----- [ snippet ] ------------ > > The behavior changed between 1.651.1 and 1.652.2. > > Specifically this was a security fix that came in with 1.652.2. See the > security fixes [0] that came with the release notes. Search for > SECURITY-250 or CVE-2016-3723. > > -Andy- > > [0] > https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
Hmm. I just tested with Jenkins ver 1.653 and was still able to access plugin info using REST api as an anonymous user. I enabled security with following settings: * jenkins own db * logged-in user can do anything * prevent cross site request While not logged in I can get plugin info using '<jenkins-baseurl>/pluginManager/api/json?depth=1' Maybe this there's some setting you have enabled that's causing your jenkins to require admin to access plugin info? _______________________________________________ OpenStack-Infra mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
