Hello everyone, Latest LTS RC was made public and it is ready to be tested. Final release is scheduled for 2021-01-13. Please, report your findings in this thread. Download the release from https://repo.jenkins-ci.org/snapshots/org/jenkins-ci/main/jenkins-war/2.263.2-SNAPSHOT/jenkins-war-2.263.2-20201218.134406-1.war Thanks! You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3Bifs%2BF0VkgN0VF4DzGNrp2-93xWONtKqHH96DYoq-JiBpg%40mail.gmail.com. |
I've been testing the 2.263.2 release candidate for the last two weeks with no issues detected and no surprises. Testing has used a JDK 8 Docker image that was upgraded from 2.263.1 to 2.263.2-rc with Linux, Windows, FreeBSD, and OpenBSD agents from various sources (Amazon, Google, Oracle cloud, local agents, etc.). On Fri, Dec 18, 2020 at 6:50 AM Tim Jacomb <[hidden email]> wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtEHiaS8MSrfZVDRupBGvUspjOcCm-n_fb%2BF_nDkGE763A%40mail.gmail.com. |
Hi team,
Would an update to winstone also be made in this new LTS release ? The fix for the CVE https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 is available in 5.13 of winstone. Regards, Vibhav Bobade On Monday, 4 January 2021 at 00:19:05 UTC+5:30 Mark Waite wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/46992fa3-776b-44f0-9cdd-b2f6b1bc549dn%40googlegroups.com. |
In reply to this post by timja...@gmail.com
> On 8. Jan 2021, at 09:47, Vibhav Bobade <[hidden email]> wrote: > > Would an update to winstone also be made in this new LTS release ? > The fix for the CVE https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 is available in 5.13 of winstone. Based on my research, the affected feature is opt-in and not used in Jenkins/Winstone. I had to change Winstone to even get close to the affected code. (If you are aware of ways to exploit this issue in Jenkins, please let us know: https://www.jenkins.io/security/reporting/ ) Given recent repeated trouble with regressions introduced by Jetty upgrades, we decided not to expedite this into LTS as it appears Jenkins is unaffected. If you value the results of automated dependency scanners over stability, I recommend you use weekly releases of Jenkins, which have included this update for several weeks. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/1C4C79D9-8401-4B96-A87A-B91AC0EEADF6%40beckweb.net. |
Free forum by Nabble | Edit this page |