Multiple Jenkins plugins received updates today that fix several security vulnerabilities:

For an overview of what was fixed, see the security advisory.

Additionally, we also published a security notice for the following plugin and recommend that users disable and uninstall it:

This plugin is not part of the Pipeline suite of plugins, despite its name. It’s installed on just several hundred instances.

Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.

About the Author
Daniel Beck

Daniel is a Jenkins core maintainer and, as security officer, leads the Jenkins security team. He sometimes contributes to developer documentation and project infrastructure.