Jenkins Warnings

Hello Team,

I see lot of warnings in the manage Jenkins console.

Can you please let me know what is the exact process to remove the below warnings?

Here are the few warnings which i can see in the manage jenkins page: -

Warnings have been published for the following currently installed components:

Jenkins 2.271 core and libraries
Multiple security vulnerabilities in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier
Multiple security vulnerabilities in Jenkins 2.393 and earlier, LTS 2.375.3 and earlier
Multiple security vulnerabilities in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier
Multiple security vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier
HTTP/2 denial of service vulnerability in bundled Jetty
Multiple security vulnerabilities in Jenkins 2.299 and earlier, LTS 2.289.1 and earlier
CSRF vulnerability in build triggers
DoS vulnerability in bundled XStream library

Parameterized Trigger plugin 2.39
Sensitive parameter values captured in build metadata files
Pipeline: Stage View Plugin 2.19
CSRF protection for any URL can be bypassed

Code Coverage API Plugin 1.2.0
RCE vulnerability
MSTest plugin 1.0.0
XXE vulnerability on agents

Upgrade. 271 is almost 2 years old. There’s been many many releases and security fixes since then.

So follow the upgrade guide and upgrade to the version with fixes applied.

Hello Halkeye,

Thanks for the quick response.

I have upgraded jenkins version from 2.271 to 2.289.2 but still i can see same warnings only.

Do we have any steps to remove the warnings?

2.271 to 2.289.2 is a fairly minor upgrade, to a very dated release. You will want to upgrade to a recent LTS release, like 2.387.1, to mitigate vulnerabilities you are subject to.