Branch: refs/heads/stable-1.651
Home: https://github.com/jenkinsci/jenkins
Commit: 57a82505f4dc5de97c57ad1f340561ad9f0159c5
https://github.com/jenkinsci/jenkins/commit/57a82505f4dc5de97c57ad1f340561ad9f0159c5
Author: Daniel Beck <daniel-b...@users.noreply.github.com>
Date: 2016-02-03 (Wed, 03 Feb 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
A test/src/test/java/hudson/model/ParametersActionTest2.java
Log Message:
-----------
[FIX SECURITY-170] Don't expose parameters not defined on the run
Commit: 17edeb48291a3807b84142bb01f576b8eb2f50a2
https://github.com/jenkinsci/jenkins/commit/17edeb48291a3807b84142bb01f576b8eb2f50a2
Author: Daniel Beck <daniel-b...@users.noreply.github.com>
Date: 2016-02-15 (Mon, 15 Feb 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
M core/src/main/java/hudson/PluginWrapper.java
M core/src/main/java/hudson/model/UpdateCenter.java
Log Message:
-----------
[FIX SECURITY-250] Restrict access to admin APIs
Commit: 82b42359797e42fa4b2428d5e390e7ce91b74998
https://github.com/jenkinsci/jenkins/commit/82b42359797e42fa4b2428d5e390e7ce91b74998
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-19 (Tue, 19 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Functions.java
M test/src/test/java/lib/form/PasswordTest.java
A
test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly
Log Message:
-----------
[SECURITY-266] Conceal ciphertext from the web UI for a user who has no
Item.CONFIGURE permission.
Commit: e8f6410793b418be3786b38dbe4fddfbb23db4cf
https://github.com/jenkinsci/jenkins/commit/e8f6410793b418be3786b38dbe4fddfbb23db4cf
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-20 (Wed, 20 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/model/AbstractItem.java
M core/src/main/java/hudson/util/Secret.java
M core/src/test/groovy/hudson/util/SecretTest.groovy
M test/src/test/java/lib/form/PasswordTest.java
Log Message:
-----------
[SECURITY-266] Conceal ciphertext from REST config.xml.
Commit: dc2aa07e582a3ff5d427c3546634c70686268714
https://github.com/jenkinsci/jenkins/commit/dc2aa07e582a3ff5d427c3546634c70686268714
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-20 (Wed, 20 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/cli/GetJobCommand.java
M core/src/main/java/hudson/model/AbstractItem.java
M test/src/test/java/lib/form/PasswordTest.java
Log Message:
-----------
[SECURITY-266] Protecting GetJobCommand.
Commit: 3d655938189af46d40e55268c280b6dcaa3770cd
https://github.com/jenkinsci/jenkins/commit/3d655938189af46d40e55268c280b6dcaa3770cd
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-20 (Wed, 20 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/AbstractItem.java
M core/src/main/java/hudson/model/Item.java
M core/src/main/java/hudson/model/ItemGroupMixIn.java
M test/src/test/java/lib/form/PasswordTest.java
Log Message:
-----------
[SECURITY-266] Protecting ItemGroupMixIn.copy (used by both CLI and REST).
Commit: f4172ebb56ea29b2d2156145edff0d3660891fbf
https://github.com/jenkinsci/jenkins/commit/f4172ebb56ea29b2d2156145edff0d3660891fbf
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2016-04-20 (Wed, 20 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/UserTest.java
M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
Log Message:
-----------
[SECURITY-243] Unit Test.
Unit test to show the issue where some form of user property is used for
obtaining the information needed to loging (api token/ user property)
Commit: e073d331fdba9a030d644aeec9ed2cda0ad4f594
https://github.com/jenkinsci/jenkins/commit/e073d331fdba9a030d644aeec9ed2cda0ad4f594
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2016-04-20 (Wed, 20 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
Log Message:
-----------
[FIXED SECURITY-243] Prefer resolving users by IDs first and foremost.
When looking up users we must always try to use the id first and fallback
to other methods only if this is unsucessful.
Commit: 49d10a9034b280b5e59535519c3f0d12d96c9f2d
https://github.com/jenkinsci/jenkins/commit/49d10a9034b280b5e59535519c3f0d12d96c9f2d
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2016-04-21 (Thu, 21 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
M core/src/main/java/hudson/security/BasicAuthenticationFilter.java
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java
M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
M test/src/test/java/hudson/model/UserTest.java
M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
Log Message:
-----------
[SECURITY-243] introduce a new API to get a user by their id.
