Jenkins Maven
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jenkins Maven.
EOL Dates
Ensure that you are using a supported version of Jenkins Maven. Here are some end of life, and end of support dates for Jenkins Maven.
| Release | EOL Date | Status |
|---|---|---|
| 3.9 | - |
Active
|
| 3.8 | - |
Active
|
| 3.6 | March 30, 2021 |
EOL
Jenkins Maven 3.6 became EOL in 2021. |
| 3.5 | October 24, 2018 |
EOL
Jenkins Maven 3.5 became EOL in 2018. |
| 3.3 | April 3, 2017 |
EOL
Jenkins Maven 3.3 became EOL in 2017. |
| 3.2 | March 13, 2015 |
EOL
Jenkins Maven 3.2 became EOL in 2015. |
| 3.1 | February 14, 2014 |
EOL
Jenkins Maven 3.1 became EOL in 2014. |
| 3.0 | June 28, 2013 |
EOL
Jenkins Maven 3.0 became EOL in 2013. |
| 2 | February 18, 2014 |
EOL
Jenkins Maven 2 became EOL in 2014. |
| 1 | February 18, 2014 |
EOL
Jenkins Maven 1 became EOL in 2014. |
By the Year
In 2026 there have been 0 vulnerabilities in Jenkins Maven. Maven did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 7.80 |
It may take a day or so for new Maven vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Maven Security Vulnerabilities
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks
CVE-2019-16549
8.1 - High
- December 17, 2019
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
XXE
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier
CVE-2019-16550
8.8 - High
- December 17, 2019
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
Session Riding
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds
CVE-2019-10358
6.5 - Medium
- July 31, 2019
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Maven or by Jenkins? Click the Watch button to subscribe.
