I am currently working through a few remaining test failures and will take the PR out of draft status once they are fixed
On Tuesday, December 10, 2019 at 6:08:24 AM UTC-5, Oleg Nenashev wrote: > > I am +1 for deprecating them. > All major plugins already hide them by default, and we have a security > advisory for it. > > https://jenkins.io/security/advisory/2017-04-10/#matrix-authorization-strategy-plugin-allowed-configuring-dangerous-permissions > and > below > > BR, Oleg > > On Monday, December 9, 2019 at 5:30:32 PM UTC+1, Michael Cirioli wrote: >> >> These permissions have been effectively hidden (unless specifically >> enabled) since 2017-4-10 see -> SECURITY-410 >> <https://jenkins.io/security/advisory/2017-04-10/#matrix-authorization-strategy-plugin-allowed-configuring-dangerous-permissions>). >> >> Work is underway to introduce a more sensible permission segregation that >> allows the delegation of limited administrative capabilities in a secure >> manner (see https://github.com/jenkinsci/jep/pull/249), and it seems >> reasonable to officially begin to phase out the usage of these permissions. >> >> A WIP PR is available for review ( >> https://github.com/jenkinsci/jenkins/pull/4365), as well as an >> associated issues (https://issues.jenkins-ci.org/browse/JENKINS-60406). >> If this PR is accepted, I expect to create an additional PR against the >> matrix-auth plugin that removes support for enabling the legacy behavior >> described in SECURITY-410 >> <https://jenkins.io/security/advisory/2017-04-10/#matrix-authorization-strategy-plugin-allowed-configuring-dangerous-permissions> >> : >> >> If you want to retain the old, unsafe behavior, set the system property >>> hudson.security.GlobalMatrixAuthorizationStrategy.dangerousPermissions to >>> true. >>> The plugin retains permissions configured before upgrading, so there >>> should be no changes in behavior afterwards. >>> >> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/4084483c-6511-4240-bcac-6d72f4fbc463%40googlegroups.com.
