Hello everyone. I am trying to understand the impact of Jenkins core security vulnerabilities on plugin usage.
Lets do this with an example: I am running Jenkins 2.319.3 and using a plugin that has 2.277.4 defined as <jenkins.version> in its pom.xml. Am I exposed to the vulnerabilities in 2.277.4? Does it depend on where the vulnerability actually is in the code? Is some core code compiled along with the plugin? If someone could explain a bit on how compiling and running plugins works - it would be very helpful. Thank you very much. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/c95a1ae2-63b1-4dcf-b779-e040849a409fn%40googlegroups.com.