CloudBees Backup Plugin 3.38.13

1 minute read

RELEASED: Public: 2019-08-02

Security advisory * CloudBees Internal Ticket: CTR-427

+ Problem: Any "StringCredentials"/"Secret Text" value within the Jenkins instance can be compromised by a malicious attacker using checkAccountCredentials endpoint.

+ Fix: CSRF protection enabled by POST requirement. CONFIGURATION permissions on the backup item has been introduced.

New features

None

Resolved issues

  • CloudBees Internal Ticket: FNDJEN-1472

    Resolves issue when trying to run a Cluster Operation to backup connected instance to a SFTP server, using a temporary local backup.

Known issues

None