RELEASED: 2020-01-29
Based on Jenkins
LTS2.164.33-cb-1
Fixed release
Security advisory
Security advisory * CloudBees Security Advisory 2020-01-29
+ This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees Core.
Plugin modifications
-
Jenkins LTS
Upgraded Jenkins LTS from
2.164.32-cb-1
to2.164.33-cb-1
-
Upgraded CloudBees Folders Plus Plugin from
3.8
to3.9
-
Upgraded Jenkins Health Advisor by CloudBees Plugin from
2.8
to2.8.1
-
Upgraded CloudBees Long-Running Build Plugin from
1.12
to1.13
-
Upgraded CloudBees Template Plugin from
4.39
to4.39.1
-
Upgraded Credentials Plugin from
2.1.19
to2.2.0
-
Upgraded Amazon EC2 Plugin from
1.42.1
to1.42.2
-
Upgraded HTML Publisher Plugin from
1.16
to1.21
-
Upgraded JIRA Plugin from
3.0.6
to3.0.6.1
-
Upgraded SCM API Plugin from
2.4.0
to2.4.1
-
Upgraded Script Security Plugin from
1.57.2
to1.57.4
-
Upgraded SSH Credentials Plugin from
1.14
to1.17
-
Upgraded Support Core Plugin from
2.56
to2.56.1
Compatible plugins
-
Pipeline implementation for Blue Ocean
1.10.2 compatible optional
-
Pipeline: GitHub Groovy Libraries
1.0 compatible optional
-
Jenkins Active Directory plugin
2.13 compatible optional
-
JAXB plugin
2.3.0.1 compatible installed by default
-
Jenkins Pub-Sub "light" Bus
1.12 compatible optional
-
Support Core Plugin
2.56.1 compatible installed by default
-
Jenkins JIRA plugin
3.0.6.1 compatible optional
-
CloudBees AWS Credentials Plugin
1.24 compatible optional
-
Pipeline: Step API
2.19 compatible installed by default
-
REST Implementation for Blue Ocean
1.10.2 compatible optional
-
Bitbucket Pipeline for Blue Ocean
1.10.2 compatible optional
-
Email Extension Plugin
2.66 compatible optional
-
GitHub Pipeline for Blue Ocean
1.10.2 compatible optional
-
Display URL for Blue Ocean
2.2.0 compatible optional
-
Stack Trace Suppression Plugin
1.5 compatible optional
-
bouncycastle API Plugin
2.17 compatible installed by default
-
Pipeline SCM API for Blue Ocean
1.10.2 compatible optional
-
REST API for Blue Ocean
1.10.2 compatible optional
-
Pipeline: API
2.33 compatible installed by default
-
Pipeline: Nodes and Processes
2.30 compatible optional
-
Web for Blue Ocean
1.10.2 compatible optional
-
JavaScript GUI Lib: ACE Editor bundle plugin
1.1 compatible optional
-
JavaScript GUI Lib: Moment.js bundle plugin
1.1.1 compatible optional
-
Common API for Blue Ocean
1.10.2 compatible installed by default
-
Jenkins promoted builds plugin
3.0 compatible optional
-
JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin
1.2.1 compatible optional
-
Pipeline: Input Step
2.10 compatible optional
-
Favorite
2.3.1 compatible optional
-
Jenkins Apache HttpComponents Client 4.x API Plugin
4.5.5-3.0 compatible installed by default
-
Pipeline: Stage Step
2.3 compatible optional
-
Node Iterator API Plugin
1.5.0 compatible optional
-
Events API for Blue Ocean
1.10.2 compatible optional
-
Pipeline
2.5 compatible optional
-
Docker Commons Plugin
1.14 compatible optional
-
Copy Artifact Plugin
1.41 compatible optional
-
Deployer Framework Plugin
1.1 compatible optional
-
Dashboard View
2.9.12 compatible optional
-
GitHub API Plugin
1.95 compatible optional
-
Maven Integration plugin
3.4 compatible optional
-
JWT for Blue Ocean
1.10.2 compatible optional
-
Pipeline: Build Step
2.9 compatible optional
-
Pipeline: Declarative Extension Points API
1.3.8 compatible optional
-
CloudBees Docker Hub/Registry Notification
2.2.1 compatible optional
-
External Monitor Job Type Plugin
1.7 compatible optional
-
Matrix Authorization Strategy Plugin
2.3 compatible optional
-
Dashboard for Blue Ocean
1.10.2 compatible optional
-
JIRA Integration for Blue Ocean
1.10.2 compatible optional
-
JavaScript GUI Lib: Handlebars bundle plugin
1.1.1 compatible optional
-
Blue Ocean Core JS
1.10.2 compatible optional
-
Kubernetes Credentials Plugin
0.4.0 compatible optional
