[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker commented on JENKINS-41891 Re: Serve static files from second domain as an alternative to setting CSP I have a general idea about how to manage the tokens for this. Are you suggesting the token should be in the path instead of as a query parameter? Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.178741.1486645144000.2034.1569010980229%40Atlassian.JIRA.
[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker commented on JENKINS-41891 Re: Serve static files from second domain as an alternative to setting CSP To clarify on the GitHub example, here's a sample Jenkins analogue: Main site: https://jenkins.dev.example.com/ Original static content URL: https://jenkins.dev.example.com/userContent/foo/bar.zip Tokenized secondary domain URL: https://jenkins-static.dev.example.com/userContent/foo/bar.zip?token=ABC123... Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.178741.1486645144000.2005.1569007320169%40Atlassian.JIRA.
[JIRA] (JENKINS-59460) Host address behaviour changed after 1.43
Title: Message Title Matt Sicker commented on JENKINS-59460 Re: Host address behaviour changed after 1.43 I don't know the feature details for this one; I was only doing generic code review for this one. Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.202053.1568966133000.1932.1568990820115%40Atlassian.JIRA.
[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker assigned an issue to Matt Sicker Jenkins / JENKINS-41891 Serve static files from second domain as an alternative to setting CSP Change By: Matt Sicker Assignee: Matt Sicker Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.178741.1486645144000.562.1568821260489%40Atlassian.JIRA.
[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker commented on JENKINS-41891 Re: Serve static files from second domain as an alternative to setting CSP I had a talk with Jesse to further hash out this idea. At the moment, the idea will be to create some sort of time-bound cache for static asset tokens to URLs where DirectoryBrowserSupport can be configured to only serve requests at a specific origin while all other requests are served from the Jenkins URL. When a secondary static domain is configured, the servlet filter should deny all requests to static assets unless they go through the configured domain, and requests to non-DBS pages must go through the root origin (possibly derived from Jenkins root URL config, though this might need to be a separate setting). Then it's a matter of setting up DNS appropriately to serve two domains to the same Jenkins instance and configuring the static origin settings. For Kubernetes-based setups, we might be able to provide or suggest some nginx-controller routing rules to support this. I'll likely be developing this feature using Apache as a reverse proxy, though I'll take a look into the K8s approach as well if it's not too complicated. Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.178741.1486645144000.560.1568821260425%40Atlassian.JIRA.
[JIRA] (JENKINS-50181) ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile
Title: Message Title Matt Sicker commented on JENKINS-50181 Re: ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile Is that a separate issue? And can you reproduce this with a unit test? See the original PR for example. Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.189200.1521076967000.5293.1568734680360%40Atlassian.JIRA.
[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker commented on JENKINS-41891 Re: Serve static files from second domain as an alternative to setting CSP I've read through some of the older issues related to this. So it seems like the main purpose of this feature request is to allow for the following scenario: As a plugin developer, I want a safe place to publish static assets on a separate domain so that a content security policy can be used to help prevent published content from interacting with and exploiting Jenkins itself. For example, if I wanted to publish some test results that have a fancy _javascript_-based UI, it would be nice to host that on its own domain so that it can't interact with Jenkins _javascript_ files or similar. This would also be useful to avoid a vector for exploiting XSS vulnerabilities in Jenkins. Based on how CSP works as Kalle Niemitalo mentions, we have to distinguish based on the domain name mostly, not the URL (other than the scheme and port). So I'd imagine we should try to support all the listed suggestions from Jesse Glick except for the subdirectory one. Any directory browser that requires authentication wouldn't really benefit from a separate domain name like example-cdn.com to example.com due to needing cookies for both. Static resources that are publicly available can benefit from a separate domain for CDN usage, though that seems a bit overkill for Jenkins (or maybe it isn't?). Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it
[JIRA] (JENKINS-26091) Marker interface for things with URL
Title: Message Title Matt Sicker commented on JENKINS-26091 Re: Marker interface for things with URL Can this use the stapler class WithWellKnownURL, or are you thinking of a Jenkins-specific interface? Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.159671.1418771876000.1411.1568227680309%40Atlassian.JIRA.
[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker commented on JENKINS-41891 Re: Serve static files from second domain as an alternative to setting CSP Another option: when using Kubernetes, this is just an exercise in devops to rewrite ingress rules based on paths. Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.178741.1486645144000.815.1568142360242%40Atlassian.JIRA.
[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker commented on JENKINS-41891 Re: Serve static files from second domain as an alternative to setting CSP Oh, I suppose maybe there's a fifth option: VirtualHost-style support in Winstone. Avoids the need for a reverse proxy to combine domains in simple scenarios as well as duplicating the servlet container. I'm not sure if this is viable depending on Winstone/Jetty features. Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.178741.1486645144000.799.1568140680227%40Atlassian.JIRA.
[JIRA] (JENKINS-41891) Serve static files from second domain as an alternative to setting CSP
Title: Message Title Matt Sicker commented on JENKINS-41891 Re: Serve static files from second domain as an alternative to setting CSP Now when you say second domain, can you clarify on the expected scope here? Here are some potential scope options: Support multiple domains via multiple web apps (i.e., keep Jenkins as one war, and have another war for handling static assets and access control) Support multiple domains via fancy Apache configs Support multiple domains where the static domain uses a dedicated web server like Apache or nginx (along with any config needed to allow for access control) Support multiple domains via CDN Another orthogonal concern: using subdomains of the same domain versus completely separate domains (though since many static assets require authorization, the usual benefits of splitting up your CDN domain name from your app domain name don't apply; we still need the cookies). Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsc
[JIRA] (JENKINS-56217) Allow version HTTP header to be hidden
Title: Message Title Matt Sicker updated JENKINS-56217 Released to the update center. This also updates the plugins.jenkins.io page to use the readme which has far better info about the plugin than the wiki page did. Jenkins / JENKINS-56217 Allow version HTTP header to be hidden Change By: Matt Sicker Status: Fixed but Unreleased Resolved Released As: extended-security-settings-1.2 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7328.1567709760384%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) Allow version HTTP header to be hidden
Title: Message Title Matt Sicker updated an issue Jenkins / JENKINS-56217 Allow version HTTP header to be hidden Change By: Matt Sicker Summary: allow to hide Allow version number HTTP header to be hidden Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7322.1567709700238%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker updated JENKINS-56217 Merged to master. Will be released in 1.2. Jenkins / JENKINS-56217 allow to hide version number Change By: Matt Sicker Status: In Review Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7314.1567709400484%40Atlassian.JIRA.
[JIRA] (JENKINS-33596) Disable DNSMultiCast & UDPBroadcastThread by default
Title: Message Title Matt Sicker commented on JENKINS-33596 Re: Disable DNSMultiCast & UDPBroadcastThread by default I'd love to see this done purely because the tests for it are flaky on my machine. Also, this feature should be disabled by default for security hardening. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.169040.1458146484000.3423.1567191660281%40Atlassian.JIRA.
[JIRA] (JENKINS-58170) Allow credential parameters to shadow credential ids in lookup
Title: Message Title Matt Sicker commented on JENKINS-58170 Re: Allow credential parameters to shadow credential ids in lookup Thanks. I opened JENKINS-59109 for that. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200221.1561401761000.1110.1566937500289%40Atlassian.JIRA.
[JIRA] (JENKINS-59109) Allow user scoped credentials to be used by build step
Title: Message Title Matt Sicker created an issue Jenkins / JENKINS-59109 Allow user scoped credentials to be used by build step Issue Type: New Feature Assignee: Matt Sicker Components: credentials-plugin, pipeline-build-step-plugin Created: 2019-08-27 20:23 Priority: Minor Reporter: Matt Sicker Similar to JENKINS-47699, the build step should allow for copying over credentials parameter bindings. This should include an update to the UI in the snippet generator to note the same warning about providing user credentials only to trusted builds. Add Comment
[JIRA] (JENKINS-58170) Allow credential parameters to shadow credential ids in lookup
Title: Message Title Matt Sicker commented on JENKINS-58170 Re: Allow credential parameters to shadow credential ids in lookup That is somewhat expected. In the first build, the user providing the build parameters is associated there, but when it invokes another build, that's technically being done by the Jenkins system user. When you went to replay the second pipeline, that updated the build to use your user for the parameters again rather than the system. I'd imagine if you were using authorize-project, that would have likely passed the credential as such. However, I think you have a valid use case here. If this feature were to be supported, it would have to be supported in pipeline-build-step somewhere: https://github.com/jenkinsci/pipeline-build-step-plugin/tree/master/src/main/java/org/jenkinsci/plugins/workflow/support/steps/build Similarly, this feature is being supported in pipeline-input-step, so it's not that out there to do it in pipeline-build-step as well. Devin Nusbaum, what do you think? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200221.1561401761000.1084.1566935941194%40Atlassian.JIRA.
[JIRA] (JENKINS-38963) User-scoped credentials cannot be looked up in pipeline
Title: Message Title Matt Sicker resolved as Fixed This was implemented in JENKINS-58170, though it requires the use of credentials build parameters. Alternatively, you can use authorize-project to automate the user who is bound to the build to access their credentials. Jenkins / JENKINS-38963 User-scoped credentials cannot be looked up in pipeline Change By: Matt Sicker Status: Open Resolved Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.175380.1476360951000.142.1566847921920%40Atlassian.JIRA.
[JIRA] (JENKINS-44773) User Scoped credentials are not used by the "git" pipeline step
Title: Message Title Matt Sicker resolved as Won't Fix There is now a new way to access user-scoped credentials detailed in JENKINS-58170 which uses credentials build parameters. These allow user-scoped credentials to be referenced in any context where you'd normally use the credentials id. Jenkins / JENKINS-44773 User Scoped credentials are not used by the "git" pipeline step Change By: Matt Sicker Status: Open Resolved Resolution: Won't Fix Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.182828.1496921048000.130.1566847861057%40Atlassian.JIRA.