Introduce a new API User.getById that will only ever get a user by their
ID as suggested by @jglick (adapted from the original suggestion).
Commit: 6ff45b196a783a9487f2db3fdae445d8c63ffa13
https://github.com/jenkinsci/jenkins/commit/6ff45b196a783a9487f2db3fdae445d8c63ffa13
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2016-04-21 (Thu, 21 Apr 2016)
Changed paths:
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
Log Message:
-----------
change one more call to User.get
Commit: 0f038be5776e5d028e3b19a20c378549424f2be7
https://github.com/jenkinsci/jenkins/commit/0f038be5776e5d028e3b19a20c378549424f2be7
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2016-04-21 (Thu, 21 Apr 2016)
Changed paths:
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java
M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
Log Message:
-----------
[SECURITY-243] further minor improvements.
Fix a couple more calls and add a pointer to Jenkins.getUser()
Commit: 2ed0c046dfbb2003a17df27c53777e72c6eaff25
https://github.com/jenkinsci/jenkins/commit/2ed0c046dfbb2003a17df27c53777e72c6eaff25
Author: Daniel Beck <daniel-b...@users.noreply.github.com>
Date: 2016-04-25 (Mon, 25 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Util.java
M core/src/main/java/hudson/model/DirectoryBrowserSupport.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
Log Message:
-----------
[FIX SECURITY-276] Don't allow open redirect using scheme-rel. URL
Commit: 56be107feb24ab3470efae7603041bbbb9cdf7fb
https://github.com/jenkinsci/jenkins/commit/56be107feb24ab3470efae7603041bbbb9cdf7fb
Author: Daniel Beck <daniel-b...@users.noreply.github.com>
Date: 2016-04-25 (Mon, 25 Apr 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
Log Message:
-----------
[FIX SECURITY-273] Require admin permission to check update sites
Commit: d1d1ab152bfd67a2a737d7b530eb011982157f83
https://github.com/jenkinsci/jenkins/commit/d1d1ab152bfd67a2a737d7b530eb011982157f83
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2016-04-26 (Tue, 26 Apr 2016)
Changed paths:
M core/src/main/java/hudson/security/BasicAuthenticationFilter.java
M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
Log Message:
-----------
[SECURITY-243] APIToken auth needs to create the user.
In the case the user is valid but not saved the user need to be created.
This catches the case where the user has not saved anything and is using
their default API token.
Commit: a92bb2dfbe5eca1bec84a21a365ed38acfb87b9d
https://github.com/jenkinsci/jenkins/commit/a92bb2dfbe5eca1bec84a21a365ed38acfb87b9d
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-26 (Tue, 26 Apr 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
M core/src/main/java/hudson/PluginWrapper.java
M core/src/main/java/hudson/model/UpdateCenter.java
Log Message:
-----------
Merge pull request #62 from jenkinsci-cert/SECURITY-250
[FIX SECURITY-250] Restrict access to admin APIs
Commit: 53dd9046c98681ee1a1431b8d30aaf982eba471b
https://github.com/jenkinsci/jenkins/commit/53dd9046c98681ee1a1431b8d30aaf982eba471b
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-26 (Tue, 26 Apr 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
Log Message:
-----------
Merge pull request #68 from jenkinsci-cert/SECURITY-273
[FIX SECURITY-273] Require admin permission to check update sites
Commit: 97a62a9bcc01aec85912dcc74af5dbef6950a006
https://github.com/jenkinsci/jenkins/commit/97a62a9bcc01aec85912dcc74af5dbef6950a006
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-26 (Tue, 26 Apr 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
M core/src/main/java/hudson/PluginWrapper.java
M core/src/main/java/hudson/model/UpdateCenter.java
Log Message:
-----------
Merge branch 'security-stable-1.609' into security-stable-1.625
Commit: 93229dfc24a48edef1332e63f5e2f45a7def9d20
https://github.com/jenkinsci/jenkins/commit/93229dfc24a48edef1332e63f5e2f45a7def9d20
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-26 (Tue, 26 Apr 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
M core/src/main/java/hudson/PluginWrapper.java
M core/src/main/java/hudson/model/UpdateCenter.java
