Branch: refs/heads/stable-1.651 Home: https://github.com/jenkinsci/jenkins Commit: 57a82505f4dc5de97c57ad1f340561ad9f0159c5 https://github.com/jenkinsci/jenkins/commit/57a82505f4dc5de97c57ad1f340561ad9f0159c5 Author: Daniel Beck <daniel-b...@users.noreply.github.com> Date: 2016-02-03 (Wed, 03 Feb 2016)
Changed paths: M core/src/main/java/hudson/model/ParametersAction.java A test/src/test/java/hudson/model/ParametersActionTest2.java Log Message: ----------- [FIX SECURITY-170] Don't expose parameters not defined on the run Commit: 17edeb48291a3807b84142bb01f576b8eb2f50a2 https://github.com/jenkinsci/jenkins/commit/17edeb48291a3807b84142bb01f576b8eb2f50a2 Author: Daniel Beck <daniel-b...@users.noreply.github.com> Date: 2016-02-15 (Mon, 15 Feb 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java M core/src/main/java/hudson/PluginWrapper.java M core/src/main/java/hudson/model/UpdateCenter.java Log Message: ----------- [FIX SECURITY-250] Restrict access to admin APIs Commit: 82b42359797e42fa4b2428d5e390e7ce91b74998 https://github.com/jenkinsci/jenkins/commit/82b42359797e42fa4b2428d5e390e7ce91b74998 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M core/src/main/java/hudson/Functions.java M test/src/test/java/lib/form/PasswordTest.java A test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly Log Message: ----------- [SECURITY-266] Conceal ciphertext from the web UI for a user who has no Item.CONFIGURE permission. Commit: e8f6410793b418be3786b38dbe4fddfbb23db4cf https://github.com/jenkinsci/jenkins/commit/e8f6410793b418be3786b38dbe4fddfbb23db4cf Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-20 (Wed, 20 Apr 2016) Changed paths: M core/src/main/java/hudson/Functions.java M core/src/main/java/hudson/model/AbstractItem.java M core/src/main/java/hudson/util/Secret.java M core/src/test/groovy/hudson/util/SecretTest.groovy M test/src/test/java/lib/form/PasswordTest.java Log Message: ----------- [SECURITY-266] Conceal ciphertext from REST config.xml. Commit: dc2aa07e582a3ff5d427c3546634c70686268714 https://github.com/jenkinsci/jenkins/commit/dc2aa07e582a3ff5d427c3546634c70686268714 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-20 (Wed, 20 Apr 2016) Changed paths: M core/src/main/java/hudson/Functions.java M core/src/main/java/hudson/cli/GetJobCommand.java M core/src/main/java/hudson/model/AbstractItem.java M test/src/test/java/lib/form/PasswordTest.java Log Message: ----------- [SECURITY-266] Protecting GetJobCommand. Commit: 3d655938189af46d40e55268c280b6dcaa3770cd https://github.com/jenkinsci/jenkins/commit/3d655938189af46d40e55268c280b6dcaa3770cd Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-20 (Wed, 20 Apr 2016) Changed paths: M core/src/main/java/hudson/model/AbstractItem.java M core/src/main/java/hudson/model/Item.java M core/src/main/java/hudson/model/ItemGroupMixIn.java M test/src/test/java/lib/form/PasswordTest.java Log Message: ----------- [SECURITY-266] Protecting ItemGroupMixIn.copy (used by both CLI and REST). Commit: f4172ebb56ea29b2d2156145edff0d3660891fbf https://github.com/jenkinsci/jenkins/commit/f4172ebb56ea29b2d2156145edff0d3660891fbf Author: James Nord <jnord+git...@cloudbees.com> Date: 2016-04-20 (Wed, 20 Apr 2016) Changed paths: M test/src/test/java/hudson/model/UserTest.java M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java Log Message: ----------- [SECURITY-243] Unit Test. Unit test to show the issue where some form of user property is used for obtaining the information needed to loging (api token/ user property) Commit: e073d331fdba9a030d644aeec9ed2cda0ad4f594 https://github.com/jenkinsci/jenkins/commit/e073d331fdba9a030d644aeec9ed2cda0ad4f594 Author: James Nord <jnord+git...@cloudbees.com> Date: 2016-04-20 (Wed, 20 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java Log Message: ----------- [FIXED SECURITY-243] Prefer resolving users by IDs first and foremost. When looking up users we must always try to use the id first and fallback to other methods only if this is unsucessful. Commit: 49d10a9034b280b5e59535519c3f0d12d96c9f2d https://github.com/jenkinsci/jenkins/commit/49d10a9034b280b5e59535519c3f0d12d96c9f2d Author: James Nord <jnord+git...@cloudbees.com> Date: 2016-04-21 (Thu, 21 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java M core/src/main/java/hudson/security/BasicAuthenticationFilter.java M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java M test/src/test/java/hudson/model/UserTest.java M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java Log Message: ----------- [SECURITY-243] introduce a new API to get a user by their id. Introduce a new API User.getById that will only ever get a user by their ID as suggested by @jglick (adapted from the original suggestion). Commit: 6ff45b196a783a9487f2db3fdae445d8c63ffa13 https://github.com/jenkinsci/jenkins/commit/6ff45b196a783a9487f2db3fdae445d8c63ffa13 Author: James Nord <jnord+git...@cloudbees.com> Date: 2016-04-21 (Thu, 21 Apr 2016) Changed paths: M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java Log Message: ----------- change one more call to User.get Commit: 0f038be5776e5d028e3b19a20c378549424f2be7 https://github.com/jenkinsci/jenkins/commit/0f038be5776e5d028e3b19a20c378549424f2be7 Author: James Nord <jnord+git...@cloudbees.com> Date: 2016-04-21 (Thu, 21 Apr 2016) Changed paths: M core/src/main/java/jenkins/model/Jenkins.java M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java Log Message: ----------- [SECURITY-243] further minor improvements. Fix a couple more calls and add a pointer to Jenkins.getUser() Commit: 2ed0c046dfbb2003a17df27c53777e72c6eaff25 https://github.com/jenkinsci/jenkins/commit/2ed0c046dfbb2003a17df27c53777e72c6eaff25 Author: Daniel Beck <daniel-b...@users.noreply.github.com> Date: 2016-04-25 (Mon, 25 Apr 2016) Changed paths: M core/src/main/java/hudson/Util.java M core/src/main/java/hudson/model/DirectoryBrowserSupport.java M core/src/main/java/hudson/model/ParametersDefinitionProperty.java M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java Log Message: ----------- [FIX SECURITY-276] Don't allow open redirect using scheme-rel. URL Commit: 56be107feb24ab3470efae7603041bbbb9cdf7fb https://github.com/jenkinsci/jenkins/commit/56be107feb24ab3470efae7603041bbbb9cdf7fb Author: Daniel Beck <daniel-b...@users.noreply.github.com> Date: 2016-04-25 (Mon, 25 Apr 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java Log Message: ----------- [FIX SECURITY-273] Require admin permission to check update sites Commit: d1d1ab152bfd67a2a737d7b530eb011982157f83 https://github.com/jenkinsci/jenkins/commit/d1d1ab152bfd67a2a737d7b530eb011982157f83 Author: James Nord <jnord+git...@cloudbees.com> Date: 2016-04-26 (Tue, 26 Apr 2016) Changed paths: M core/src/main/java/hudson/security/BasicAuthenticationFilter.java M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java Log Message: ----------- [SECURITY-243] APIToken auth needs to create the user. In the case the user is valid but not saved the user need to be created. This catches the case where the user has not saved anything and is using their default API token. Commit: a92bb2dfbe5eca1bec84a21a365ed38acfb87b9d https://github.com/jenkinsci/jenkins/commit/a92bb2dfbe5eca1bec84a21a365ed38acfb87b9d Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-26 (Tue, 26 Apr 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java M core/src/main/java/hudson/PluginWrapper.java M core/src/main/java/hudson/model/UpdateCenter.java Log Message: ----------- Merge pull request #62 from jenkinsci-cert/SECURITY-250 [FIX SECURITY-250] Restrict access to admin APIs Commit: 53dd9046c98681ee1a1431b8d30aaf982eba471b https://github.com/jenkinsci/jenkins/commit/53dd9046c98681ee1a1431b8d30aaf982eba471b Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-26 (Tue, 26 Apr 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java Log Message: ----------- Merge pull request #68 from jenkinsci-cert/SECURITY-273 [FIX SECURITY-273] Require admin permission to check update sites Commit: 97a62a9bcc01aec85912dcc74af5dbef6950a006 https://github.com/jenkinsci/jenkins/commit/97a62a9bcc01aec85912dcc74af5dbef6950a006 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-26 (Tue, 26 Apr 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java M core/src/main/java/hudson/PluginWrapper.java M core/src/main/java/hudson/model/UpdateCenter.java Log Message: ----------- Merge branch 'security-stable-1.609' into security-stable-1.625 Commit: 93229dfc24a48edef1332e63f5e2f45a7def9d20 https://github.com/jenkinsci/jenkins/commit/93229dfc24a48edef1332e63f5e2f45a7def9d20 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-26 (Tue, 26 Apr 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java M core/src/main/java/hudson/PluginWrapper.java M core/src/main/java/hudson/model/UpdateCenter.java Log Message: ----------- Merge branch 'security-stable-1.625' into security-stable-1.642 Commit: d39ccfac8636e3898a93854409236227b42f51e4 https://github.com/jenkinsci/jenkins/commit/d39ccfac8636e3898a93854409236227b42f51e4 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-26 (Tue, 26 Apr 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java M core/src/main/java/hudson/PluginWrapper.java M core/src/main/java/hudson/model/UpdateCenter.java Log Message: ----------- Merge branch 'security-stable-1.642' into security-stable-1.651 Commit: e6efae7d0d742f068498366424b0059e9ed42e4c https://github.com/jenkinsci/jenkins/commit/e6efae7d0d742f068498366424b0059e9ed42e4c Author: Daniel Beck <daniel-b...@users.noreply.github.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M core/src/main/java/hudson/Util.java M core/src/main/java/hudson/model/DirectoryBrowserSupport.java M core/src/main/java/hudson/model/ParametersDefinitionProperty.java M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java M core/src/test/java/hudson/UtilTest.java Log Message: ----------- [SECURITY-276] Better method name, add tests Commit: 0ce2a1ae3a4abfa2ef43d1bd90c685dd27172562 https://github.com/jenkinsci/jenkins/commit/0ce2a1ae3a4abfa2ef43d1bd90c685dd27172562 Author: Antonio Muñiz <amu...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java Log Message: ----------- [SECURITY-170] Store initial parameters list for later use Commit: 1e967ccec104bbfdca0fd3069b224f5619b55990 https://github.com/jenkinsci/jenkins/commit/1e967ccec104bbfdca0fd3069b224f5619b55990 Author: Antonio Muñiz <amu...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M test/src/test/java/hudson/model/ParametersActionTest2.java A test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip Log Message: ----------- [SECURITY-170] Backward compatibility test Commit: df14d15740cee6a9c8229ea98f16e31e60aba410 https://github.com/jenkinsci/jenkins/commit/df14d15740cee6a9c8229ea98f16e31e60aba410 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java M test/src/test/java/hudson/model/UserTest.java Log Message: ----------- [SECURITY-243] Defend any victim known to the security realm, even if not otherwise loaded. Commit: 28701a8ec860b9b334e6c7d4f7a81eac64e461c5 https://github.com/jenkinsci/jenkins/commit/28701a8ec860b9b334e6c7d4f7a81eac64e461c5 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java Log Message: ----------- Forgot to make UserIDCanonicalIdResolver catch DataAccessException. Unclear if, say, LDAPSecurityRealm ever throws this. Commit: 9db79196ae4cb784041fea902c284a8c497508b1 https://github.com/jenkinsci/jenkins/commit/9db79196ae4cb784041fea902c284a8c497508b1 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java Log Message: ----------- Expanded Javadoc, and removed since tag which is irrelevant on a restricted member. Commit: 13e9967e38d3e4a3317e6566727554c86f10264b https://github.com/jenkinsci/jenkins/commit/13e9967e38d3e4a3317e6566727554c86f10264b Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M test/src/test/java/hudson/cli/GetNodeCommandTest.java M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java Log Message: ----------- [SECURITY-281] Demonstrating that GetNodeCommand and UpdateNodeCommand refuse to operate on Jenkins itself. Commit: 38f8b43e8d3c324c21bb8b2b3a9da3be93faf354 https://github.com/jenkinsci/jenkins/commit/38f8b43e8d3c324c21bb8b2b3a9da3be93faf354 Author: Daniel Beck <daniel-b...@users.noreply.github.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/test/java/hudson/UtilTest.java Log Message: ----------- [SECURITY-276] Add more tests for relative URLs Commit: d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3 https://github.com/jenkinsci/jenkins/commit/d66ad6f3ee46a5c6bb865bb831e8cdfc74cd7eb3 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M core/src/main/java/jenkins/model/Jenkins.java M test/src/test/java/hudson/model/NodeTest.java Log Message: ----------- [FIXED SECURITY-281] MasterComputer.doConfigDotXml should be rejected. Commit: bfad4c96dc7f0879d964043b296a79b04519a387 https://github.com/jenkinsci/jenkins/commit/bfad4c96dc7f0879d964043b296a79b04519a387 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-27 (Wed, 27 Apr 2016) Changed paths: M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java Log Message: ----------- Mistyped test name. Commit: 84174a922cd299686a8e103bf4418c85afbc658e https://github.com/jenkinsci/jenkins/commit/84174a922cd299686a8e103bf4418c85afbc658e Author: Antonio Muñiz <amu...