upgrade jenkins.ovirt.org to 2.107.1 LTS

General

Additional Info

General

Additional Info

Description

A new LTS version of Jenkins is out, our instances need to be updated

Show:

Update applied to Production. Of things to note - ghprb prints out messages like this in the logs:

Cannot convert type org.jenkinsci.plugins.ghprb.GhprbCause to type org.kohsuke.github.GHUser

this should be fixed in the installed version 1.40.0 and pull request tests worked fine in Staging so ignoring the warnings for now.

A fresh security advisory is out affecting three plugins that we use:

plugin	version	issue	fixed version
Copy To Slave Plugin	1.4.4	Plugin allows access to arbitrary files on the Jenkins master file system	-
Mailer Plugin	1.20	Unauthorized users able to send test emails	1.21
GitHub Pull Request Builder	<1.40.0	GitHub access tokens stored in in build.xml	1.40.0

As of now, only the mailer plugin received an update. The others require admin access to exploit so there seems to be no urgency here.

Will update Staging with released fixes and move on to patching as is unless other plugins are fixed in the mean time.

Updates applied to Staging, patch submitted for review

Done

Created March 19, 2018 at 1:51 PM

Updated May 1, 2018 at 7:15 AM

Resolved April 11, 2018 at 2:55 AM