Hi Oleg, I've hit the same problem as others on this thread (my password no longer works and a reset doesn't send the email). Can you reset my account pw too? User id is mattmurp
Thanks, On Monday, June 15, 2020 at 10:13:25 AM UTC-4, Oleg Nenashev wrote: > > Uploads should be reenabled now: > https://groups.google.com/d/msg/jenkinsci-dev/3UvrCTflXGk/gWT_tH7VAgAJ > > On Sunday, June 14, 2020 at 2:48:20 PM UTC+2, Oleg Nenashev wrote: >> >> Please see >> https://groups.google.com/forum/m/#!topic/jenkinsci-dev/3UvrCTflXGk for >> the status updates. Yes, downloads are still blocked >> >> On Sun, Jun 14, 2020, 14:40 Roni Segal <[email protected] <javascript:>> >> wrote: >> >>> Hi any updates on the uploads? we still cannot upload our plugin >>> >>> On Tuesday, 9 June 2020 15:58:33 UTC+3, Oleg Nenashev wrote: >>>> >>>> Downloads are restored. Another workaround has been applied by Daniel >>>> in >>>> https://github.com/jenkins-infra/repository-permissions-updater/pull/1569 >>>> , >>>> so no user downloads are no longer broken. >>>> Thanks a lot to Daniel Beck for the quick fix! >>>> >>>> Uploads are still blocked for everyone except a few users with >>>> Artifactory-wide permissions. We will be reviewing our options and >>>> communicating the next steps soon >>>> >>>> Best regards, >>>> Oleg >>>> >>>> On Tuesday, June 9, 2020 at 2:29:39 PM UTC+2, Oleg Nenashev wrote: >>>>> >>>>> We are also experiencing issues with artifact downloads, likely a >>>>> collateral damage after the change >>>>> >>>>> On Tuesday, June 9, 2020 at 11:15:03 AM UTC+2, Oleg Nenashev wrote: >>>>>> >>>>>> Hi all, >>>>>> >>>>>> An official update w.r.t this topic is coming soon. I confirm the >>>>>> assessment by Dmitry, it is a potential security risk which was reported >>>>>> on >>>>>> multiple occasions. SECURITY-1895 is a report for this incident, and it >>>>>> is >>>>>> currently being investigated by the security team. >>>>>> >>>>>> Just to provide some updates: >>>>>> >>>>>> - As of 8:50AM UTC, uploads to Jenkins Artifactory "/releases" >>>>>> location are prohibited. Plugin maintainers will get HTTP 409 when >>>>>> they try >>>>>> to upload releases. Incremental releases and snapshot deployment are >>>>>> not >>>>>> affected b this change >>>>>> - We are reviewing all audit logs to confirm whether the >>>>>> potential issue with uploads was exploited. According to the >>>>>> preliminary >>>>>> analysis, the answer is "no" >>>>>> >>>>>> Today at 3:30PM UTC we will also have a Jenkins Infrastructure team >>>>>> meeting where this issue will be discussed in more details. Calendar >>>>>> link >>>>>> >>>>>> Best regards, >>>>>> Oleg Nenashev >>>>>> Jenkins Security Team >>>>>> >>>>>> >>>>>> >>>>>> On Tuesday, June 9, 2020 at 2:08:31 AM UTC+2, Dmitry Sotnikov wrote: >>>>>>> >>>>>>> Do you guys plan to reach out to all the extension owners? >>>>>>> >>>>>>> We just accidentally found out about the issue: couldn't log in or >>>>>>> reset password, and then found this thread. When we created a new >>>>>>> account >>>>>>> (42Crunch) for our company it just automatically assumed all access and >>>>>>> extension ownership for the plugin that we had published a few weeks >>>>>>> ago. >>>>>>> >>>>>>> This can be dangerous because someone might take over existing >>>>>>> accounts of other vendors and then push malware updates to customers. >>>>>>> >>>>>>> Dmitry >>>>>>> >>>>>>> On Friday, June 5, 2020 at 1:21:09 AM UTC-7, Oleg Nenashev wrote: >>>>>>>> >>>>>>>> Yes, it is better to do password reset. >>>>>>>> Admin UI in the Account App looks a bit strange for me, apparently >>>>>>>> I cannot reset passwords for other users at the moment. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Jun 5, 2020 at 10:16 AM Mez Pahlan <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> I'm glad I checked here first! >>>>>>>>> >>>>>>>>> Same thing happened to me. My user id is: mezpahlan >>>>>>>>> >>>>>>>>> I registered more than 3 months ago but I *have* changed my >>>>>>>>> password in the last 3 months and don't remember the old one any >>>>>>>>> more. Do I >>>>>>>>> need to password reset? >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> On Wednesday, 3 June 2020 16:30:10 UTC+1, Johan Cornelissen wrote: >>>>>>>>>> >>>>>>>>>> Up until two days ago I was able to log into Jenkins LDAP without >>>>>>>>>> issues. >>>>>>>>>> Now if I try to login it says invalid password, and a password >>>>>>>>>> reset attempt on https://accounts.jenkins.io/ isn't working (I >>>>>>>>>> receive no email, even though password resets have worked for me in >>>>>>>>>> the >>>>>>>>>> past). >>>>>>>>>> >>>>>>>>>> Could someone help take a look? I'll send my username privately. >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to a topic in >>>>>>>>> the Google Groups "Jenkins Developers" group. >>>>>>>>> To unsubscribe from this topic, visit >>>>>>>>> https://groups.google.com/d/topic/jenkinsci-dev/juHejx8zfdg/unsubscribe >>>>>>>>> . >>>>>>>>> To unsubscribe from this group and all its topics, send an email >>>>>>>>> to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/jenkinsci-dev/cf850002-2412-49a1-988b-65b992a7e633o%40googlegroups.com >>>>>>>>> >>>>>>>>> <https://groups.google.com/d/msgid/jenkinsci-dev/cf850002-2412-49a1-988b-65b992a7e633o%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Jenkins Developers" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/jenkinsci-dev/juHejx8zfdg/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected] <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/82dfbbd1-7a72-4560-b2ad-5278e8383c6bo%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/jenkinsci-dev/82dfbbd1-7a72-4560-b2ad-5278e8383c6bo%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7a9bffc1-ec54-4fdd-9068-86f8a14abda3o%40googlegroups.com.
