Timeframe
Vulnerability public @ November 9th 2015
Vulnerability fixed @ November 6th 2015
Impact
- Undisclosed at this time
You may restart your Jenkins to be upgraded to 1.609.4.6 immediately. We will automatically restart your Jenkins in the next 48 hours if you have not done so already.
Root Cause
Undisclosed at this time.
There is one DEV@cloud relevant high-severity vulnerability being patched in 1.609.4.6
Further information will not be provided at the current time.
Data Loss / Security Implications
During the global restart, jobs that are queued (but not building) are lost. We are internally tracking a fix for this issue, however it will not be in place for this release.
There are no other known data loss or security implications for DEV@cloud customers.
Followup
Full information on the security vulnerability will be made available when the Jenkins team publicly announces the list of vulnerabilities included in the security release.
