CloudBees Backup Plugin 3.38.60.1

1 minute read

RELEASED: Public: March 8, 2023

Security fixes

Symlinks were followed when generating a backup in zip format (BEE-29575)

When using the backup plugin to generate a backup file in zip format, symlinks were followed instead of ignored or archived. This behavior allowed attackers to create symlinks on the Jenkins controller file system inside one of the directories being backed up to add additional files from the Jenkins controller file system.

This issue has been resolved. Symlinks are now stored as symlinks inside zip archives.

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.