RELEASED: 2021-05-11
Fixed release
Security fixes
- Important Security Update - Action Required
-
The Jenkins community announced a new security vulnerability today. This issue was discovered by CloudBees security researchers as a part of their regular penetration testing.
CloudBees strongly recommends that you take immediate action to protect your Jenkins environment, including any version of CloudBees CI, CloudBees Jenkins Platform, CloudBees Jenkins Enterprise, CloudBees Jenkins Distribution, or Jenkins.
There are two ways to protect against this vulnerability. The first option is available only to customers running CloudBees CI, CloudBees Jenkins Platform, or CloudBees Jenkins Enterprise.
-
If you are running CloudBees CI, CloudBees Jenkins Platform, or CloudBees Jenkins Enterprise, you can follow the steps in this Knowledge Base article to use the CloudBees Request Filter plugin to protect your environment. This approach does not require a restart or cause disruption to production workloads.
-
You can upgrade to the version of CloudBees products mentioned in the CloudBees Security Advisory 2021-05-11.
For more information, see the CloudBees Security Advisory 2021-05-11.
-