Branch: refs/heads/stable-2.7.7.x
Home: https://github.com/jenkinsci/git-client-plugin
Commit: 2ac7394be03162ecd21fdb95068f39d83e00b834
https://github.com/jenkinsci/git-client-plugin/commit/2ac7394be03162ecd21fdb95068f39d83e00b834
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Log Message:
-----------
Options should precede operands to git commands
Commit: 9f14b0bdfc6f5914f79fa7edbe6757a37c95d18b
https://github.com/jenkinsci/git-client-plugin/commit/9f14b0bdfc6f5914f79fa7edbe6757a37c95d18b
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java
Log Message:
-----------
Add SECURITY-1534 tests
Commit: 61d011dd4b9c87851164ab4623f76527a6ad96ef
https://github.com/jenkinsci/git-client-plugin/commit/61d011dd4b9c87851164ab4623f76527a6ad96ef
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Log Message:
-----------
[SECURITY-1534] Prevent remote execution by repo URL
SECURITY-1534 reports that user input in the repository URL field is not
validated sufficiently. A carefully crafted value in the URL field can
allow a user with Job administration permissions to execute an arbitrary
program on the Jenkins master.
Sanity check the values passed as repository URL to the ls-remote and
fetch commands so that user entered data cannot execute arbitrary programs
on the Jenkins master.
Use -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL=false
to disable URL checking.
Commit: 9625ebf3377ca73b26b3a204ea84960ee6f7074a
https://github.com/jenkinsci/git-client-plugin/commit/9625ebf3377ca73b26b3a204ea84960ee6f7074a
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
M src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java
Log Message:
-----------
Test with remote URL checking enabled and disabled
Randomize remote check test, test a subset for speed.
Don't assert expected message when testing with remote URL checks
disabled. The assertion messages come from command line git and vary
depending on the version of git installed on the computer. Not reliable
across multiple git versions.
Ignore marker file existence in some tests
If a test has remote URL checking disabled, then it is expected that
some cases will allow the marker file to be created. Only check for
the marker file when running with remote URL checking enabled.
Commit: 8343293d85bc98dbe618ad032e214762817d1aea
https://github.com/jenkinsci/git-client-plugin/commit/8343293d85bc98dbe618ad032e214762817d1aea
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M pom.xml
Log Message:
-----------
Prepare pom for 2.7.7.1 release
Commit: 13c55317b816f5ff332110dd000c388069cba57d
https://github.com/jenkinsci/git-client-plugin/commit/13c55317b816f5ff332110dd000c388069cba57d
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare release git-client-2.7.7.1
Commit: 86967ece3d28bdbba555a49bef1431d18b2d2154
https://github.com/jenkinsci/git-client-plugin/commit/86967ece3d28bdbba555a49bef1431d18b2d2154
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare for next development iteration
Compare:
https://github.com/jenkinsci/git-client-plugin/compare/2ac7394be031%5E...86967ece3d28
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/git-client-plugin/push/refs/heads/stable-2.7.7.x/000000-86967e%40github.com.
