I got e-mail of this via cloudbees but wanted to make sure that list members were also aware (I didn't see one): http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb
Excerpt from security announcement link above: Severity: CloudBees rates these vulnerabilities as high, when combined, as they allow malicious users to gain unauthorized access to the information and impersonate the administrator of the system. On the other hands, this attack can be only mounted passively, and the attacker needs to know the URL of your Jenkins installations. Fix: * Main line users should upgrade to Jenkins 1.491 * LTS users should upgrade to 1.480.1 Request to Cloudbees: please send a notification of this out on the Jenkins user list too