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java M test/src/test/java/hudson/model/ParametersActionTest2.java Log Message: ----------- [SECURITY-170] Add @daniel-beck's suggested tests Commit: 23729777c12dda3e606e3fcecae8aef0f3e38f7f https://github.com/jenkinsci/jenkins/commit/23729777c12dda3e606e3fcecae8aef0f3e38f7f Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/main/java/jenkins/model/Jenkins.java M test/src/test/java/hudson/cli/GetNodeCommandTest.java M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java M test/src/test/java/hudson/model/NodeTest.java Log Message: ----------- Merge pull request #70 from jenkinsci-cert/SECURITY-281 [SECURITY-281] Forbid /computer/(master)/config.xml Commit: 0d553f2d552096e0a8299cc33681a76e9f6025b4 https://github.com/jenkinsci/jenkins/commit/0d553f2d552096e0a8299cc33681a76e9f6025b4 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/main/java/hudson/Util.java M core/src/main/java/hudson/model/DirectoryBrowserSupport.java M core/src/main/java/hudson/model/ParametersDefinitionProperty.java M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java M core/src/test/java/hudson/UtilTest.java Log Message: ----------- Merge pull request #67 from jenkinsci-cert/SECURITY-276 [FIX SECURITY-276] Don't allow open redirect using scheme-rel. URL Commit: c88268d8705015df141d145936ec4f24a2e57c15 https://github.com/jenkinsci/jenkins/commit/c88268d8705015df141d145936ec4f24a2e57c15 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/main/java/hudson/Util.java M core/src/main/java/hudson/model/DirectoryBrowserSupport.java M core/src/main/java/hudson/model/ParametersDefinitionProperty.java M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java M core/src/main/java/jenkins/model/Jenkins.java M core/src/test/java/hudson/UtilTest.java M test/src/test/java/hudson/cli/GetNodeCommandTest.java M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java M test/src/test/java/hudson/model/NodeTest.java Log Message: ----------- Merge branch 'security-stable-1.609' into security-stable-1.625 Commit: 11120802c1ef457750f7a3debc7164750fb93ac9 https://github.com/jenkinsci/jenkins/commit/11120802c1ef457750f7a3debc7164750fb93ac9 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/main/java/hudson/Util.java M core/src/main/java/hudson/model/DirectoryBrowserSupport.java M core/src/main/java/hudson/model/ParametersDefinitionProperty.java M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java M core/src/main/java/jenkins/model/Jenkins.java M core/src/test/java/hudson/UtilTest.java M test/src/test/java/hudson/cli/GetNodeCommandTest.java M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java M test/src/test/java/hudson/model/NodeTest.java Log Message: ----------- Merge branch 'security-stable-1.625' into security-stable-1.642 Commit: a095ca003a86baee5beb8f835a0dbcc5612a1664 https://github.com/jenkinsci/jenkins/commit/a095ca003a86baee5beb8f835a0dbcc5612a1664 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M pom.xml Log Message: ----------- Merge branch 'stable-1.651' into security-stable-1.651 Commit: c08e0bf79d75e5e92afbe57c5d19b272941ca670 https://github.com/jenkinsci/jenkins/commit/c08e0bf79d75e5e92afbe57c5d19b272941ca670 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/main/java/hudson/Util.java M core/src/main/java/hudson/model/DirectoryBrowserSupport.java M core/src/main/java/hudson/model/ParametersDefinitionProperty.java M core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java M core/src/main/java/jenkins/model/Jenkins.java M core/src/test/java/hudson/UtilTest.java M test/src/test/java/hudson/cli/GetNodeCommandTest.java M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java M test/src/test/java/hudson/model/NodeTest.java Log Message: ----------- Merge branch 'security-stable-1.642' into security-stable-1.651 Commit: f4c7571baf37531d244679ae70cc92758109a22a https://github.com/jenkinsci/jenkins/commit/f4c7571baf37531d244679ae70cc92758109a22a Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-28 (Thu, 28 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java Log Message: ----------- Make it possible to disable SecurityRealm.loadUserByUsername call with a system property if it proves too slow in certain circumstances. Commit: 9b7b8b851079154297578e4ca087835d2e8454d0 https://github.com/jenkinsci/jenkins/commit/9b7b8b851079154297578e4ca087835d2e8454d0 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java M core/src/main/java/hudson/security/BasicAuthenticationFilter.java M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java M core/src/main/java/jenkins/model/Jenkins.java M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java M test/src/test/java/hudson/model/UserTest.java M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java Log Message: ----------- Merge pull request #69 from jenkinsci-cert/SECURITY-243-amended [SECURITY-243] Prefer id to fullName Commit: 7aac5298406524506ffa73af62d8232cdad7d098 https://github.com/jenkinsci/jenkins/commit/7aac5298406524506ffa73af62d8232cdad7d098 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/java/hudson/model/NodeTest.java Log Message: ----------- WebRequestSettings → WebRequest in new HtmlUnit. Commit: 2de7f0adc55e6982d6dee0141b9c3f4f0a379718 https://github.com/jenkinsci/jenkins/commit/2de7f0adc55e6982d6dee0141b9c3f4f0a379718 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java M core/src/main/java/hudson/security/BasicAuthenticationFilter.java M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java M core/src/main/java/jenkins/model/Jenkins.java M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java M test/src/test/java/hudson/model/UserTest.java M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java Log Message: ----------- Merge branch 'security-stable-1.609' into security-stable-1.625 Commit: fa99d6fe8ef2777e17c7116aa381bc2303ba62e1 https://github.com/jenkinsci/jenkins/commit/fa99d6fe8ef2777e17c7116aa381bc2303ba62e1 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java M core/src/main/java/hudson/security/BasicAuthenticationFilter.java M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java M core/src/main/java/jenkins/model/Jenkins.java M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java M test/src/test/java/hudson/model/NodeTest.java M test/src/test/java/hudson/model/UserTest.java M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java Log Message: ----------- Merge branch 'security-stable-1.625' into security-stable-1.642 Commit: e3848ba2a0bfcd026aa15f81a37016fe9973f722 https://github.com/jenkinsci/jenkins/commit/e3848ba2a0bfcd026aa15f81a37016fe9973f722 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/User.java M core/src/main/java/hudson/security/BasicAuthenticationFilter.java M core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java M core/src/main/java/jenkins/model/Jenkins.java M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java M core/src/main/java/jenkins/security/ImpersonatingUserDetailsService.java M core/src/main/java/jenkins/security/LastGrantedAuthoritiesProperty.java M test/src/test/java/hudson/model/NodeTest.java M test/src/test/java/hudson/model/UserTest.java M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java Log Message: ----------- Merge branch 'security-stable-1.642' into security-stable-1.651 Commit: aeefa6eb99a2c54b30bbd40bb68212360717a4a2 https://github.com/jenkinsci/jenkins/commit/aeefa6eb99a2c54b30bbd40bb68212360717a4a2 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ItemGroupMixIn.java M core/src/main/resources/hudson/model/Messages.properties Log Message: ----------- More informative error when refusing to copy. Commit: de29daa369b8de51ce1d60df76796b5e395253ea https://github.com/jenkinsci/jenkins/commit/de29daa369b8de51ce1d60df76796b5e395253ea Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/Functions.java M core/src/main/java/hudson/cli/GetJobCommand.java M core/src/main/java/hudson/model/AbstractItem.java M core/src/main/java/hudson/model/Item.java M core/src/main/java/hudson/model/ItemGroupMixIn.java M core/src/main/java/hudson/util/Secret.java M core/src/main/resources/hudson/model/Messages.properties M core/src/test/groovy/hudson/util/SecretTest.groovy M test/src/test/java/lib/form/PasswordTest.java A test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly Log Message: ----------- Merge pull request #63 from jenkinsci-cert/SECURITY-266 [SECURITY-266] Conceal ciphertext from users who could not resubmit it here Commit: 416439ef2f1d48821ef1aa2eb3a63e72ee0dfb70 https://github.com/jenkinsci/jenkins/commit/416439ef2f1d48821ef1aa2eb3a63e72ee0dfb70 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/Functions.java M core/src/main/java/hudson/cli/GetJobCommand.java M core/src/main/java/hudson/model/AbstractItem.java M core/src/main/java/hudson/model/Item.java M core/src/main/java/hudson/model/ItemGroupMixIn.java M core/src/main/java/hudson/util/Secret.java M core/src/main/resources/hudson/model/Messages.properties M core/src/test/groovy/hudson/util/SecretTest.groovy M test/src/test/java/lib/form/PasswordTest.java A test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly Log Message: ----------- Merge branch 'security-stable-1.609' into security-stable-1.625 Commit: 2992fdad7684ca1755a99311017ebca853eba02e https://github.com/jenkinsci/jenkins/commit/2992fdad7684ca1755a99311017ebca853eba02e Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/Functions.java M core/src/main/java/hudson/cli/GetJobCommand.java M core/src/main/java/hudson/model/AbstractItem.java M core/src/main/java/hudson/model/Item.java M core/src/main/java/hudson/model/ItemGroupMixIn.java M core/src/main/java/hudson/util/Secret.java M core/src/main/resources/hudson/model/Messages.properties M core/src/test/groovy/hudson/util/SecretTest.groovy M test/src/test/java/lib/form/PasswordTest.java A test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly Log Message: ----------- Merge branch 'security-stable-1.625' into security-stable-1.642 Commit: 4baafc09517bfc71160c19557e7b2339562633ef https://github.com/jenkinsci/jenkins/commit/4baafc09517bfc71160c19557e7b2339562633ef Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/Functions.java M core/src/main/java/hudson/cli/GetJobCommand.java M core/src/main/java/hudson/model/AbstractItem.java M core/src/main/java/hudson/model/Item.java M core/src/main/java/hudson/model/ItemGroupMixIn.java M core/src/main/java/hudson/util/Secret.java M core/src/main/resources/hudson/model/Messages.properties M core/src/test/groovy/hudson/util/SecretTest.groovy M test/src/test/java/lib/form/PasswordTest.java A test/src/test/resources/lib/form/PasswordTest/VulnerableProperty/config.jelly Log Message: ----------- Merge branch 'security-stable-1.642' into security-stable-1.651 Commit: 92556fd1a33b2c0311355290c2fc7e1083fa32de https://github.com/jenkinsci/jenkins/commit/92556fd1a33b2c0311355290c2fc7e1083fa32de Author: Antonio Muñiz <amu...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java M test/src/test/java/hudson/model/ParametersActionTest2.java Log Message: ----------- [SECURITY-170] Whitelisted parameters system property added (as suggested by @jglick) Commit: 6a6446a031bdfba763858fb886705d7810dc6410 https://github.com/jenkinsci/jenkins/commit/6a6446a031bdfba763858fb886705d7810dc6410 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/test/java/hudson/util/XStream2Test.java R core/src/test/resources/hudson/util/old-concurrentHashMap.xml Log Message: ----------- Backporting concurrentHashMapSerialization test removal from #2071, as it prevents use of JDK 8 to run core tests. Commit: b85c74fc0cf31d625925cfe24201218700705bf3 https://github.com/jenkinsci/jenkins/commit/b85c74fc0cf31d625925cfe24201218700705bf3 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/test/java/hudson/util/XStream2Test.java R core/src/test/resources/hudson/util/old-concurrentHashMap.xml Log Message: ----------- Merge branch 'security-stable-1.609' into security-stable-1.625 Commit: 7d4065562cf0079daf17c21f1f664454b320d738 https://github.com/jenkinsci/jenkins/commit/7d4065562cf0079daf17c21f1f664454b320d738 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/test/java/hudson/util/XStream2Test.java R core/src/test/resources/hudson/util/old-concurrentHashMap.xml Log Message: ----------- Merge branch 'security-stable-1.625' into security-stable-1.642 Commit: ebad8164bef8d8766f11fb65f1c053f033cb0351 https://github.com/jenkinsci/jenkins/commit/ebad8164bef8d8766f11fb65f1c053f033cb0351 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/test/java/hudson/util/XStream2Test.java R core/src/test/resources/hudson/util/old-concurrentHashMap.xml Log Message: ----------- Merge branch 'security-stable-1.642' into security-stable-1.651 Commit: eb2b62e1aad4fae582c4d0433e2a9ed0dce71efc https://github.com/jenkinsci/jenkins/commit/eb2b62e1aad4fae582c4d0433e2a9ed0dce71efc Author: Antonio Muñiz <amu...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy Log Message: ----------- [SECURITY-170] Fixing test Commit: a7264a96278ac87d310d8ddaaf506196d6a550af https://github.com/jenkinsci/jenkins/commit/a7264a96278ac87d310d8ddaaf506196d6a550af Author: Antonio Muñiz <amu...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java M test/src/test/java/hudson/model/ParametersActionTest2.java Log Message: ----------- [SECURITY-170] More tests Commit: e4b97c5918c06e0a40bbdbc13b1a86fa3f69ada9 https://github.com/jenkinsci/jenkins/commit/e4b97c5918c06e0a40bbdbc13b1a86fa3f69ada9 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/java/hudson/model/ApiTest.java Log Message: ----------- [JENKINS-26775] Suppress ApiTest.wrappedMultipleItems prior to 1.651 where it is fixed for JDK 8. Commit: 4242be8b5d872a949afb540096c274848ea57cb0 https://github.com/jenkinsci/jenkins/commit/4242be8b5d872a949afb540096c274848ea57cb0 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/java/hudson/model/ApiTest.java Log Message: ----------- Merge branch 'security-stable-1.609' into security-stable-1.625 Commit: 6de0fc0f02182ad7027c6eee9daf121d3ca644b3 https://github.com/jenkinsci/jenkins/commit/6de0fc0f02182ad7027c6eee9daf121d3ca644b3 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/java/hudson/model/UserTest.java Log Message: ----------- Missing import. Commit: 06d47c760e99305fa94c86b9627bb9b0c040ada5 https://github.com/jenkinsci/jenkins/commit/06d47c760e99305fa94c86b9627bb9b0c040ada5 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/java/hudson/model/ApiTest.java M test/src/test/java/hudson/model/UserTest.java Log Message: ----------- Merge branch 'security-stable-1.625' into security-stable-1.642 Commit: a4a70977ca1b9f0329e362571914c3ae5e782138 https://github.com/jenkinsci/jenkins/commit/a4a70977ca1b9f0329e362571914c3ae5e782138 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/java/hudson/model/UserTest.java Log Message: ----------- Merge branch 'security-stable-1.642' into security-stable-1.651 Commit: edffecea84a4af2641e5814a555c208d9c4f42eb https://github.com/jenkinsci/jenkins/commit/edffecea84a4af2641e5814a555c208d9c4f42eb Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy A test/src/test/java/hudson/model/ParametersActionTest2.java A test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip Log Message: ----------- Merge pull request #59 from jenkinsci-cert/SECURITY-170-v2 [FIX SECURITY-170] Don't expose parameters not defined on the run Commit: 0f5e70f15a1724ea90b7f13ed7216723e9996cea https://github.com/jenkinsci/jenkins/commit/0f5e70f15a1724ea90b7f13ed7216723e9996cea Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy A test/src/test/java/hudson/model/ParametersActionTest2.java A test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip Log Message: ----------- Merge branch 'security-stable-1.609' into security-stable-1.625 Commit: ecf0ec7d3df20f0323c4044fb28719b2b04e11d2 https://github.com/jenkinsci/jenkins/commit/ecf0ec7d3df20f0323c4044fb28719b2b04e11d2 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy A test/src/test/java/hudson/model/ParametersActionTest2.java A test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip Log Message: ----------- Merge branch 'security-stable-1.625' into security-stable-1.642 Commit: 94af2e874c010363e026f54805e9da37bc10c945 https://github.com/jenkinsci/jenkins/commit/94af2e874c010363e026f54805e9da37bc10c945 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M core/src/main/java/hudson/model/ParametersAction.java M test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy A test/src/test/java/hudson/model/ParametersActionTest2.java A test/src/test/resources/hudson/model/ParametersActionTest2/backwardCompatibility.zip Log Message: ----------- Merge branch 'security-stable-1.642' into security-stable-1.651 Commit: 9f3f352ee989c861e5304dc0ac4e7b06f7fd1403 https://github.com/jenkinsci/jenkins/commit/9f3f352ee989c861e5304dc0ac4e7b06f7fd1403 Author: Jesse Glick <jgl...