back to article Jenkins plugs 11 security holes with two updates

Jenkins says it has fixed a range of security vulnerabilities in the open source integration tool with a brace of fresh releases. Versions 1.638 and 1.625.2 of the open source integration tool hit the streets yesterday, presumably capping a frantic race to plug a zero-day vulnerability which surfaced last Friday. That …

  1. x 7

    sorry but.....WTF is Jenkins?

    Sounds like some kind of virtual reality Butler. Or a ginger cat.....

    1. WraithCadmus

      I had the same issue

      After setting it up for our devs here's the basic gist.

      When you push stuff to your code repository it goes "oh you changed something" and pushes those changes to a dev machine so you can check it, or makes a docker container for your devs to pick up or whatever. Then when you're happy with a given release you go "put it live, that one" and it does the deploy.

      It can do a whole lot more besides, but the basic idea is to speed up how quickly a dev can see their changes, thus speeding up development.

      And yeah it's called Jenkins as it's a butler, doing things for you behind the scenes.

  2. 1Rafayal

    It's used for coordinating builds and deployments, as well as other things for software development projects.

    I am at a loss as to why the reg thinks this is news worthy. I guess it is down to their immense desire to somehow publish devops articles, despite having zero idea what working in devops actually means

    1. James 51

      Stuff like this is obviously going to be of interest to a sizeable portion of el reg's readership. Just because you aren't using it doesn't mean it isn't being used.

  3. This post has been deleted by its author

    1. This post has been deleted by its author

    2. admiraljkb
      Thumb Up

      Jenkins is a dessert topping and a floor wax.

      I was setting it up for development environments 4 years ago, and then setup a couple more for automated transfers as well as IT automation jobs. It's primarily for continuous integration and devops, but it's good at helping to automate nearly anything, even new user creation in ad to create the account and the other setup details that would be manual steps otherwise. I mostly use it for Linux automation tasks and devops/CI. Makes it easy to setup complex tasks behind the scenes, and then hand it over to tier one support to just click a button. Once you start automating on Jenkins, it doesn't stop. :). It's an awesome general purpose automation tool.

      And now I have some servers to patch after testing.....

  4. 1Rafayal

    Agreed, Jenkins is by far the best CI tool out there. Unfortunately though, one of its best features, the plugins make it very insecure - but I think this is a failing of many CI servers :(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like