Log Message:
-----------
Merge branch 'security-stable-1.625' into security-stable-1.642
Commit: d39ccfac8636e3898a93854409236227b42f51e4
https://github.com/jenkinsci/jenkins/commit/d39ccfac8636e3898a93854409236227b42f51e4
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-26 (Tue, 26 Apr 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
M core/src/main/java/hudson/PluginWrapper.java
M core/src/main/java/hudson/model/UpdateCenter.java
Log Message:
-----------
Merge branch 'security-stable-1.642' into security-stable-1.651
Commit: e6efae7d0d742f068498366424b0059e9ed42e4c
https://github.com/jenkinsci/jenkins/commit/e6efae7d0d742f068498366424b0059e9ed42e4c
Author: Daniel Beck <daniel-b...@users.noreply.github.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Util.java
M core/src/main/java/hudson/model/DirectoryBrowserSupport.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
M core/src/test/java/hudson/UtilTest.java
Log Message:
-----------
[SECURITY-276] Better method name, add tests
Commit: 0ce2a1ae3a4abfa2ef43d1bd90c685dd27172562
https://github.com/jenkinsci/jenkins/commit/0ce2a1ae3a4abfa2ef43d1bd90c685dd27172562
Author: Antonio Muñiz <amu...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
Log Message:
-----------
[SECURITY-170] Store initial parameters list for later use
Commit: 1e967ccec104bbfdca0fd3069b224f5619b55990
https://github.com/jenkinsci/jenkins/commit/1e967ccec104bbfdca0fd3069b224f5619b55990
Author: Antonio Muñiz <amu...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/ParametersActionTest2.java
A
test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip
Log Message:
-----------
[SECURITY-170] Backward compatibility test
Commit: df14d15740cee6a9c8229ea98f16e31e60aba410
https://github.com/jenkinsci/jenkins/commit/df14d15740cee6a9c8229ea98f16e31e60aba410
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
M test/src/test/java/hudson/model/UserTest.java
Log Message:
-----------
[SECURITY-243] Defend any victim known to the security realm, even if not
otherwise loaded.
Commit: 28701a8ec860b9b334e6c7d4f7a81eac64e461c5
https://github.com/jenkinsci/jenkins/commit/28701a8ec860b9b334e6c7d4f7a81eac64e461c5
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
Log Message:
-----------
Forgot to make UserIDCanonicalIdResolver catch DataAccessException.
Unclear if, say, LDAPSecurityRealm ever throws this.
Commit: 9db79196ae4cb784041fea902c284a8c497508b1
https://github.com/jenkinsci/jenkins/commit/9db79196ae4cb784041fea902c284a8c497508b1
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
Log Message:
-----------
Expanded Javadoc, and removed since tag which is irrelevant on a restricted
member.
Commit: 13e9967e38d3e4a3317e6566727554c86f10264b
https://github.com/jenkinsci/jenkins/commit/13e9967e38d3e4a3317e6566727554c86f10264b
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M test/src/test/java/hudson/cli/GetNodeCommandTest.java
M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
Log Message:
-----------
[SECURITY-281] Demonstrating that GetNodeCommand and UpdateNodeCommand refuse
to operate on Jenkins itself.
Commit: 38f8b43e8d3c324c21bb8b2b3a9da3be93faf354
https://github.com/jenkinsci/jenkins/commit/38f8b43e8d3c324c21bb8b2b3a9da3be93faf354
Author: Daniel Beck <daniel-b...@users.noreply.github.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/test/java/hudson/UtilTest.java
Log Message:
-----------
[SECURITY-276] Add more tests for relative URLs
Commit: d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3
https://github.com/jenkinsci/jenkins/commit/d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M core/src/main/java/jenkins/model/Jenkins.java
M test/src/test/java/hudson/model/NodeTest.java
Log Message:
-----------
[FIXED SECURITY-281] MasterComputer.doConfigDotXml should be rejected.
Commit: bfad4c96dc7f0879d964043b296a79b04519a387
https://github.com/jenkinsci/jenkins/commit/bfad4c96dc7f0879d964043b296a79b04519a387
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-27 (Wed, 27 Apr 2016)
Changed paths:
M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
Log Message:
-----------
Mistyped test name.
