Hi,
Jenkins has published a list of serious vulnerabilities [1].
Please note that while we have no reasons to believe we have been
compromised, we are still going to be rotating the various secrets,
keys and passwords stored in Jenkins credentials as a safety
precaution.
For jobs using JJB, this should hopefully be transparent since the
UUID of the secret will not change (but the contents of the secret
will).
If anything around RDO CI automation (including third party CI) breaks
as a result of this, please let me know here or on IRC (dmsimard)
Thanks,
[1]:
https://jenkins.io/security/advisory/2018-02-14/
David Moreau Simard
Senior Software Engineer | OpenStack RDO
dmsimard = [irc, github, twitter]