Status: Resolved (View Workflow)
Jenkins 2.332.3 (LTS)
we are getting CVE Errors on our Jenkins 2.332.3 (LTS) which i think they are already fixed in Version 1.5.1.
But unfortunately on Jenkins LTS the latest Version of the Plugin is 1.4.10.
The CVE Errors we are getting are:
SECURITY-2241 / CVE-2022-28138 (CSRF), CVE-2022-28139 (missing permission check)
What's the reason that the Plugin on the LTS Version of Jenkins will not be updated?
Hi mreinhardt ,
that means only User which uses the latest Jenkins Release (not the LTS Release) , can get the latest Plugin Updates?
Shouldn't Security fixes normally commited in the Release Version from the LTS Branch (1.4.10) and merged into dev/latest?
no I'm totally with you.
It was a fault from my side. The release from today should be also available to LTS release...
PS: Plugins in Jenkins are totally independent from Jenkins branching ....
Sorry for my late response.
The breaking change was not happening by intentation. Fixed that with Release 1.5.2