Thursday, July 19, 2018

Security Release: Jenkins 2.121.2

The Jenkins project released a new version that fixes multiple security vulnerabilities. These vulnerabilities allow unauthenticated users to reset parts of the Jenkins configuration as well as to read arbitrary files inside the installation, cancel builds, or abort agent launches.

We recommend that you update your Jenkins installations to the latest version. You can follow our documentation to learn how to upgrade your application. If you are using the Bitnami Jenkins Docker container image, please follow the documentation in our GitHub repository.

You can find more information about this Jenkins security issue in the Jenkins Security Advisory.

Bitnami has released Jenkins 2.121.2 containers, Helm Charts, Multi-Tier solutions, installers, virtual machines and cloud images that address these vulnerabilities.

The Bitnami Jenkins stack offered in and in our cloud-specific launchpads has been updated to that new version. New launches of Bitnami Jenkins via our launchpad are secure and do not need to be updated further.

Users launching Bitnami Jenkins via a cloud marketplace are advised to select version 2.121.2 of Bitnami Jenkins, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forum and we will be happy to help you.