Friday, April 28, 2017

Security Release: Jenkins 2.57/2.46.2

The Jenkins project has released a new version that fixes multiple Cross-Site Request Forgery vulnerabilities, along with an unauthenticated remote code execution vulnerability & an impersonation issue.

It is strongly suggested that you update your Jenkins installations to the latest version. You can follow our documentation to learn how to upgrade your application. If you are using the Bitnami Jenkins Docker container image, please follow the documentation in our GitHub repository.

You can find more information about the Jenkins security issues in the Jenkins Security Advisory.

Bitnami has released Jenkins 2.57 containers, and Jenkins 2.46.2 installers, virtual machines and cloud images that address these vulnerabilities.

The Bitnami Jenkins offered on and on our cloud-specific launchpads has been updated to version 2.46.2. New launches of Bitnami Jenkins via our launchpad are secure and do not need to be further updated.

Users launching Bitnami Jenkins via a cloud marketplace are advised to select version 2.46.2 of Bitnami Jenkins, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forum and, we will be happy to help you.