Hi Team,
We are currently running Jenkins LTS version 2.387.3 on azure windows vm.
The security team in our organization has raised below CVE to be addressed Jenkins Security Advisory 2023-10-18
We are not using the --http2Port
argument to java -jar jenkins.war
or corresponding options in service configuration files.
Do we still need to plan upgrade to address these CVEs ?
Please confirm
Regards,
Azeem