Commit: 84174a922cd299686a8e103bf4418c85afbc658e
https://github.com/jenkinsci/jenkins/commit/84174a922cd299686a8e103bf4418c85afbc658e
Author: Antonio Muñiz <amu...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
M test/src/test/java/hudson/model/ParametersActionTest2.java
Log Message:
-----------
[SECURITY-170] Add @daniel-beck's suggested tests
Commit: 23729777c12dda3e606e3fcecae8aef0f3e38f7f
https://github.com/jenkinsci/jenkins/commit/23729777c12dda3e606e3fcecae8aef0f3e38f7f
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/main/java/jenkins/model/Jenkins.java
M test/src/test/java/hudson/cli/GetNodeCommandTest.java
M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
M test/src/test/java/hudson/model/NodeTest.java
Log Message:
-----------
Merge pull request #70 from jenkinsci-cert/SECURITY-281
[SECURITY-281] Forbid /computer/(master)/config.xml
Commit: 0d553f2d552096e0a8299cc33681a76e9f6025b4
https://github.com/jenkinsci/jenkins/commit/0d553f2d552096e0a8299cc33681a76e9f6025b4
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Util.java
M core/src/main/java/hudson/model/DirectoryBrowserSupport.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
M core/src/test/java/hudson/UtilTest.java
Log Message:
-----------
Merge pull request #67 from jenkinsci-cert/SECURITY-276
[FIX SECURITY-276] Don't allow open redirect using scheme-rel. URL
Commit: c88268d8705015df141d145936ec4f24a2e57c15
https://github.com/jenkinsci/jenkins/commit/c88268d8705015df141d145936ec4f24a2e57c15
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Util.java
M core/src/main/java/hudson/model/DirectoryBrowserSupport.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/test/java/hudson/UtilTest.java
M test/src/test/java/hudson/cli/GetNodeCommandTest.java
M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
M test/src/test/java/hudson/model/NodeTest.java
Log Message:
-----------
Merge branch 'security-stable-1.609' into security-stable-1.625
Commit: 11120802c1ef457750f7a3debc7164750fb93ac9
https://github.com/jenkinsci/jenkins/commit/11120802c1ef457750f7a3debc7164750fb93ac9
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Util.java
M core/src/main/java/hudson/model/DirectoryBrowserSupport.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/test/java/hudson/UtilTest.java
M test/src/test/java/hudson/cli/GetNodeCommandTest.java
M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
M test/src/test/java/hudson/model/NodeTest.java
Log Message:
-----------
Merge branch 'security-stable-1.625' into security-stable-1.642
Commit: a095ca003a86baee5beb8f835a0dbcc5612a1664
https://github.com/jenkinsci/jenkins/commit/a095ca003a86baee5beb8f835a0dbcc5612a1664
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M pom.xml
Log Message:
-----------
Merge branch 'stable-1.651' into security-stable-1.651
Commit: c08e0bf79d75e5e92afbe57c5d19b272941ca670
https://github.com/jenkinsci/jenkins/commit/c08e0bf79d75e5e92afbe57c5d19b272941ca670
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Util.java
M core/src/main/java/hudson/model/DirectoryBrowserSupport.java
M core/src/main/java/hudson/model/ParametersDefinitionProperty.java
M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/test/java/hudson/UtilTest.java
M test/src/test/java/hudson/cli/GetNodeCommandTest.java
M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
M test/src/test/java/hudson/model/NodeTest.java
Log Message:
-----------
Merge branch 'security-stable-1.642' into security-stable-1.651
Commit: f4c7571baf37531d244679ae70cc92758109a22a
https://github.com/jenkinsci/jenkins/commit/f4c7571baf37531d244679ae70cc92758109a22a
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-28 (Thu, 28 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
Log Message:
-----------
Make it possible to disable SecurityRealm.loadUserByUsername call with a
system property if it proves too slow in certain circumstances.
Commit: 9b7b8b851079154297578e4ca087835d2e8454d0
https://github.com/jenkinsci/jenkins/commit/9b7b8b851079154297578e4ca087835d2e8454d0
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
M core/src/main/java/hudson/security/BasicAuthenticationFilter.java
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java
M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
M test/src/test/java/hudson/model/UserTest.java
M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
Log Message:
-----------
Merge pull request #69 from jenkinsci-cert/SECURITY-243-amended
[SECURITY-243] Prefer id to fullName
Commit: 7aac5298406524506ffa73af62d8232cdad7d098
https://github.com/jenkinsci/jenkins/commit/7aac5298406524506ffa73af62d8232cdad7d098
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/NodeTest.java
Log Message:
-----------
WebRequestSettings → WebRequest in new HtmlUnit.
Commit: 2de7f0adc55e6982d6dee0141b9c3f4f0a379718
https://github.com/jenkinsci/jenkins/commit/2de7f0adc55e6982d6dee0141b9c3f4f0a379718
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
M core/src/main/java/hudson/security/BasicAuthenticationFilter.java
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java
M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
M test/src/test/java/hudson/model/UserTest.java
M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
Log Message:
-----------
Merge branch 'security-stable-1.609' into security-stable-1.625
Commit: fa99d6fe8ef2777e17c7116aa381bc2303ba62e1
https://github.com/jenkinsci/jenkins/commit/fa99d6fe8ef2777e17c7116aa381bc2303ba62e1
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
M core/src/main/java/hudson/security/BasicAuthenticationFilter.java
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java
M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
M test/src/test/java/hudson/model/NodeTest.java
M test/src/test/java/hudson/model/UserTest.java
M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
Log Message:
-----------
Merge branch 'security-stable-1.625' into security-stable-1.642
Commit: e3848ba2a0bfcd026aa15f81a37016fe9973f722
https://github.com/jenkinsci/jenkins/commit/e3848ba2a0bfcd026aa15f81a37016fe9973f722
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/User.java
M core/src/main/java/hudson/security/BasicAuthenticationFilter.java
M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
M core/src/main/java/jenkins/model/Jenkins.java
M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java
M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java
M test/src/test/java/hudson/model/NodeTest.java
M test/src/test/java/hudson/model/UserTest.java
M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
Log Message:
-----------
Merge branch 'security-stable-1.642' into security-stable-1.651
Commit: aeefa6eb99a2c54b30bbd40bb68212360717a4a2
https://github.com/jenkinsci/jenkins/commit/aeefa6eb99a2c54b30bbd40bb68212360717a4a2
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ItemGroupMixIn.java
M core/src/main/resources/hudson/model/Messages.properties
Log Message:
-----------
More informative error when refusing to copy.
Commit: de29daa369b8de51ce1d60df76796b5e395253ea
https://github.com/jenkinsci/jenkins/commit/de29daa369b8de51ce1d60df76796b5e395253ea
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/cli/GetJobCommand.java
M core/src/main/java/hudson/model/AbstractItem.java
M core/src/main/java/hudson/model/Item.java
M core/src/main/java/hudson/model/ItemGroupMixIn.java
M core/src/main/java/hudson/util/Secret.java
M core/src/main/resources/hudson/model/Messages.properties
M core/src/test/groovy/hudson/util/SecretTest.groovy
M test/src/test/java/lib/form/PasswordTest.java
A
test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly
Log Message:
-----------
Merge pull request #63 from jenkinsci-cert/SECURITY-266
[SECURITY-266] Conceal ciphertext from users who could not resubmit it here
Commit: 416439ef2f1d48821ef1aa2eb3a63e72ee0dfb70
https://github.com/jenkinsci/jenkins/commit/416439ef2f1d48821ef1aa2eb3a63e72ee0dfb70
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/cli/GetJobCommand.java
M core/src/main/java/hudson/model/AbstractItem.java
M core/src/main/java/hudson/model/Item.java
M core/src/main/java/hudson/model/ItemGroupMixIn.java
M core/src/main/java/hudson/util/Secret.java
M core/src/main/resources/hudson/model/Messages.properties
M core/src/test/groovy/hudson/util/SecretTest.groovy
M test/src/test/java/lib/form/PasswordTest.java
A
