Important security updates for Jenkins core and plugins

    We just released security updates to Jenkins, versions 2.84 and 2.73.2, that fix several security vulnerabilities. Additionally, we published a new release of Swarm Plugin whose client contains a security fix, and Maven Plugin 3.0 was recently released to resolve a security issue. Users of Swarm Plugin and Maven Plugin should update these to their respective newest versions.

    For an overview of what was fixed, see the security advisory. For an overview on the possible impact of these changes on upgrading Jenkins LTS, see our LTS upgrade guide.

    We also published information about a vulnerability in Speaks! Plugin. There is no fix available and we recommend it be uninstalled. Its distribution has been suspended.

    Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security.

    About the Author
    Daniel Beck
    Daniel Beck

    Daniel is a Jenkins core maintainer and member of the Jenkins security team. He was the inaugural Jenkins security officer from 2015 to 2021. He sometimes contributes to developer documentation and project infrastructure in his spare time.