Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Jenkins security patches could break plug-ins

Fahmida Y. Rashid | June 30, 2016
The latest security update for Jenkins changed how build parameters are handled, impacting multiple plug-ins

"It's what you would do to prank or screw a co-worker," Croy said.

Considering the flaws are rated as either medium or low severity, it may be tempting to wait until the affected plug-ins are fixed before updating Jenkins. That is an option, but Croy said administrators have to assess the risks of not updating. The security profile for Jenkins that is  Internet-facing is different from one used internally. A corporatewide Jenkins server may have a large number of users and a global reach, which can be a factor in deciding to update sooner rather later.

"We strongly recommend Jenkins installations on hostile networks to apply the update as soon as possible," Croy said.

Source: Infoworld


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.