[JIRA] (JENKINS-58715) Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186
Title: Message Title Chris Jones resolved as Fixed Jenkins / JENKINS-58715 Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186 Change By: Chris Jones Status: Open Resolved Resolution: Fixed Released As: 2.29.0 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201007.1564424622000.3625.1564435500244%40Atlassian.JIRA.
[JIRA] (JENKINS-58715) Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186
Title: Message Title Chris Jones commented on JENKINS-58715 Re: Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186 Using Gerrit Trigger 2.29.0, I can see the server list with without a whitelist. Thanks! I still see the Stapler block on 2.28.0, so I guess the 2.29.0 did the trick. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201007.1564424622000.3622.1564435320344%40Atlassian.JIRA.
[JIRA] (JENKINS-58715) Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186
Title: Message Title Chris Jones commented on JENKINS-58715 Re: Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186 Yes, it was left on 2.72.2 after the JEP-200 induced plugin upgrade. I'll try to stand up a clone and test 2.29.0. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201007.1564424622000.3530.1564432920821%40Atlassian.JIRA.
[JIRA] (JENKINS-58715) Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186
Title: Message Title Chris Jones edited a comment on JENKINS-58715 Re: Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186 Yes, it was left on 2. 72 27 .2 after the JEP-200 induced plugin upgrade. I'll try to stand up a clone and test 2.29.0. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201007.1564424622000.3532.1564432920904%40Atlassian.JIRA.
[JIRA] (JENKINS-58715) Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186
Title: Message Title Chris Jones created an issue Jenkins / JENKINS-58715 Gerrit Trigger Plugin is affected by SECURITY-534 fix in Jenkins 2.176.2 and 2.186 Issue Type: Bug Assignee: rsandell Components: gerrit-trigger-plugin Created: 2019-07-29 18:23 Environment: Core 2.176.2+ and 2.186+ Priority: Minor Reporter: Chris Jones After upgrading our master to CloudBees 2.138.42.0.1, which picked up a back-ported SECURITY-534 fix, I was unable to view the server list on the Gerrit Trigger status page. The table simply read "Data Error." and the /gerrit-trigger/serverStatuses call returns a 404. The servers themselves seemed functional according to the logs. Also in the logs: WARNING: New Stapler dispatch rules result in the URL "/gerrit-trigger/serverStatuses" no longer being allowed. If you consider it safe to use, add the following to the whitelist: "com.sonyericsson.hudson.plugins.gerrit.trigger.GerritManagement serverStatuses". Learn more: https://jenkins.io/redirect/stapler-facet-restrictions Adding the above to the whitelist fixed the issue.