This information may be out of date, as the canonical version of this page can now be found at jenkins.io/security
Receive Security Advisories
From time to time, we issue a security advisory to report security problems in Jenkins. You can receive notifications for such advisories in one of the following ways:
- email@example.com mailing list
- http://feeds.feedburner.com/jenkins-security-advisories RSS feed
See Past Security Advisories
Report Security Vulnerabilities
If you find a vulnerability in Jenkins, please report it in the issue tracker under the "SECURITY" project. This project is configured in such a way that only the reporter and the core Jenkins developers can see the details.
By restricting the access to the potential sensitive information, we can work on the problem and deliver the fix before the method of attack becomes well-known.
For information on what makes a good report in general, see: How to report an issue.
If you are unwilling or unable to file an issue directly, please email your disclosure to the Jenkins CERT mailing list: