My IT administrator notified me that the Spring framework used in Jenkins 2.528.3 is just 6.2.10. The vulnerability affects 6.2.0 - 6.2.11 and is only resolved in 6.2.12 or later. When will Jenkins be able update the Spring framework to the latest version?
You can find the LTS schedule documented at LTS Release Line; specific upcoming release dates are also in the calendar at Events .
Alternatively, you could switch to the weekly release line. That has included a fix version since 2.533, released in mid October.
1 Like