Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-72904

After updating the jenkins.war to 2.450 i get vulnerability notifications

      Hi,

      I just updated my jenkins.war from 2.448 to 2.450 and now I get the following warning:

      Warnings have been published for the following currently installed components:Jenkins 2.450 core and librariesHTTP/2 denial of service vulnerability in bundled Jetty (no fix available)No
       fixes for these issues are available. It is recommended that you review
       the security advisory and apply mitigations if possible. 

      As I said, my version currently is 2.450 and when I look into: https://www.jenkins.io/security/advisory/2024-03-20/ it seems, like this problem should only affect previous versions to 2.443.

      Is this actualy a security concern for 2.450 aswell, or is it just a visual notification bug?

      I've attached a screenshot of the message

       

          [JENKINS-72904] After updating the jenkins.war to 2.450 i get vulnerability notifications

          Mark Waite added a comment -

          Also reported in https://groups.google.com/g/jenkinsci-dev/c/QYw0kiX29I4/m/nEqQSiayAwAJ

          Resolved by https://github.com/jenkins-infra/update-center2/pull/769

          Use the plugin manager refresh button to get the most recent update center data.

          Mark Waite added a comment - Also reported in https://groups.google.com/g/jenkinsci-dev/c/QYw0kiX29I4/m/nEqQSiayAwAJ Resolved by https://github.com/jenkins-infra/update-center2/pull/769 Use the plugin manager refresh button to get the most recent update center data.

          Fabian König added a comment -

          Thanks a lot for the info!

          Fabian König added a comment - Thanks a lot for the info!

            Unassigned Unassigned
            fakoelobster Fabian König
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: