LTS is supposed to include critical security fixes too... otherwise it's just a version that stays around for a while.
https://groups.google.com/forum/?fromgroups=#!topic/jenkinsci-advisories/P32IpTQNT5o https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 "Slaves that are started via Java Web Start will fail to reconnect if the *.jnlp file is locally stored. This is because the authentication tokens change. An administrator would have to login to the UI, retrieve the *.jnlp file and overwrite what's already on the slave. A slave that was launched via Java Web Start and then turned into a service through its menu falls into this category." My understanding of this issue, and until now I have stayed off contributing to the security advisory list as I don't want that to be seen as too CloudBees heavy (there's already KK & Jesse on the list and perhaps Ryan and Nicolas too), is that there was no other way to fix the issue at hand. Perhaps the changelog (http://jenkins-ci.org/changelog-stable) could have given a link to the Security Advisory, or at least mentioned that there were manual steps to be taken... that would be a good issue to put before the biweekly jenkins project meetings (at a time when I am cooking dinner, hence why I am never on them) -Stephen On 13 February 2013 13:39, Les Mikesell <[email protected]> wrote: > So, does that mean surprising changes should go undocumented and even > backed into revs where they are more surprising? Or did I just miss > the part in the release notes that said previously-working systems > would break? > > > On Wed, Feb 13, 2013 at 2:57 AM, Stephen Connolly > <[email protected]> wrote: > > IIRC this was fallout from fixing a critical security issue > > > > > > On 12 February 2013 16:21, Les Mikesell <[email protected]> wrote: > >> > >> On Tue, Feb 12, 2013 at 9:37 AM, Fisher, Allen <[email protected]> > >> wrote: > >> > I did notice something interesting. If I launch via the website, the > >> > slaves > >> > will connect, until I install the service. After that, they don’t > >> > connect. > >> > >> If it works when you are authenticated in the browser before > >> launching, but not as a service it is because the system changed to > >> require slaves to authenticate via jnlp but it seems to be mostly > >> broken. I changed mine to start via ssh (linux) and 'let jenkins > >> control this windows slave" on the windows systems where that worked. > >> Not sure what to do about the windows 2008 systems where none of that > >> works. > >> > >> If you are on a private firewalled LAN, you might be OK with allowing > >> anonymous read and slave connect in your main authorization matrix to > >> restore the old behavior. > >> > >> By the way - was this change documented somewhere for the LTS 1.480.2 > >> release?. I had seen the problem mentioned for 1.49x versions but > >> wasn't expecting it in 1.480.2. - and I thought the point of the LTS > >> line was to avoid surprises. > >> > >> -- > >> Les Mikesell > >> [email protected] > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Jenkins Users" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Jenkins Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
