Update jenkins-cli.jar to v2.479.3 #321

acant · 2025-01-10T16:12:05Z

This should address #320 and fix CVE-2015-8103.
I think it might also address CVE-2024-43044.

# Download the current `jenkins.war` file from https://www.jenkins.io/download/ to $DOWNLOAD_DIR
cd $REPO_DIR
mkdir -p tmp/jenkins
mv $DOWNLOAD_DIR/jenkins.war tmp/jenkins
cd tmp/jenkins
jar -xvf jenkins.war
ls WEB-INF/lib/cli-*.jar
# Make note of the cli version number
cp WEB-INF/lib/cli-*.jar ../../java_deps/jenkins-cli.jar
cd ../..
# done! Ready to update the CHANGELOG and commit.

Please let me know if there are any changes that are needed to get this PR merged.

grosser · 2025-01-11T01:39:51Z

thx, looks good and sha matches what I got :)

grosser · 2025-01-11T01:41:17Z

added your instructions into the readme since that was not obvious at all :D
#322

grosser · 2025-01-11T01:42:58Z

2.2.0

acant · 2025-01-12T17:58:43Z

Awesome @grosser 👍 , thank you for the merged.
I will try deploying this next week and confirm if it clears both of the CVE reports.

Update jenkins-cli.jar to v2.479.3

a0295a4

acant mentioned this pull request Jan 10, 2025

Jarfile is vulnerable to CVE-2015-8103 and also very outdated #320

Closed

grosser merged commit f778e41 into arangamani:master Jan 11, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update jenkins-cli.jar to v2.479.3 #321

Update jenkins-cli.jar to v2.479.3 #321

acant commented Jan 10, 2025

grosser commented Jan 11, 2025

grosser commented Jan 11, 2025

grosser commented Jan 11, 2025

acant commented Jan 12, 2025

Update jenkins-cli.jar to v2.479.3 #321

Update jenkins-cli.jar to v2.479.3 #321

Conversation

acant commented Jan 10, 2025

grosser commented Jan 11, 2025

grosser commented Jan 11, 2025

grosser commented Jan 11, 2025

acant commented Jan 12, 2025