We just released security updates to Jenkins, versions 2.107 and 2.89.4, that fix multiple security vulnerabilities.

For an overview of what was fixed, see the security advisory. For an overview on the possible impact of these changes on upgrading Jenkins LTS, see our LTS upgrade guide.

While the severity score works out as medium for all the vulnerabilities, we strongly recommend that anyone operating publicly accessible Jenkins instances update as soon as possible, as their secrets on disk might be at risk by SECURITY-705.

Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.

Daniel Beck

This author has no biography defined. See social media links referenced below.