Hi everyone, Starting in Jenkins 2.223, `mvn jetty:run` will only listen on the loopback interface (localhost) by default. Maven HPI Plugin 3.12, used by default from plugin parent POM 3.57 and 4.0-beta-5, does the same for `mvn hpi:run`.
This prevents users on your network from accessing development/debug Jenkins instances. You should update plugins you work on to these releases of Maven HPI Plugin if you work on them on an untrusted network (and don't configure security). If you want to make Jenkins available to others on your network again, use `-Dhost=0.0.0.0`. We're aware of ESET endpoint security breaking this, as it prohibits access to `localhost:8080` specifically. Use `127.0.0.1:8080` or set e.g. `-Dport=8081`. Slightly related, Jenkins 2.222 and newer (and therefore the upcoming LTS baseline as well) will always have CSRF protection enabled, further reducing exposure of debug Jenkins instances that never had their security set up. If you regularly run older Jenkins instances via jetty:run, hudson/jenkins-dev:run, or hpi:run, make sure to set up at least CSRF protection. Regards, Daniel -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/F011BBB0-BC2A-4714-8602-8E8D26242E14%40beckweb.net.
