnerability for the JDK Parameter plugin.We use
this plugin to specify the JDK version for our Builds compilation. Is there
any plans to upgrade the plugin or can I use the any other plugin ? TIA
--
You received this message because you are subscribed to the Google Group
Hi,
Jenkins is installed on windows server. Our web scans show three low
findings .
1) cookie not marked as HttpOnly
2) [Possible] Cross-site Request Forgery
3) Missing X-frame-options header.
Installed Missing X-frame plugin and the set the option as SAMEORIGIN but
the scans still shows as
Our web scans are showing Dockerfile detected vulnerability . Jenkins
version 2..414.2 . Jenkins is running on windows server. What is the
remediation for this ? Any help is appreciated. TIA
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To
Our web scans are showing Version disclosure for Jquery/YUI/Prototyejs .
Jenkins is running on windows server . Version is 2.426.3 The remedy our
security team suggesting is : Configure your web server to prevent
information leakage.I'm not sure how to configure the web server.Any
steps/informa
Please help.
On Wednesday, March 13, 2024 at 3:27:25 PM UTC-4 s.p...@gmail.com wrote:
> Our web scans are showing Version disclosure for Jquery/YUI/Prototyejs .
> Jenkins is running on windows server . Version is 2.426.3 The remedy our
> security team suggesting is : Configure your w
Our scan reports are showing an out-of-date version of jQuery. Upon some
investigation, I figured out there are two jQuery plugins installed. 1)
jQuery 1.12.4-1 2) jQuery 3.7.1-2 . I'm not able to delete the older
jQuery plugin either from the UI or from the server. How do I remove the
older
fe to remove jQuery 1
> as well...
>
> Am 02.05.2024 um 23:39 schrieb s.p...@gmail.com :
>
> Our scan reports are showing an out-of-date version of jQuery. Upon some
> investigation, I figured out there are two jQuery plugins installed. 1)
> jQuery 1.12.4-1 2) jQuery 3.7.1-2 .
After upgrading Java to Java 17 Jenkins is not working. Upgraded all the
plugins as well. It is installed on windows server .The service is looping
between start and stop. Jenkins is not coming up.
Version: Jenkins 2.452.3
--
You received this message because you are subscribed to the Googl
Sorry Mark, if I'm not clear. I updated the Java path in Jenkins.xml to
Java17 and restarted Jenkins from the Windows service. However, the service
automatically starts and stops Jenkins. When I try to access the Jenkins
application it throws a message that, the site is unreachable. When the
Ja
22 matches
Mail list logo
