We just released security updates to Jenkins, versions 2.107 and 2.89.4, that fix multiple security vulnerabilities.
For an overview of what was fixed, see the security advisory. For an overview on the possible impact of these changes on upgrading Jenkins LTS, see our LTS upgrade guide.
| While the severity score works out as medium for all the vulnerabilities, we strongly recommend that anyone operating publicly accessible Jenkins instances update as soon as possible, as their secrets on disk might be at risk by SECURITY-705. |
Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.
|
Daniel Beck
Daniel is a Jenkins core maintainer and member of the Jenkins security team. He was the inaugural Jenkins security officer from 2015 to 2021. He sometimes contributes to developer documentation and project infrastructure in his spare time. |