test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly
Log Message:
-----------
Merge branch 'security-stable-1.609' into security-stable-1.625
Commit: 2992fdad7684ca1755a99311017ebca853eba02e
https://github.com/jenkinsci/jenkins/commit/2992fdad7684ca1755a99311017ebca853eba02e
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/cli/GetJobCommand.java
M core/src/main/java/hudson/model/AbstractItem.java
M core/src/main/java/hudson/model/Item.java
M core/src/main/java/hudson/model/ItemGroupMixIn.java
M core/src/main/java/hudson/util/Secret.java
M core/src/main/resources/hudson/model/Messages.properties
M core/src/test/groovy/hudson/util/SecretTest.groovy
M test/src/test/java/lib/form/PasswordTest.java
A
test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly
Log Message:
-----------
Merge branch 'security-stable-1.625' into security-stable-1.642
Commit: 4baafc09517bfc71160c19557e7b2339562633ef
https://github.com/jenkinsci/jenkins/commit/4baafc09517bfc71160c19557e7b2339562633ef
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/Functions.java
M core/src/main/java/hudson/cli/GetJobCommand.java
M core/src/main/java/hudson/model/AbstractItem.java
M core/src/main/java/hudson/model/Item.java
M core/src/main/java/hudson/model/ItemGroupMixIn.java
M core/src/main/java/hudson/util/Secret.java
M core/src/main/resources/hudson/model/Messages.properties
M core/src/test/groovy/hudson/util/SecretTest.groovy
M test/src/test/java/lib/form/PasswordTest.java
A
test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly
Log Message:
-----------
Merge branch 'security-stable-1.642' into security-stable-1.651
Commit: 92556fd1a33b2c0311355290c2fc7e1083fa32de
https://github.com/jenkinsci/jenkins/commit/92556fd1a33b2c0311355290c2fc7e1083fa32de
Author: Antonio Muñiz <amu...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
M test/src/test/java/hudson/model/ParametersActionTest2.java
Log Message:
-----------
[SECURITY-170] Whitelisted parameters system property added (as suggested by
@jglick)
Commit: 6a6446a031bdfba763858fb886705d7810dc6410
https://github.com/jenkinsci/jenkins/commit/6a6446a031bdfba763858fb886705d7810dc6410
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/test/java/hudson/util/XStream2Test.java
R core/src/test/resources/hudson/util/old-concurrentHashMap.xml
Log Message:
-----------
Backporting concurrentHashMapSerialization test removal from #2071, as it
prevents use of JDK 8 to run core tests.
Commit: b85c74fc0cf31d625925cfe24201218700705bf3
https://github.com/jenkinsci/jenkins/commit/b85c74fc0cf31d625925cfe24201218700705bf3
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/test/java/hudson/util/XStream2Test.java
R core/src/test/resources/hudson/util/old-concurrentHashMap.xml
Log Message:
-----------
Merge branch 'security-stable-1.609' into security-stable-1.625
Commit: 7d4065562cf0079daf17c21f1f664454b320d738
https://github.com/jenkinsci/jenkins/commit/7d4065562cf0079daf17c21f1f664454b320d738
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/test/java/hudson/util/XStream2Test.java
R core/src/test/resources/hudson/util/old-concurrentHashMap.xml
Log Message:
-----------
Merge branch 'security-stable-1.625' into security-stable-1.642
Commit: ebad8164bef8d8766f11fb65f1c053f033cb0351
https://github.com/jenkinsci/jenkins/commit/ebad8164bef8d8766f11fb65f1c053f033cb0351
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/test/java/hudson/util/XStream2Test.java
R core/src/test/resources/hudson/util/old-concurrentHashMap.xml
Log Message:
-----------
Merge branch 'security-stable-1.642' into security-stable-1.651
Commit: eb2b62e1aad4fae582c4d0433e2a9ed0dce71efc
https://github.com/jenkinsci/jenkins/commit/eb2b62e1aad4fae582c4d0433e2a9ed0dce71efc
Author: Antonio Muñiz <amu...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
Log Message:
-----------
[SECURITY-170] Fixing test
Commit: a7264a96278ac87d310d8ddaaf506196d6a550af
https://github.com/jenkinsci/jenkins/commit/a7264a96278ac87d310d8ddaaf506196d6a550af
Author: Antonio Muñiz <amu...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
M test/src/test/java/hudson/model/ParametersActionTest2.java
Log Message:
-----------
[SECURITY-170] More tests
Commit: e4b97c5918c06e0a40bbdbc13b1a86fa3f69ada9
https://github.com/jenkinsci/jenkins/commit/e4b97c5918c06e0a40bbdbc13b1a86fa3f69ada9
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/ApiTest.java
Log Message:
-----------
[JENKINS-26775] Suppress ApiTest.wrappedMultipleItems prior to 1.651 where it
is fixed for JDK 8.
