CloudBees Backup Plugin 3.38.70

1 minute read

RELEASED: Public: October 18, 2023

Security fixes

commons-httpclient library vulnerability (BEE-39003)

The commons-httpclient library used in WebDav and Azure stores (transitively through com.sun.jersey:jersey.client) is vulnerable to man in the middle (MITM) attack.

The fix is to remove the commons-httpclient library and use the native Java HttpClient.

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.