+++ This bug was initially created as a clone of Bug #1972354 +++ +++ This bug was initially created as a clone of Bug #1972351 +++ Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Just an update on this matter. The customer has reached out to me earlier today and there it seems there has been a misunderstanding in the cause of the issue. The problem was not caused by a bad Jenkins image published by Red Hat, but instead, by a custom plugin dependency that the customer had introduced into their custom Jenkins starter kit image. As part of the Jenkins starter kit image, custom plugins were being added, however, the "latest" version of these plugins were being installed. This caused newer versions of any dependent plugins to be downloaded, however, there is no guarantee that these plugins are compatible with the version of Jenkins we provide. This means that there is no urgent need to bump up the Jenkins version. I have asked the customer to pin to a specific Jenkins version as well as pin any associated custom plugins so that both remain compatible with one another. I was wondering if there could be any plugin upgrade validation that could prevent upgrading to a plugin version that is incompatible with the underlying Jenkins version?
*** Bug 1891693 has been marked as a duplicate of this bug. ***
Downgrading the severity of this to "Medium" to conform with our Bugzilla standards - Bumping Jenkins will address CVEs with medium severity/"Moderate" impact score. - Priority is "High" to reflect aggregate importance of addressing CVEs.
VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.7.24 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3032
*** Bug 1972088 has been marked as a duplicate of this bug. ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days