Important security updates for multiple Jenkins plugins

Published on 2017-08-07 by Daniel Beck

plugins
security

Multiple Jenkins plugins received updates today that fix several security vulnerabilities, including multiple high severity ones.

We strongly recommend updating the following plugins as soon as possible:

Blue Ocean
Pipeline: Groovy Plugin
Script Security Plugin

Less severe security updates have been released for these plugins:

Config File Provider Plugin
Datadog Plugin
Deploy to container Plugin
DRY Plugin
Pipeline: Input Step Plugin
Static Analysis Utilities Plugin

Additionally, the OWASP Dependency-Check Plugin recently also received a security update.

For an overview of what was fixed, see the security advisory.

Subscribe to the jenkinsci-advisories mailing list to receive important future notifications related to Jenkins security.

About the Author

Daniel Beck

Daniel is a Jenkins core maintainer and, as security officer, leads the Jenkins security team. He sometimes contributes to developer documentation and project infrastructure.

Important security updates for multiple Jenkins plugins

Resources

Solutions

Project

Community