Commit: 4242be8b5d872a949afb540096c274848ea57cb0
https://github.com/jenkinsci/jenkins/commit/4242be8b5d872a949afb540096c274848ea57cb0
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/ApiTest.java
Log Message:
-----------
Merge branch 'security-stable-1.609' into security-stable-1.625
Commit: 6de0fc0f02182ad7027c6eee9daf121d3ca644b3
https://github.com/jenkinsci/jenkins/commit/6de0fc0f02182ad7027c6eee9daf121d3ca644b3
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/UserTest.java
Log Message:
-----------
Missing import.
Commit: 06d47c760e99305fa94c86b9627bb9b0c040ada5
https://github.com/jenkinsci/jenkins/commit/06d47c760e99305fa94c86b9627bb9b0c040ada5
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/ApiTest.java
M test/src/test/java/hudson/model/UserTest.java
Log Message:
-----------
Merge branch 'security-stable-1.625' into security-stable-1.642
Commit: a4a70977ca1b9f0329e362571914c3ae5e782138
https://github.com/jenkinsci/jenkins/commit/a4a70977ca1b9f0329e362571914c3ae5e782138
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/java/hudson/model/UserTest.java
Log Message:
-----------
Merge branch 'security-stable-1.642' into security-stable-1.651
Commit: edffecea84a4af2641e5814a555c208d9c4f42eb
https://github.com/jenkinsci/jenkins/commit/edffecea84a4af2641e5814a555c208d9c4f42eb
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
A test/src/test/java/hudson/model/ParametersActionTest2.java
A
test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip
Log Message:
-----------
Merge pull request #59 from jenkinsci-cert/SECURITY-170-v2
[FIX SECURITY-170] Don't expose parameters not defined on the run
Commit: 0f5e70f15a1724ea90b7f13ed7216723e9996cea
https://github.com/jenkinsci/jenkins/commit/0f5e70f15a1724ea90b7f13ed7216723e9996cea
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
A test/src/test/java/hudson/model/ParametersActionTest2.java
A
test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip
Log Message:
-----------
Merge branch 'security-stable-1.609' into security-stable-1.625
Commit: ecf0ec7d3df20f0323c4044fb28719b2b04e11d2
https://github.com/jenkinsci/jenkins/commit/ecf0ec7d3df20f0323c4044fb28719b2b04e11d2
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
A test/src/test/java/hudson/model/ParametersActionTest2.java
A
test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip
Log Message:
-----------
Merge branch 'security-stable-1.625' into security-stable-1.642
Commit: 94af2e874c010363e026f54805e9da37bc10c945
https://github.com/jenkinsci/jenkins/commit/94af2e874c010363e026f54805e9da37bc10c945
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M core/src/main/java/hudson/model/ParametersAction.java
M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
A test/src/test/java/hudson/model/ParametersActionTest2.java
A
test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip
Log Message:
-----------
Merge branch 'security-stable-1.642' into security-stable-1.651
Commit: 9f3f352ee989c861e5304dc0ac4e7b06f7fd1403
https://github.com/jenkinsci/jenkins/commit/9f3f352ee989c861e5304dc0ac4e7b06f7fd1403
Author: Jesse Glick <jgl...@cloudbees.com>
Date: 2016-04-29 (Fri, 29 Apr 2016)
Changed paths:
M test/src/test/java/hudson/cli/GetNodeCommandTest.java
M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
Log Message:
-----------
[JENKINS-32273] CLI exit codes changed as of #1997 in 1.649.
