CloudBees Pipeline: Template used insecure SnakeYaml constructor
BEE-30448 / GHSA-mjmj-j48q-9wg2 / CVE-2022-1471
Severity (CVSS): High
Affected plugin: CloudBees Pipeline: Template
Description:
In the CloudBees Pipeline: Template plugin, an insecure SnakeYaml constructor was used.
It is now using the SnakeYaml SafeConstructor.
CloudBees Backup plugin uses SHA-1 Hashes for the Approvers Map
BEE-29578
Severity (CVSS): Medium
Affected plugin: CloudBees Backup
Description:
The CloudBees Backup plugin used SHA-1 hashes for the approvers map.
The plugin now uses SHA-256 for that approvers map.