-
Durable Task Plugin
1.29 compatible optional
-
Blue Ocean
1.10.2 compatible optional
-
Pipeline: SCM Step
2.7 compatible optional
-
Pipeline: Stage View Plugin
2.10 compatible optional
-
Pipeline: Declarative Agent API
1.1.1 compatible optional
-
Autofavorite for Blue Ocean
1.2.4 compatible optional
-
Pipeline: Milestone Step
1.3.1 compatible optional
-
Pipeline: Job
2.32 compatible optional
-
Server Sent Events (SSE) Gateway Plugin
1.17 compatible optional
-
Jenkins Mercurial plugin
2.3 compatible optional
-
Amazon EC2 plugin
1.42.2 compatible optional
-
Pipeline: Basic Steps
2.15 compatible optional
-
Git Pipeline for Blue Ocean
1.10.2 compatible optional
-
Docker Pipeline
1.18 compatible optional
-
Pipeline: Declarative
1.3.8 compatible optional
-
Pipeline: REST API Plugin
2.10 compatible optional
-
Jenkins Parameterized Trigger plugin
2.35.1 compatible optional
-
Handy Uri Templates 2.x API Plugin
2.1.6-1.0 compatible optional
-
Pipeline: Model API
1.3.8 compatible optional
-
SSH Agent Plugin
1.17 compatible optional
-
Run Condition Plugin
1.0 compatible optional
-
Deployed On Column Plugin
1.8 compatible optional
-
i18n for Blue Ocean
1.10.2 compatible optional
-
PAM Authentication plugin
1.4.1 compatible optional
-
Jenkins Design Language
1.10.2 compatible optional
-
GitHub plugin
1.29.3 compatible optional
-
Pipeline: Stage Tags Metadata
1.3.8 compatible optional
-
Jenkins JSch dependency plugin
0.1.55 compatible optional
-
Config API for Blue Ocean
1.10.2 compatible optional
-
Blue Ocean Pipeline Editor
1.10.2 compatible optional
-
Jenkins build timeout plugin
1.18 compatible optional
-
Amazon Web Services SDK
1.11.457 compatible optional
-
Pipeline: Multibranch
2.20 compatible optional
-
Pipeline Graph Analysis Plugin
1.7 compatible optional
-
Pipeline: Shared Groovy Libraries
2.13.1 compatible optional
-
Bitbucket Branch Source Plugin
2.4.2 compatible optional
-
Azure PublisherSettings Credentials Plugin
1.5 compatible optional
-
Personalization for Blue Ocean
1.10.2 compatible optional
-
NodeJS Plugin
1.2.9 compatible optional
-
Pipeline: Supporting APIs
3.2 compatible optional
-
Unique ID Library Plugin
2.1.3 compatible optional
-
Matrix Project Plugin
1.14 compatible optional
-
Command Agent Launcher Plugin
1.2 compatible installed by default
-
jQuery plugin
1.12.4-0 compatible optional
-
Pipeline: Groovy
2.66 compatible optional
-
HTML Publisher plugin
1.21 compatible optional
-
Conditional BuildStep
1.3.6 compatible optional
-
AWS Global Configuration Plugin
1.3 compatible optional
-
CloudBees Docker Build and Publish plugin
1.3.2 compatible optional
-
JDK Tool Plugin
1.1 compatible installed by default
Proprietary plugins
-
CloudBees SSH Build Agents Plugin
2.3 proprietary optional
-
Operations Center Analytics Reporter
2.107.1.5 proprietary optional
-
Operations Center Notification
1.0 proprietary optional
-
Pipeline Event Step
1.3 proprietary optional
-
CloudBees Folders Plus Plugin
3.9 proprietary installed by default
-
Operations Center Agent
2.150.2.4 proprietary installed by default
-
CloudBees Even Scheduler Plugin
3.9 proprietary optional
-
CloudBees Pipeline Stage View Extensions
2.1 proprietary optional
-
CloudBees High Availability Management plugin
4.20 proprietary optional
-
CloudBees WikiText Security Plugin
3.9 proprietary optional
-
CloudBees View Creation Filter Plugin
1.5 proprietary optional
-
CloudBees Pipeline (Deprecated)
1.9.1 proprietary optional
-
CloudBees Long-Running Build Plugin
1.13 proprietary optional
-
CloudBees Skip Next Build Plugin
4.2 proprietary optional
-
CloudBees Git Validated Merge Plugin
3.24 proprietary optional
-
CloudBees License Manager
9.33 proprietary installed by default
-
CloudBees Label Throttling Plugin
3.7 proprietary optional
-
CloudBees Update Center Data API
4.42 proprietary installed by default
