[JIRA] [core] (JENKINS-25169) Winstone potentially vulnerable to POODLE (CVE-2014-3566)

[leo.le...@tier-3.com (JIRA)]

Leo Leung commented on JENKINS-25169 Winstone potentially vulnerable to POODLE (CVE-2014-3566) The method to trigger builds remotely using TOKEN authentication URLs with wget described in https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients no longer work due to SSLv1 and SSLv2 is now disabled because of the POODLE vulnerability fix. The command for wget 1.11.x needs to include the --secure-protocol=TLSv1 parameter. wget --auth-no-challenge --http-user=user --http-password=apiToken --secure-protocol=TLSv1 http://jenkins.yourcompany.com/job/your_job/build?token=TOKEN

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.