@cloudbees.com> Date: 2016-04-29 (Fri, 29 Apr 2016) Changed paths: M test/src/test/java/hudson/cli/GetNodeCommandTest.java M test/src/test/java/hudson/cli/UpdateNodeCommandTest.java Log Message: ----------- [JENKINS-32273] CLI exit codes changed as of #1997 in 1.649. Commit: b6bbc1414e31840e0c09dbff080019c3c8e92a35 https://github.com/jenkinsci/jenkins/commit/b6bbc1414e31840e0c09dbff080019c3c8e92a35 Author: Kohsuke Kawaguchi <k...@kohsuke.org> Date: 2016-05-11 (Wed, 11 May 2016) Changed paths: M cli/pom.xml M core/pom.xml M pom.xml M test/pom.xml M war/pom.xml Log Message: ----------- [maven-release-plugin] prepare release jenkins-1.651.2 Commit: 12e79963cca5122351943ee107f65c3ad91a2e25 https://github.com/jenkinsci/jenkins/commit/12e79963cca5122351943ee107f65c3ad91a2e25 Author: Oleg Nenashev <o.v.nenas...@gmail.com> Date: 2016-05-25 (Wed, 25 May 2016) Changed paths: M pom.xml Log Message: ----------- [JENKINS-19445, JENKINS-34213, JENKINS-34808, JENKINS-34121] Bump remoting to 2.59. (#2344) * [JENKINS-19445, JENKINS-34213, JENKINS-34808] Bump remoting to 2.58. Changes: * [JENKINS-34213](https://issues.jenkins-ci.org/browse/JENKINS-34213) - Ensure that the unexporter cleans up whatever it can each sweep (https://github.com/jenkinsci/remoting/pull/81) * [JENKINS-19445](https://issues.jenkins-ci.org/browse/JENKINS-19445) Force class load on UserRequest in order to prevent deadlock on windows nodes when using JNA and Subversion (https://github.com/jenkinsci/remoting/pull/81) * [JENKINS-34808](https://issues.jenkins-ci.org/browse/JENKINS-34808) - Allow user to adjust socket timeout (https://github.com/jenkinsci/remoting/pull/68) * [JENKINS-34121] - Upgrade remoting to 2.59 (cherry picked from commit 409438f36dc80f20964fb16f8d88041e11ba4ed4) Commit: d53cab3ef68b62a4a6dbb247012577c338dfc133 https://github.com/jenkinsci/jenkins/commit/d53cab3ef68b62a4a6dbb247012577c338dfc133 Author: Oliver Gondža <ogon...@gmail.com> Date: 2016-05-25 (Wed, 25 May 2016) Changed paths: M core/src/main/java/hudson/model/CauseAction.java Log Message: ----------- [JENKINS-33467] Adjust reported Jenkins version number for LTS Commit: 02725adfa16d58a6743c767bc00c370bb89f38b5 https://github.com/jenkinsci/jenkins/commit/02725adfa16d58a6743c767bc00c370bb89f38b5 Author: Carlos Rendon <cren...@gmail.com> Date: 2016-05-25 (Wed, 25 May 2016) Changed paths: M core/src/main/java/hudson/model/Run.java Log Message: ----------- Fix RSS id for builds in folders (#1965) [JENKINS-34767] - Prevent RSS ID collisions for items with same name in different folders (cherry picked from commit d8076e9654a4be6cd0792ea954363b209c44313b) Commit: c6131436f4a022cae8772508873181e1d148a91b https://github.com/jenkinsci/jenkins/commit/c6131436f4a022cae8772508873181e1d148a91b Author: Oleg Nenashev <o.v.nenas...@gmail.com> Date: 2016-05-25 (Wed, 25 May 2016) Changed paths: M core/src/main/java/hudson/PluginManager.java M core/src/main/java/jenkins/util/JSONSignatureValidator.java Log Message: ----------- [JENKINS-34745] - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333) * [JENKINS-34745] - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature * [JENKINS-34745] - Fix typo in the validator * [JENKINS-34745] - Fix the formatting of the validation message (cc @lanwen) (cherry picked from commit 1e6afbae3b82936602f28c402379e04d0b00a47e) Commit: baf831faf6ebf0b65b165b909575d26c8592c1a9 https://github.com/jenkinsci/jenkins/commit/baf831faf6ebf0b65b165b909575d26c8592c1a9 Author: Oleg Nenashev <o.v.nenas...@gmail.com> Date: 2016-05-25 (Wed, 25 May 2016) Changed paths: M core/src/main/java/hudson/PluginWrapper.java Log Message: ----------- [JENKINS-34710] - PluginWrapper should not throw IOException if somebody enables the enabled plugin (#2327) (cherry picked from commit c83a8fdf0d048905928ba531d45527c1173f868d) Compare: https://github.com/jenkinsci/jenkins/compare/f391f8be2bd0...baf831faf6eb -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.