Branch: refs/heads/master
Home: https://github.com/jenkinsci/jenkins
Commit: 0530a6645aac10fec005614211660e98db44b5eb
https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/util/RemotingDiagnostics.java
Log Message:
-----------
[FIXED SECURITY-73] Require RUN_SCRIPTS for /heapDump.
Commit: 5d57c855f3147bfc5e7fda9252317b428a700014
https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/model/Cause.java
Log Message:
-----------
[FIXED SECURITY-74] Apply markup formatter to remote cause note.
Commit: 8ac74c350779921598f9d5edfed39dd35de8842a
https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
Author: Vojtech Juranek <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
Log Message:
-----------
[FIXED SECURITY-75] Invalidate session after login to avoid session fixation
Commit: 535c1115bbf07f8a57d509f2d00598d6e21870d4
https://github.com/jenkinsci/jenkins/commit/535c1115bbf07f8a57d509f2d00598d6e21870d4
Author: Vojtech Juranek <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/markup/MyspacePolicy.java
Log Message:
-----------
[FIXED SECURITY-76] Prevent iframe injection, forbid iframe by default
Commit: a0b00508eeb74d7033dc4100eb382df4e8fa72e7
https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/model/View.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/resources/lib/hudson/setIconSize.jelly
Log Message:
-----------
[FIXED SECURITY-77] XSS in iconSize cookie.
Commit: fbf96734470caba9364f04e0b77b0bae7293a1ec
https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
Log Message:
-----------
[FIXED SECURITY-79] Prevent (private security realm) usernames from being
guessed.
Commit: 16931bd7bf7560e26ef98328b8e95e803d0e90f6
https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6
Author: Vojtech Juranek <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/resources/lib/layout/layout.jelly
Log Message:
-----------
[FIXED SECURITY-80] Add X-Frame-Options head to prevent clickjacking attacks
Commit: 788b7d7a067fad4972fefaaa527141847bfeff55
https://github.com/jenkinsci/jenkins/commit/788b7d7a067fad4972fefaaa527141847bfeff55
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/markup/MyspacePolicy.java
Log Message:
-----------
[FIXED SECURITY-88] Forbid offsite-bound forms in default markup formatter
policy.
Commit: 5548b5220cfd496831b5721124189ff18fbb12a3
https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/jenkins/security/ApiTokenFilter.java
Log Message:
-----------
[FIXED SECURITY-89] When checking an API token, verify that the user actually
exists.
Commit: bf539198564a1108b7b71a973bf7de963a6213ef
https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/model/PasswordParameterDefinition.java
M
core/src/main/resources/hudson/model/PasswordParameterDefinition/config.jelly
A test/src/test/java/hudson/model/PasswordParameterDefinitionTest.java
Log Message:
-----------
[FIXED SECURITY-93] PasswordParameterDefinition should serve existing default
value in encrypted form.
And strengthen functional tests (using configRoundTrip) to ensure that the same
mistake is not made elsewhere.
Commit: 29351af4bd01f61715418916fc12c52be46bd9b0
https://github.com/jenkinsci/jenkins/commit/29351af4bd01f61715418916fc12c52be46bd9b0
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M war/pom.xml
Log Message:
-----------
[FIXED SECURITY-106] Jenkins on Winstone vulnerable to session hijacking.
Commit: 622e39f8b4c4764a0768bf58645767405ba9ccaa
https://github.com/jenkinsci/jenkins/commit/622e39f8b4c4764a0768bf58645767405ba9ccaa
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/util/RobustReflectionConverter.java
M core/src/main/java/hudson/util/XStream2.java
M core/src/main/java/jenkins/model/Jenkins.java
Log Message:
-----------
[FIXED SECURITY-107] When security-related fields in Jenkins cannot be
unmarshaled, it is best to halt startup.
Commit: ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
Author: Vojtech Juranek <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/cli/CreateJobCommand.java
Log Message:
-----------
[FIXED SECURITY-108] Check job name created via CLI
Commit: b6b2a367a7976be80a799c6a49fa6c58d778b50e
https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/model/AbstractProject.java
M test/src/test/java/hudson/tasks/BuildTriggerTest.java
Log Message:
-----------
[FIXED SECURITY-109] SECURITY-55 fix to BuildTrigger configuration failed if
downstream project was not visible.
Commit: 7541e83cc9812afc2b464f0a3254a2453da53f4c
https://github.com/jenkinsci/jenkins/commit/7541e83cc9812afc2b464f0a3254a2453da53f4c
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/test/java/hudson/markup/MyspacePolicyTest.java
Log Message:
-----------
[SECURITY-76] [SECURITY-88] Adjust test to policy changes.
Commit: abc77438d2d36a9edd7f2aca91c182891ac88691
https://github.com/jenkinsci/jenkins/commit/abc77438d2d36a9edd7f2aca91c182891ac88691
Author: Jesse Glick <[email protected]>
Date: 2014-02-11 (Tue, 11 Feb 2014)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/cli/CreateJobCommand.java
M core/src/main/java/hudson/markup/MyspacePolicy.java
M core/src/main/java/hudson/model/AbstractProject.java
M core/src/main/java/hudson/model/Cause.java
M core/src/main/java/hudson/model/PasswordParameterDefinition.java
M core/src/main/java/hudson/model/View.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
M core/src/main/java/hudson/util/RemotingDiagnostics.java
M core/src/main/java/hudson/util/RobustReflectionConverter.java
M core/src/main/java/hudson/util/XStream2.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/java/jenkins/security/ApiTokenFilter.java
M
core/src/main/resources/hudson/model/PasswordParameterDefinition/config.jelly
M core/src/main/resources/lib/hudson/setIconSize.jelly
M core/src/main/resources/lib/layout/layout.jelly
M core/src/test/java/hudson/markup/MyspacePolicyTest.java
A test/src/test/java/hudson/model/PasswordParameterDefinitionTest.java
M test/src/test/java/hudson/tasks/BuildTriggerTest.java
Log Message:
-----------
Merge branch 'security' into security-rc
Conflicts:
core/src/main/java/hudson/Functions.java
core/src/main/java/hudson/markup/MyspacePolicy.java
core/src/main/java/hudson/util/RobustReflectionConverter.java
core/src/main/resources/lib/layout/layout.jelly
war/pom.xml
Commit: d030fbbaeeb5ee8980b5680b26217930834387f4
https://github.com/jenkinsci/jenkins/commit/d030fbbaeeb5ee8980b5680b26217930834387f4
Author: Jesse Glick <[email protected]>
Date: 2014-02-12 (Wed, 12 Feb 2014)
Changed paths:
M core/src/main/java/hudson/util/XStream2.java
M core/src/test/java/hudson/util/XStream2Test.java
Log Message:
-----------
[FIXED SECURITY-105] Disabling DynamicProxyConverter.
Commit: 408e2acace3caaa37ae4c89e822d46d015755cfb
https://github.com/jenkinsci/jenkins/commit/408e2acace3caaa37ae4c89e822d46d015755cfb
Author: Jesse Glick <[email protected]>
Date: 2014-02-12 (Wed, 12 Feb 2014)
Changed paths:
M core/src/main/java/hudson/util/XStream2.java
M core/src/test/java/hudson/util/XStream2Test.java
Log Message:
-----------
Merge branch 'security' into security-rc
Commit: 2ba3eb60d68647450af512d3a60b44c09958c70f
https://github.com/jenkinsci/jenkins/commit/2ba3eb60d68647450af512d3a60b44c09958c70f
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2014-02-14 (Fri, 14 Feb 2014)
Changed paths:
M cli/pom.xml
M core/pom.xml
M plugins/pom.xml
M pom.xml
M test/pom.xml
M war/pom.xml
Log Message:
-----------
[maven-release-plugin] prepare release jenkins-1.551
Commit: 659aa543b03418163b9fa2bfd404b13f38948043
https://github.com/jenkinsci/jenkins/commit/659aa543b03418163b9fa2bfd404b13f38948043
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2014-02-14 (Fri, 14 Feb 2014)
Changed paths:
M cli/pom.xml
M core/pom.xml
M plugins/pom.xml
M pom.xml
M test/pom.xml
M war/pom.xml
Log Message:
-----------
[maven-release-plugin] prepare for next development iteration
Commit: bddaf85a57f60a5f3661be0e5829f7e2f3b9646e
https://github.com/jenkinsci/jenkins/commit/bddaf85a57f60a5f3661be0e5829f7e2f3b9646e
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2014-02-14 (Fri, 14 Feb 2014)
Changed paths:
M changelog.html
Log Message:
-----------
updated changelog for release
Commit: ab36f4b898c84c1841a29707623c4885831f6f6f
https://github.com/jenkinsci/jenkins/commit/ab36f4b898c84c1841a29707623c4885831f6f6f
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2014-02-14 (Fri, 14 Feb 2014)
Changed paths:
M debian/debian/changelog
Log Message:
-----------
updated changelog as a part of the release
Commit: bdd8ca3fe418cc77b24669c6eb373c8ce546fd0f
https://github.com/jenkinsci/jenkins/commit/bdd8ca3fe418cc77b24669c6eb373c8ce546fd0f
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2014-02-14 (Fri, 14 Feb 2014)
Changed paths:
M changelog.html
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/cli/CreateJobCommand.java
M core/src/main/java/hudson/markup/MyspacePolicy.java
M core/src/main/java/hudson/model/AbstractProject.java
M core/src/main/java/hudson/model/Cause.java
M core/src/main/java/hudson/model/PasswordParameterDefinition.java
M core/src/main/java/hudson/model/View.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
M core/src/main/java/hudson/util/RemotingDiagnostics.java
M core/src/main/java/hudson/util/RobustReflectionConverter.java
M core/src/main/java/hudson/util/XStream2.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/java/jenkins/security/ApiTokenFilter.java
M
core/src/main/resources/hudson/model/PasswordParameterDefinition/config.jelly
M core/src/main/resources/lib/hudson/setIconSize.jelly
M core/src/main/resources/lib/layout/layout.jelly
M core/src/test/java/hudson/markup/MyspacePolicyTest.java
M core/src/test/java/hudson/util/XStream2Test.java
M debian/debian/changelog
A test/src/test/java/hudson/model/PasswordParameterDefinitionTest.java
M test/src/test/java/hudson/tasks/BuildTriggerTest.java
Log Message:
-----------
merged back the RC branch
Compare:
https://github.com/jenkinsci/jenkins/compare/724f9e0dfc20...bdd8ca3fe418
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
