Can we release a new version of 2.46x that fixes Security-3463 / CVE-2024-47855?

920526640 · November 28, 2024, 1:54am

Can we release a new version of 2.46x that fixes Security-3463 / CVE-2024-47855?
Because we’re still using jdk11

MarkEWaite · November 28, 2024, 2:10pm

We don’t plan to release a new version of 2.462.x. The Jenkins security team tracks the most recent LTS release and the most recent weekly release.

bpedersen2 · December 4, 2024, 11:52am

And note, the jdk (actually jsu a jre is need) used to run jenkins does not need to be the same that you use to build your projects. So you can run jenkins on jre 17 or jre 21 and still let your builds use a jdk11.

Topic		Replies	Views
Confirm vulnerability resolved in version 2.462.3 Ask a question	3	30	February 10, 2025
CVE-2024-23898, CVE-2023-27899 and CVE-2023-43496 vulnerabilities on jenkins/jenkins:2.448-alpine-jdk17 Community question	7	612	March 13, 2024
Is Jenkins@2.332.2 and Jenkins@2.332.3 supported/patched? Using Jenkins	1	522	December 1, 2022
Jenkins jenkins-2.479.1-rc released Blog & News	1	165	November 4, 2024
Why does CVE-2024-22243 not apply to Jenkins? Ask a question	1	130	July 15, 2024

Can we release a new version of 2.46x that fixes Security-3463 / CVE-2024-47855?

Related topics