RELEASED: Public: 2020-08-12
Security fixes
-
Concurrency issue in CloudBees Groovy View Plugin leading to RCE (CTR-2017)
Users with View/Create and View/Configure permissions were able to execute any Groovy code on the Jenkins instance, leveraging a concurrency issue in Groovy Views.
The concurrency issue is fixed, removing the RCE vulnerability.