The following versions of Jenkins Script Library are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
To report a security vulnerability, please follow these steps:
- Do NOT disclose the vulnerability publicly
- Email security details to thomas.vincent@gmail.com
- Include as much information as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fixes (if any)
- Initial response: Within 48 hours
- Assessment: Within 1 week
- Fix timeline: Communicated after assessment
When using this library:
- Always run scripts with the minimum required permissions
- Keep your Jenkins instance updated
- Review all scripts before execution
- Use credential binding rather than hardcoded credentials
- Implement audit logging for script executions
MIT License
Copyright (c) 2023-2025 Thomas Vincent