Branch: refs/heads/stable
Home: https://github.com/jenkinsci/jenkins
Commit: 6d99c02b124ea3a1d76bd5762e8cab29018fd7cd
https://github.com/jenkinsci/jenkins/commit/6d99c02b124ea3a1d76bd5762e8cab29018fd7cd
Author: Jesse Glick <[email protected]>
Date: 2013-02-11 (Mon, 11 Feb 2013)
Changed paths:
M
core/src/main/resources/hudson/matrix/MatrixProject/configure-entries.jelly
M core/src/main/resources/hudson/model/AbstractItem/configure-common.jelly
Log Message:
-----------
Use jsStringEscape where necessary.
Commit: 20d628fa64751b0e7f71fac4acd35b5f42cbcbfd
https://github.com/jenkinsci/jenkins/commit/20d628fa64751b0e7f71fac4acd35b5f42cbcbfd
Author: Jesse Glick <[email protected]>
Date: 2013-02-11 (Mon, 11 Feb 2013)
Changed paths:
M licenseCompleter.groovy
M maven-plugin/pom.xml
Log Message:
-----------
Exclude NekoHTML and its concomitant obsolete Xerces.
Commit: f8d2a0ba6c2e261f48287bdd95bd7a2d7a8d2d0e
https://github.com/jenkinsci/jenkins/commit/f8d2a0ba6c2e261f48287bdd95bd7a2d7a8d2d0e
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2013-02-12 (Tue, 12 Feb 2013)
Changed paths:
M war/src/main/webapp/scripts/hudson-behavior.js
Log Message:
-----------
[FIXED SECURITY-46]
Commit: 757bc8a53956e6fbab267214e6e0896f03c3c262
https://github.com/jenkinsci/jenkins/commit/757bc8a53956e6fbab267214e6e0896f03c3c262
Author: Jesse Glick <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/src/main/java/hudson/model/AbstractProject.java
M core/src/main/java/hudson/model/Descriptor.java
M core/src/main/java/hudson/tasks/BuildTrigger.java
M core/src/main/resources/hudson/tasks/Messages.properties
M
core/src/main/resources/lib/hudson/project/config-upstream-pseudo-trigger.jelly
Log Message:
-----------
[SECURITY-55]
This patch makes standard post-build action refuse to let you configure a
downstream project you cannot currently build.
The one from parameterized-trigger will show an error in the configure screen
but still lets you save the configuration; needs an analogous patch to that
plugin.
Does not yet protect against POSTing config.xml with the trigger.
Commit: 1fb2acfd7b7d2a492dc2f8a60c69b5e8236dcb52
https://github.com/jenkinsci/jenkins/commit/1fb2acfd7b7d2a492dc2f8a60c69b5e8236dcb52
Author: Jesse Glick <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/src/main/java/hudson/model/AbstractProject.java
M core/src/main/java/hudson/model/BuildAuthorizationToken.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/jenkins/security/ApiTokenFilter.java
A core/src/main/resources/hudson/model/AbstractProject/requirePOST.jelly
A
core/src/main/resources/hudson/model/AbstractProject/requirePOST.properties
M core/src/main/resources/hudson/views/BuildButtonColumn/column.jelly
M war/src/main/webapp/scripts/hudson-behavior.js
Log Message:
-----------
[SECURITY-13]
Commit: 36c8624379df32092d5d3163a853e040905302ea
https://github.com/jenkinsci/jenkins/commit/36c8624379df32092d5d3163a853e040905302ea
Author: Jesse Glick <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/src/main/java/hudson/model/AbstractBuild.java
M core/src/main/java/hudson/model/AbstractProject.java
M core/src/main/java/hudson/model/Executor.java
M core/src/main/java/hudson/model/Queue.java
M core/src/main/resources/hudson/widgets/BuildHistoryWidget/entries.jelly
M core/src/main/resources/hudson/widgets/HistoryWidget/entry.jelly
M core/src/main/resources/lib/hudson/buildCaption.jelly
M core/src/main/resources/lib/hudson/executors.jelly
M core/src/main/resources/lib/hudson/queue.jelly
A core/src/main/resources/lib/layout/stopButton.jelly
Log Message:
-----------
[SECURITY-16]
Require POST for various operations.
Commit: b44df8b16a986a0f51e9b0415bde039d05f9e332
https://github.com/jenkinsci/jenkins/commit/b44df8b16a986a0f51e9b0415bde039d05f9e332
Author: Jesse Glick <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/pom.xml
Log Message:
-----------
[SECURITY-60] Upgrade Spring.
Commit: f4af9b1ab442ca912107d400caf4bb96635d64a5
https://github.com/jenkinsci/jenkins/commit/f4af9b1ab442ca912107d400caf4bb96635d64a5
Author: Jesse Glick <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/src/main/java/hudson/model/Api.java
M core/src/main/java/hudson/security/csrf/CrumbIssuer.java
M test/src/main/java/org/jvnet/hudson/test/HudsonTestCase.java
M test/src/test/java/hudson/model/ApiTest.java
M test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
Log Message:
-----------
[SECURITY-47]
- My second patch, with whitelisted XPath values and forbidden JSONP.
- Disabling JSONP altogether for REST API (unless explicitly allowed).
