Le lundi 23 novembre 2015 à 13:16 -0500, Vijay Bellur a écrit : > > ----- Original Message ----- > > From: "Kaushal M" <[email protected]> > > To: "gluster-infra" <[email protected]> > > Sent: Monday, November 23, 2015 1:54:38 AM > > Subject: [Gluster-infra] Jenkins security update available 1.638 > > > > Hi, Jenkins 1.638 was released which fixes many security issues. More > > details on the issues fixed can be found in the announcement [1]. > > > > As we've been looking forward to improve our infra security, I think > > we should upgrade at once. > > > > IIUC, jenkins is now installed using RPMs via the upstream repository. > > So we should be able to easily update it to the latest version. If no > > one has objections, I'll update the package and schedule a jenkins > > restart. > > > > You can upgrade from the jenkins Web UI too. The nice thing about the UI is > that it allows you to downgrade to the current version if the upgrade breaks > something.
But that also mean that jenkins, if there is a security issue, can just change its own code and so make any malware be persistant :/ I updated the rpm this morning (or afternoon), and just restarted jenkins, tell me if there is issues. (like, new issue) Also, if someone want to help, I think jenkins-job-builder would be great to use to track the job and config in git :) -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gluster-infra mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-infra
