Thursday, February 2, 2017

Security Release: Jenkins 2.44/2.32.2

[UPDATE 2017-02-03]

For new application deployments, Bitnami has released Jenkins 2.44 containers, and Jenkins 2.32.2 installers, virtual machines and cloud images that address these vulnerabilities. If you deploy Bitnami Jenkins via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami Jenkins via one of our cloud partner marketplaces and it is not yet updated to version 2.32.2, you will need to upgrade your application using the documentation linked below.


The Jenkins project has just released a new version that fixes multiple security issues, including a fix for a XStream remote code execution vulnerability.

It is strongly suggested that you update your Jenkins application to the latest version. You can follow our documentation to learn how to upgrade your application. If you are using the Bitnami Jenkins container, please follow the documentation in our GitHub repository.

You can find more information about the Jenkins security issues in the Jenkins Security Advisory.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. Our team is working to update all of the affected Jenkins packages available through Bitnami as quickly as possible.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forum,and we will be happy to help you.