The 1.652.x series is an lts release, so fixes were backported to it that are not in subsequent dev releases.
Darragh Bailey "Nothing is foolproof to a sufficiently talented fool" - unknown On 14 Jun 2016 20:02, "Zaro" <zaro0...@gmail.com> wrote: > ----- [ snippet ] ------------ > > > > The behavior changed between 1.651.1 and 1.652.2. > > > > Specifically this was a security fix that came in with 1.652.2. See the > > security fixes [0] that came with the release notes. Search for > > SECURITY-250 or CVE-2016-3723. > > > > -Andy- > > > > [0] > > > https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 > > Hmm. I just tested with Jenkins ver 1.653 and was still able to > access plugin info using REST api as an anonymous user. > I enabled security with following settings: > * jenkins own db > * logged-in user can do anything > * prevent cross site request > > While not logged in I can get plugin info using > '<jenkins-baseurl>/pluginManager/api/json?depth=1' > > Maybe this there's some setting you have enabled that's causing your > jenkins to require admin to access plugin info? >
_______________________________________________ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
