Posts tagged " Security "

Jenkins Plugins Security Advisory

August 1st, 2018 Posted by Cloudbees, DevOps, News No Comment yet

There is a new Security Advisory that covers issues in several Jenkins plugins, including the Kubernetes Plugin, the Confluence Publisher Plugin, the SSH Agent Plugin and several more. Descriptions of the issues and how they have been addressed in each plugin are included.

Check out the advisory to see if any issues affect plugins you are relying on.

Ansible 2.6.1 Security Fixes

July 23rd, 2018 Posted by News, RedHat No Comment yet

There is a point release for Ansible that addresses a few issues, including a couple of Security issues:

  • Security Fix – avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
  • Security Fix – avoid using ansible.cfg in a world writable dir.

This is in addition to the Security fix in 2.6 that caused the no_log option to be ignored in certain situations, potentially resulting in private task info being logged.

At a minimum we’re recommending our clients move to the 2.6 Stable release, although we haven’t seen any issues with 2.6.1 in our testing.