-
Task
-
Resolution: Done
-
Normal
-
None
-
openshift-4.10, openshift-4.11, openshift-4.12
-
False
-
None
-
False
-
-
According to https://github.com/openshift/jenkins/blob/master/2/contrib/openshift/jenkins-version.txt Openshift uses 2.401.1
But customer wants to use the updated Jenkins image , due to newly added security advisory.
~~~
following versions between 2.401.1 and 2.424 have 'important security fixes' where several CVEs are said to be fixed per version:
2.424: https://www.jenkins.io/security/advisory/2023-09-20/
2.416: https://www.jenkins.io/security/advisory/2023-07-26/
~~~
Also, Below is what cu get below messages when trying to install jenkins using said automated plugin update, which are dependency errors saying:
Jenkins (2.401.3) or higher required
As for what version it is at, currently for the newest released ocp-tools-4 image,
jenkins version: Jenkins 2.401.1
Given that 2.402 version of jenkins is, according to the link below, already 4 months old, let alone 2.401.1 which assumedly is the version iteration of 2.401 at 5 months old, figured it was overdue for an update. Newest is today, 2.422
https://www.jenkins.io/changelog/
~~~
Customer will face challenges from their security team if they dont get this latest image or plugin.