Security fixes
- Important Security Update - Action Required
-
The Jenkins community announced a new security vulnerability today. This issue was discovered by CloudBees security researchers as a part of their regular penetration testing.
CloudBees strongly recommends that you take immediate action to protect your Jenkins environment, including any version of CloudBees CI, CloudBees Jenkins Platform, CloudBees Jenkins Enterprise, CloudBees Jenkins Distribution, or Jenkins.
There are two ways to protect against this vulnerability. The first option is available only to customers running CloudBees CI, CloudBees Jenkins Platform, or CloudBees Jenkins Enterprise.
-
If you are running CloudBees CI, CloudBees Jenkins Platform, or CloudBees Jenkins Enterprise, you can follow the steps in this Knowledge Base article to use the CloudBees Request Filter plugin to protect your environment. This approach does not require a restart or cause disruption to production workloads.
-
You can upgrade to the version of CloudBees products mentioned in the CloudBees Security Advisory 2021-05-11.
For more information, see the CloudBees Security Advisory 2021-05-11.
-
Known issues
- OperationsCenter.Hostname is no longer optional (BEE-3186)
-
The
OperationsCenter.HostName
field is optional. However, a known issue has changed its behavior so that the installation fails unless you provide one. Until the issue is resolved, you must either configure a hostname during the installation, or change settings in the system properties before you attempt the installation.Refer to the links below for more information about how to configure the hostname or change the system properties: