Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin

[Daniel Beck <ml () beckweb net>]

Jenkins is an open source automation server which enables developers around 
the world to reliably build, test, and deploy their software. The following 
plugin releases contain fixes for security vulnerabilities:

* Delivery Pipeline Plugin 1.0.8

Summaries of the vulnerabilities are below. More details, severity, and
attribution can be found here:
https://jenkins.io/security/advisory/2017-11-16/

We provide advance notification for security updates on this mailing list:
https://groups.google.com/d/forum/jenkinsci-advisories

If you find security vulnerabilities in Jenkins, please report them as
described here:
https://jenkins.io/security/#reporting-vulnerabilities

---

SECURITY-640
Delivery Pipeline Plugin used the unescaped content of the query parameter 
`fullscreen` in its JavaScript, resulting in a cross-site scripting 
vulnerability through specially crafted URLs.