Security updates for multiple Jenkins plugins

Daniel Beck March 20, 2017

Multiple Jenkins plugins received updates today that fix several security vulnerabilities:

Active Directory
Distributed Fork
Email Extension (Email-ext)
Mailer
SSH Build Agents

For an overview of what was fixed, see the security advisory.

Additionally, we also published a security notice for the following plugin and recommend that users disable and uninstall it:

Pipeline: Classpath Step

This plugin is not part of the Pipeline suite of plugins, despite its name. It’s installed on just several hundred instances.

Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.

plugins
security

About the author

Daniel Beck

Daniel is a Jenkins core maintainer and member of the Jenkins security team. He was the inaugural Jenkins security officer from 2015 to 2021. He sometimes contributes to developer documentation and project infrastructure in his spare time.