- Forbid primitive XPath result sets by default.
- Refuse to serve _crumb=123456 as this could (very hypothetically) be
exploited.
Commit: 7f283e401f500f3709d5f294ba1bc0eba1616318
https://github.com/jenkinsci/jenkins/commit/7f283e401f500f3709d5f294ba1bc0eba1616318
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/pom.xml
M core/src/main/java/hudson/model/AbstractBuild.java
M core/src/main/java/hudson/model/AbstractProject.java
M core/src/main/java/hudson/model/Api.java
M core/src/main/java/hudson/model/BuildAuthorizationToken.java
M core/src/main/java/hudson/model/Descriptor.java
M core/src/main/java/hudson/model/Executor.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/hudson/model/Queue.java
M core/src/main/java/hudson/security/csrf/CrumbIssuer.java
M core/src/main/java/hudson/tasks/BuildTrigger.java
M core/src/main/java/jenkins/security/ApiTokenFilter.java
M
core/src/main/resources/hudson/matrix/MatrixProject/configure-entries.jelly
M core/src/main/resources/hudson/model/AbstractItem/configure-common.jelly
A core/src/main/resources/hudson/model/AbstractProject/requirePOST.jelly
A
core/src/main/resources/hudson/model/AbstractProject/requirePOST.properties
M core/src/main/resources/hudson/tasks/Messages.properties
M core/src/main/resources/hudson/views/BuildButtonColumn/column.jelly
M core/src/main/resources/hudson/widgets/BuildHistoryWidget/entries.jelly
M core/src/main/resources/hudson/widgets/HistoryWidget/entry.jelly
M core/src/main/resources/lib/hudson/buildCaption.jelly
M core/src/main/resources/lib/hudson/executors.jelly
M
core/src/main/resources/lib/hudson/project/config-upstream-pseudo-trigger.jelly
M core/src/main/resources/lib/hudson/queue.jelly
A core/src/main/resources/lib/layout/stopButton.jelly
M licenseCompleter.groovy
M maven-plugin/pom.xml
M test/src/main/java/org/jvnet/hudson/test/HudsonTestCase.java
M test/src/test/java/hudson/model/ApiTest.java
M test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
M war/src/main/webapp/scripts/hudson-behavior.js
Log Message:
-----------
Merge remote-tracking branches 'origin/SECURITY-13', 'origin/SECURITY-16',
'origin/SECURITY-46', 'origin/SECURITY-47', 'origin/SECURITY-55',
'origin/SECURITY-59', 'origin/SECURITY-60' and 'origin/SECURITY-61' into stable
Commit: f637107e6f7f985440b52f50ea2e481f5d8b6a58
https://github.com/jenkinsci/jenkins/commit/f637107e6f7f985440b52f50ea2e481f5d8b6a58
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/src/main/java/hudson/util/jna/Kernel32.java
Log Message:
-----------
Oops, I forgot to actually use it
(cherry picked from commit 9eadc32227915f52e0a1f54c50bf4874488cba1a)
Commit: bd86c3193cb122faee06c74f14ee0e37c9c9cae6
https://github.com/jenkinsci/jenkins/commit/bd86c3193cb122faee06c74f14ee0e37c9c9cae6
Author: Jesse Glick <[email protected]>
Date: 2013-02-13 (Wed, 13 Feb 2013)
Changed paths:
M core/src/main/java/jenkins/model/Jenkins.java
Log Message:
-----------
Strengthening regexp a bit.(cherry picked from commit
7b15466d92410374dcaa8b812b33b0a813e1c559)
Commit: ccb6e948f996509e8c50eb13d0fd0f6a2abdccc6
https://github.com/jenkinsci/jenkins/commit/ccb6e948f996509e8c50eb13d0fd0f6a2abdccc6
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2013-02-15 (Fri, 15 Feb 2013)
Changed paths:
M cli/pom.xml
M core/pom.xml
M maven-plugin/pom.xml
M plugins/pom.xml
M pom.xml
M test/pom.xml
M ui-samples-plugin/pom.xml
M war/pom.xml
Log Message:
-----------
[maven-release-plugin] prepare release jenkins-1.480.3
Commit: ee76cc4a2654c95f1d0b95272e77459b49fa4757
https://github.com/jenkinsci/jenkins/commit/ee76cc4a2654c95f1d0b95272e77459b49fa4757
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2013-02-15 (Fri, 15 Feb 2013)
Changed paths:
M cli/pom.xml
M core/pom.xml
M maven-plugin/pom.xml
M plugins/pom.xml
M pom.xml
M test/pom.xml
M ui-samples-plugin/pom.xml
M war/pom.xml
Log Message:
-----------
[maven-release-plugin] prepare for next development iteration
Commit: add3b4694e885a0997aefad96c8d4401f84d98b9
https://github.com/jenkinsci/jenkins/commit/add3b4694e885a0997aefad96c8d4401f84d98b9
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2013-02-15 (Fri, 15 Feb 2013)
Changed paths:
M debian/debian/changelog
Log Message:
-----------
updated changelog as a part of the release
Compare:
https://github.com/jenkinsci/jenkins/compare/295dc77579f5...add3b4694e88
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
