| Tip |
|---|
Did you know you can subscribe to updates to security issues and release notes? Right click and copy this link and paste it into Outlook RSS Feeds or your feed reader of choice. |
November 14,2024
FLEXDEPLOY-13546 - FlexDeploy ships with a version of nimbus-jose-jwt that is vulnerable to CVE-2023-52428. This will be addressed in a future FlexDeploy version.
FLEXDEPLOY-13547 - FlexDeploy ships with a version of commons-io that is vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554. This will be addressed in a future FlexDeploy version.
October 21, 2024
FLEXDEPLOY-13177 - In versions 6.5.0.0-6.5.0.20, 7.0.0.0-7.0.0.11 and 8.0.0.0-8.0.0.6, password hashes were visible in a GraphQL query. Upgrading to 6.5.0.21, 7.0.0.12 or 8.0.0.7 is recommended.
September 27,2024
FLEXDEPLOY-12743 - The version of Guava shipped with the Jenkins plugin is vulnerable to CVE-2023-2976. This is resolved in plugin version 8.0.0.7 and 9.0.0.0. The plugin now requires Java 8.
...