Last week, the infrastructure team identified the potential compromise of a key infrastructure machine. This compromise could have taken advantage of, what could be categorized as, an attempt to target contributors with elevated access. Unfortunately, when facing the uncertainty of a potential compromise, the safest option is to treat it as if it were an actual incident, and react accordingly. The machine in question had access to binaries published...

The Script Security Plugin and the Extra Columns Plugin were updated today to fix medium-severity security vulnerabilities. For detailed information about the security content of these updates, see the security advisory. Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security....

We released Jenkins updates today that include important security fixes: 1.650 and 1.642.2. For detailed information about the security content of these updates, see the security advisory. Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security....