-
Trigger Restrictions
1.2 proprietary optional
-
CloudBees Pipeline: Groovy Checkpoint Plugin
2.7 proprietary optional
-
CloudBees Amazon AWS CLI Plugin
1.5.10 proprietary optional
-
CloudBees Nodes Plus Plugin
1.17 proprietary optional
-
CloudBees Pipeline: REST API (Deprecated)
1.9.1 proprietary optional
-
Operations Center Client Plugin
2.150.2.5 proprietary installed by default
-
Operations Center Analytics Configuration
2.107.1.5 proprietary optional
-
CloudBees Pull Request Builder for GitHub
1.13 proprietary optional
-
CloudBees Jenkins Enterprise License Entitlement Check
8.18 proprietary installed by default
-
CloudBees Restart Aborted Builds Plugin
1.12 proprietary optional
-
Beekeeper Upgrade Assistant Plugin
2.138.0.5 proprietary installed by default
-
CloudBees VMWare Autoscaling Plugin
4.3.8 proprietary optional
-
Notification API
1.1 proprietary optional
-
Operations Center Context
2.150.2.8 proprietary installed by default
-
CloudBees Template Plugin
4.39.1 proprietary optional
-
CloudBees Back-up Plugin
3.38.10 proprietary optional
-
CloudBees Role-Based Access Control Plugin
5.27 proprietary installed by default
-
CloudBees Quiet Start Plugin
1.5 proprietary optional
-
CloudBees Amazon Web Services Deploy Engine Plugin
1.18 proprietary optional
-
CloudBees Jenkins Advisor Plugin
2.8.1 proprietary optional
-
CloudBees Groovy View Plugin
1.8 proprietary optional
-
Operations Center Cloud
2.150.2.4 proprietary optional
-
CloudBees Plugin Usage Plugin
1.10 proprietary optional
-
CloudBees Monitoring Plugin
2.8 proprietary optional
-
CloudBees Pipeline: Templates Plugin
3.0 proprietary optional
-
CloudBees OpenShift CLI Plugin
1.4 proprietary optional
-
CloudBees Blue Ocean Default Theme
0.5 proprietary installed by default
-
CloudBees Fast Archiving Plugin
5.9 proprietary optional
-
CloudBees Support Plugin
3.22 proprietary optional
-
Kube Agent Management plugin
1.1.8 proprietary optional
Verified plugins
-
Jenkins Mailer Plugin
1.23 verified installed by default
-
Ant Plugin
1.9 verified optional
-
Kubernetes plugin
1.14.9 verified optional
-
WMI Windows Agents Plugin
1.4 verified optional
-
MapDB API Plugin
1.0.9.0 verified installed by default
-
Javadoc Plugin
1.5 verified optional
-
Config File Provider Plugin
3.5 verified optional
-
Jenkins MSBuild Plugin
1.29 verified optional
-
Variant Plugin
1.2 verified installed by default
-
GitHub Branch Source Plugin
2.4.5 verified optional
-
Jenkins GIT server Plugin
1.7 verified optional
-
Jenkins Git plugin
3.9.3 verified optional
-
Artifact Manager on S3 plugin
1.4 verified optional
-
Plain Credentials Plugin
1.4 verified optional
-
LDAP Plugin
1.20 verified optional
-
Authentication Tokens API Plugin
1.3 verified optional
-
Metrics Plugin
4.0.2.3 verified installed by default
-
Branch API Plugin
2.0.20.1 verified optional
-
OWASP Markup Formatter Plugin
1.5 verified optional
-
JUnit Plugin
1.26.1 verified installed by default
-
SSH Credentials Plugin
1.17 verified optional
-
Gradle Plugin
1.30 verified optional
-
Folders Plugin
6.7 verified installed by default
-
Structs Plugin
1.17 verified installed by default
-
Jenkins SSH Slaves plugin
1.26 verified optional
-
Credentials Binding Plugin
1.18 verified optional
-
Token Macro Plugin
2.8 verified installed by default
-
SAML Plugin
1.1.2 verified optional
-
Async Http Client
1.7.24.2 verified installed by default
-
Display URL API
2.3.1 verified installed by default
-
Jackson 2 API Plugin
2.9.8 verified installed by default
-
Jenkins MSTestRunner plugin
1.3.0 verified optional
-
Secure Requester Whitelist Plugin
1.2 verified optional
-
Credentials Plugin
2.2.0 verified installed by default
-
SCM API Plugin
2.4.1 verified installed by default
-
Script Security Plugin
1.57.4 verified installed by default
-
Jenkins Git client plugin
2.7.4.1 verified optional