[Jenkins-infra] Questions about serious security bugs

Paulos Yibelo habte.yibelo at gmail.com
Tue Sep 8 21:47:56 UTC 2015


Hi,

Its been days since a 0day in Jenkins have been announced to the
public, that can almost do anything to Jenkins. including code
execution: https://www.exploit-db.com/exploits/37999/

But since then, there appears to be no update on the change log or no
security advisories have come out. is this normal? shouldn't for a
project this big, such issues, not only should be fixed in hrs but not
found in the first place. am just curios if the next version is going
to contain the advisories.

Please anyone with a knowledge of this, speak up.

Thanks,
P


More information about the Jenkins-infra mailing list