Commit: b6bbc1414e31840e0c09dbff080019c3c8e92a35
https://github.com/jenkinsci/jenkins/commit/b6bbc1414e31840e0c09dbff080019c3c8e92a35
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2016-05-11 (Wed, 11 May 2016)
Changed paths:
M cli/pom.xml
M core/pom.xml
M pom.xml
M test/pom.xml
M war/pom.xml
Log Message:
-----------
[maven-release-plugin] prepare release jenkins-1.651.2
Commit: 12e79963cca5122351943ee107f65c3ad91a2e25
https://github.com/jenkinsci/jenkins/commit/12e79963cca5122351943ee107f65c3ad91a2e25
Author: Oleg Nenashev <o.v.nenas...@gmail.com>
Date: 2016-05-25 (Wed, 25 May 2016)
Changed paths:
M pom.xml
Log Message:
-----------
[JENKINS-19445, JENKINS-34213, JENKINS-34808, JENKINS-34121] Bump remoting to
2.59. (#2344)
* [JENKINS-19445, JENKINS-34213, JENKINS-34808] Bump remoting to 2.58.
Changes:
* [JENKINS-34213](https://issues.jenkins-ci.org/browse/JENKINS-34213) - Ensure
that the unexporter cleans up whatever it can each sweep
(https://github.com/jenkinsci/remoting/pull/81)
* [JENKINS-19445](https://issues.jenkins-ci.org/browse/JENKINS-19445) Force
class load on UserRequest in order to prevent deadlock on windows nodes when
using JNA and Subversion (https://github.com/jenkinsci/remoting/pull/81)
* [JENKINS-34808](https://issues.jenkins-ci.org/browse/JENKINS-34808) - Allow
user to adjust socket timeout (https://github.com/jenkinsci/remoting/pull/68)
* [JENKINS-34121] - Upgrade remoting to 2.59
(cherry picked from commit 409438f36dc80f20964fb16f8d88041e11ba4ed4)
Commit: d53cab3ef68b62a4a6dbb247012577c338dfc133
https://github.com/jenkinsci/jenkins/commit/d53cab3ef68b62a4a6dbb247012577c338dfc133
Author: Oliver Gondža <ogon...@gmail.com>
Date: 2016-05-25 (Wed, 25 May 2016)
Changed paths:
M core/src/main/java/hudson/model/CauseAction.java
Log Message:
-----------
[JENKINS-33467] Adjust reported Jenkins version number for LTS
Commit: 02725adfa16d58a6743c767bc00c370bb89f38b5
https://github.com/jenkinsci/jenkins/commit/02725adfa16d58a6743c767bc00c370bb89f38b5
Author: Carlos Rendon <cren...@gmail.com>
Date: 2016-05-25 (Wed, 25 May 2016)
Changed paths:
M core/src/main/java/hudson/model/Run.java
Log Message:
-----------
Fix RSS id for builds in folders (#1965)
[JENKINS-34767] - Prevent RSS ID collisions for items with same name in
different folders
(cherry picked from commit d8076e9654a4be6cd0792ea954363b209c44313b)
Commit: c6131436f4a022cae8772508873181e1d148a91b
https://github.com/jenkinsci/jenkins/commit/c6131436f4a022cae8772508873181e1d148a91b
Author: Oleg Nenashev <o.v.nenas...@gmail.com>
Date: 2016-05-25 (Wed, 25 May 2016)
Changed paths:
M core/src/main/java/hudson/PluginManager.java
M core/src/main/java/jenkins/util/JSONSignatureValidator.java
Log Message:
-----------
[JENKINS-34745] - Prevent CheckUpdates PeriodicWork death if update site cert
is missing (#2333)
* [JENKINS-34745] - Prevent CheckUpdates PeriodicWork death in the case of the
missing update site signature
* [JENKINS-34745] - Fix typo in the validator
* [JENKINS-34745] - Fix the formatting of the validation message (cc @lanwen)
(cherry picked from commit 1e6afbae3b82936602f28c402379e04d0b00a47e)
Commit: baf831faf6ebf0b65b165b909575d26c8592c1a9
https://github.com/jenkinsci/jenkins/commit/baf831faf6ebf0b65b165b909575d26c8592c1a9
Author: Oleg Nenashev <o.v.nenas...@gmail.com>
Date: 2016-05-25 (Wed, 25 May 2016)
Changed paths:
M core/src/main/java/hudson/PluginWrapper.java
Log Message:
-----------
[JENKINS-34710] - PluginWrapper should not throw IOException if somebody
enables the enabled plugin (#2327)
(cherry picked from commit c83a8fdf0d048905928ba531d45527c1173f868d)
Compare:
https://github.com/jenkinsci/jenkins/compare/f391f8be2bd0...baf831faf6eb
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
