Hello All,
A recent CVE was published for the BlueOcean plugin being vulnerable to a
low effort CSRF attack that could disclose github credentials[1]
I have redeployed all Jenkins servers with an updated docker images that
contains a fixed version of BlueOcean.
The changes were minimal and should not be disruptive, but please let me
know if you experience any problems.
[1] https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116
Regards,
--
Kelley Spoon <kelley.spoon(a)linaro.org>