Branch: refs/heads/stable-2.7.3.x
  Home:   https://github.com/jenkinsci/git-client-plugin
  Commit: 80383025704cae428f245c04a9902d3da87c32a5
      
https://github.com/jenkinsci/git-client-plugin/commit/80383025704cae428f245c04a9902d3da87c32a5
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2019-09-09 (Mon, 09 Sep 2019)

  Changed paths:
    M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java

  Log Message:
  -----------
  Options should precede operands to git commands


  Commit: aa98c90f20ff416dd754ac3b9f8d803c7a6e4306
      
https://github.com/jenkinsci/git-client-plugin/commit/aa98c90f20ff416dd754ac3b9f8d803c7a6e4306
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2019-09-09 (Mon, 09 Sep 2019)

  Changed paths:
    A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java

  Log Message:
  -----------
  Add SECURITY-1534 tests


  Commit: 328d6cf0b9d1f56c097c42d1372e435ccf270871
      
https://github.com/jenkinsci/git-client-plugin/commit/328d6cf0b9d1f56c097c42d1372e435ccf270871
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2019-09-09 (Mon, 09 Sep 2019)

  Changed paths:
    M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java

  Log Message:
  -----------
  [SECURITY-1534] Prevent remote execution by repo URL

SECURITY-1534 reports that user input in the repository URL field is not
validated sufficiently. A carefully crafted value in the URL field can
allow a user with Job administration permissions to execute an arbitrary
program on the Jenkins master.

Sanity check the values passed as repository URL to the ls-remote and
fetch commands so that user entered data cannot execute arbitrary programs
on the Jenkins master.

Use -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL=false
to disable URL checking.


  Commit: 4369e8de376d65b45c7ee48c9361f4e24db908a8
      
https://github.com/jenkinsci/git-client-plugin/commit/4369e8de376d65b45c7ee48c9361f4e24db908a8
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2019-09-09 (Mon, 09 Sep 2019)

  Changed paths:
    M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
    M src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java

  Log Message:
  -----------
  Test with remote URL checking enabled and disabled

Randomize remote check test, test a subset for speed.

Don't assert expected message when testing with remote URL checks
disabled.  The assertion messages come from command line git and vary
depending on the version of git installed on the computer.  Not reliable
across multiple git versions.

Ignore marker file existence in some tests

If a test has remote URL checking disabled, then it is expected that
some cases will allow the marker file to be created.  Only check for
the marker file when running with remote URL checking enabled.


  Commit: e47bbaafd8f0263fb46fbb4aa00480e9b20031e0
      
https://github.com/jenkinsci/git-client-plugin/commit/e47bbaafd8f0263fb46fbb4aa00480e9b20031e0
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2019-09-09 (Mon, 09 Sep 2019)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  Prepare pom for 2.7.3.1 release


  Commit: bbd872173cd5ad98bbb21ea2b7c6e434207068b7
      
https://github.com/jenkinsci/git-client-plugin/commit/bbd872173cd5ad98bbb21ea2b7c6e434207068b7
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2019-09-09 (Mon, 09 Sep 2019)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  [maven-release-plugin] prepare release git-client-2.7.3.1


  Commit: cec132090788fd35844850dca9fa2913236b693c
      
https://github.com/jenkinsci/git-client-plugin/commit/cec132090788fd35844850dca9fa2913236b693c
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2019-09-09 (Mon, 09 Sep 2019)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  [maven-release-plugin] prepare for next development iteration


Compare: 
https://github.com/jenkinsci/git-client-plugin/compare/80383025704c%5E...cec132090788

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/git-client-plugin/push/refs/heads/stable-2.7.3.x/000000-cec132%40github.com.

Reply via email to