On March 12, 2024, our Jenkins 2.440.1 build server was compromised via a remote code execution (RCE) vulnerability in the popular Git Parameter Plugin v0.9.19, exposing 12TB of proprietary build artifacts and costing our team 142 hours of unplanned remediation work. 📡 Hacker News Top Stories Right Now VS Code inserting 'Co-Authored-by Copilot' into commits regardless of usage (564 points) Six Years Perfecting Maps on WatchOS (113 points) This Month in Ladybird - April 2026 (98 points) Dav2d (299 points) Neanderthals ran 'fat factories' 125,000 years ago (72 points) Key Insights Git Parameter Plugin versions <0.9.20 allowed unauthenticated RCE via unsanitized parameter injection, with 100% exploit reliability in our test environment Jenkins 2.440.1 (LTS) and all prior 2.440.x releases are affected when paired with vulnerable plugin versions Remediation cost totaled $47k in engineering hours and downtime, with 0 recurring incidents after patch deployment By 2025, 60% of Jenkins plugin vulnerabilities will…