Important security updates for multiple Jenkins plugins

Daniel Beck August 7, 2017

Multiple Jenkins plugins received updates today that fix several security vulnerabilities, including multiple high severity ones.

We strongly recommend updating the following plugins as soon as possible:

Blue Ocean
Pipeline: Groovy Plugin
Script Security Plugin

Less severe security updates have been released for these plugins:

Config File Provider Plugin
Datadog Plugin
Deploy to container Plugin
DRY Plugin
Pipeline: Input Step Plugin
Static Analysis Utilities Plugin

Additionally, the OWASP Dependency-Check Plugin recently also received a security update.

For an overview of what was fixed, see the security advisory.

Subscribe to the jenkinsci-advisories mailing list to receive important future notifications related to Jenkins security.

plugins
security

About the author

Daniel Beck

Daniel is a Jenkins core maintainer and member of the Jenkins security team. He was the inaugural Jenkins security officer from 2015 to 2021. He sometimes contributes to developer documentation and project infrastructure in his spare time.