# TSSW jenkins 2019-04-10 security advisory

XMLWordPrintable

## Details

• Type: Bug
• Status: Done
• Resolution: Done
• Fix Version/s: None
• Component/s:
• Labels:
None
• Story Points:
0.041
• Team:
SQuaRE

## Description

Two CVEs were disclosed yesterday: https://jenkins.io/security/advisory/2019-04-10/

• SECURITY-1289 / CVE-2019-1003049 isn't relevant as the remoting CLI is disabled
• SECURITY-1327 / CVE-2019-1003050 doesn't have much information but it sounds as if it would require at least a url to be part of a job name.

## Activity

Hide
Joshua Hoblitt added a comment -

The update has been announced for this afternoon on the slack #ts-software channel:

 @here A security update for https://ts-ci.lsst.codes needs to be deployed. I apologize for the short notice -- I am planning to roll it out this afternoon at ~1700 local/project time. The disruption is only expected to be a few minutes. 

Show
Joshua Hoblitt added a comment - The update has been announced for this afternoon on the slack #ts-software channel: @here A security update for https: //ts-ci.lsst.codes needs to be deployed. I apologize for the short notice -- I am planning to roll it out this afternoon at ~1700 local/project time. The disruption is only expected to be a few minutes.
Hide
Joshua Hoblitt added a comment -

The core update has been successfully deployed.

Show
Joshua Hoblitt added a comment - The core update has been successfully deployed.

## People

• Assignee:
Joshua Hoblitt
Reporter:
Joshua Hoblitt
Watchers:
Andy Clements, Joshua Hoblitt, Rob Bovill