Branch: refs/heads/stable-2.7.7.x Home: https://github.com/jenkinsci/git-client-plugin Commit: 2ac7394be03162ecd21fdb95068f39d83e00b834 https://github.com/jenkinsci/git-client-plugin/commit/2ac7394be03162ecd21fdb95068f39d83e00b834 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths: M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java Log Message: ----------- Options should precede operands to git commands Commit: 9f14b0bdfc6f5914f79fa7edbe6757a37c95d18b https://github.com/jenkinsci/git-client-plugin/commit/9f14b0bdfc6f5914f79fa7edbe6757a37c95d18b Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java Log Message: ----------- Add SECURITY-1534 tests Commit: 61d011dd4b9c87851164ab4623f76527a6ad96ef https://github.com/jenkinsci/git-client-plugin/commit/61d011dd4b9c87851164ab4623f76527a6ad96ef Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java Log Message: ----------- [SECURITY-1534] Prevent remote execution by repo URL SECURITY-1534 reports that user input in the repository URL field is not validated sufficiently. A carefully crafted value in the URL field can allow a user with Job administration permissions to execute an arbitrary program on the Jenkins master. Sanity check the values passed as repository URL to the ls-remote and fetch commands so that user entered data cannot execute arbitrary programs on the Jenkins master. Use -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL=false to disable URL checking. Commit: 9625ebf3377ca73b26b3a204ea84960ee6f7074a https://github.com/jenkinsci/git-client-plugin/commit/9625ebf3377ca73b26b3a204ea84960ee6f7074a Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java M src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java Log Message: ----------- Test with remote URL checking enabled and disabled Randomize remote check test, test a subset for speed. Don't assert expected message when testing with remote URL checks disabled. The assertion messages come from command line git and vary depending on the version of git installed on the computer. Not reliable across multiple git versions. Ignore marker file existence in some tests If a test has remote URL checking disabled, then it is expected that some cases will allow the marker file to be created. Only check for the marker file when running with remote URL checking enabled. Commit: 8343293d85bc98dbe618ad032e214762817d1aea https://github.com/jenkinsci/git-client-plugin/commit/8343293d85bc98dbe618ad032e214762817d1aea Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: M pom.xml Log Message: ----------- Prepare pom for 2.7.7.1 release Commit: 13c55317b816f5ff332110dd000c388069cba57d https://github.com/jenkinsci/git-client-plugin/commit/13c55317b816f5ff332110dd000c388069cba57d Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: M pom.xml Log Message: ----------- [maven-release-plugin] prepare release git-client-2.7.7.1 Commit: 86967ece3d28bdbba555a49bef1431d18b2d2154 https://github.com/jenkinsci/git-client-plugin/commit/86967ece3d28bdbba555a49bef1431d18b2d2154 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: M pom.xml Log Message: ----------- [maven-release-plugin] prepare for next development iteration Compare: https://github.com/jenkinsci/git-client-plugin/compare/2ac7394be031%5E...86967ece3d28 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/git-client-plugin/push/refs/heads/stable-2.7.7.x/000000-86967e%40github.com.