[JIRA] (JENKINS-44774) User Scoped credentials don't appear in credentials drop down lists
Title: Message Title Matt Sicker updated JENKINS-44774 Jenkins / JENKINS-44774 User Scoped credentials don't appear in credentials drop down lists Change By: Matt Sicker Status: In Review Fixed but Unreleased Resolution: Won't Fix Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.182829.1496921337000.116.1566847743765%40Atlassian.JIRA.
[JIRA] (JENKINS-44774) User Scoped credentials don't appear in credentials drop down lists
Title: Message Title Matt Sicker updated JENKINS-44774 Jenkins / JENKINS-44774 User Scoped credentials don't appear in credentials drop down lists Change By: Matt Sicker Status: Fixed but Unreleased Resolved Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.182829.1496921337000.118.1566847743787%40Atlassian.JIRA.
[JIRA] (JENKINS-44774) User Scoped credentials don't appear in credentials drop down lists
Title: Message Title Matt Sicker resolved as Won't Fix This feature is implemented by JENKINS-58170 using a slightly different approach to that described in this ticket. The linked approach works using credentials build parameters which allows for using user-scoped credentials. Jenkins / JENKINS-44774 User Scoped credentials don't appear in credentials drop down lists Change By: Matt Sicker Status: Open Resolved Resolution: Won't Fix Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.182829.1496921337000.92.1566847743484%40Atlassian.JIRA.
[JIRA] (JENKINS-44774) User Scoped credentials don't appear in credentials drop down lists
Title: Message Title Matt Sicker updated JENKINS-44774 Jenkins / JENKINS-44774 User Scoped credentials don't appear in credentials drop down lists Change By: Matt Sicker Resolution: Won't Fix Status: Resolved In Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.182829.1496921337000.104.1566847743631%40Atlassian.JIRA.
[JIRA] (JENKINS-47864) Allow to select User Scope Credentials
Title: Message Title Matt Sicker resolved as Won't Fix You can now specify a credentials parameter to a build which can be used as the credentials id for using user-scoped credentials. See JENKINS-58170. Jenkins / JENKINS-47864 Allow to select User Scope Credentials Change By: Matt Sicker Status: Open Resolved Resolution: Won't Fix Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.186376.1510067866000.79.1566847620409%40Atlassian.JIRA.
[JIRA] (JENKINS-47864) Allow to select User Scope Credentials
Title: Message Title Matt Sicker commented on JENKINS-47864 Re: Allow to select User Scope Credentials This should be addressed via JENKINS-58170. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.186376.1510067866000.75.1566847560845%40Atlassian.JIRA.
[JIRA] (JENKINS-44774) User Scoped credentials don't appear in credentials drop down lists
Title: Message Title Matt Sicker commented on JENKINS-44774 Re: User Scoped credentials don't appear in credentials drop down lists This can be implemented via JENKINS-58170. It's already supported by build parameters, and we'll have full support for the same as an input step as well once that's released in JENKINS-47699. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.182829.1496921337000.72.1566847560795%40Atlassian.JIRA.
[JIRA] (JENKINS-44773) User Scoped credentials are not used by the "git" pipeline step
Title: Message Title Matt Sicker commented on JENKINS-44773 Re: User Scoped credentials are not used by the "git" pipeline step This feature can be replaced by JENKINS-58170 which provides a more standardized approach to granting user-scoped credentials to builds. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.182828.1496921048000.50.1566847440380%40Atlassian.JIRA.
[JIRA] (JENKINS-38963) User-scoped credentials cannot be looked up in pipeline
Title: Message Title Matt Sicker commented on JENKINS-38963 Re: User-scoped credentials cannot be looked up in pipeline This feature is improved in JENKINS-58170 and will also be supported by an upcoming release of pipeline-input-step to support user-scoped credentials prompted via an input step. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.175380.1476360951000.21.1566847380725%40Atlassian.JIRA.
[JIRA] (JENKINS-58170) Allow credential parameters to shadow credential ids in lookup
Title: Message Title Matt Sicker updated JENKINS-58170 Credentials 2.3.0 is now released. Jenkins / JENKINS-58170 Allow credential parameters to shadow credential ids in lookup Change By: Matt Sicker Status: Fixed but Unreleased Resolved Released As: credentials-2.3.0 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200221.1561401761000.19.1566847200480%40Atlassian.JIRA.
[JIRA] (JENKINS-58170) Allow credential parameters to shadow credential ids in lookup
Title: Message Title Matt Sicker updated JENKINS-58170 Merged to master. Will be released in 2.3.0. Jenkins / JENKINS-58170 Allow credential parameters to shadow credential ids in lookup Change By: Matt Sicker Status: In Review Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200221.1561401761000.15.1566846720502%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number New PR: https://github.com/jenkinsci/extended-security-settings-plugin/pull/9 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.10110.1566838380584%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker updated JENKINS-56217 Jenkins / JENKINS-56217 allow to hide version number Change By: Matt Sicker Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.10108.1566838380561%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number After discussion with some colleagues, we've decided that adding a servlet filter to ESS would work well enough to implement this feature as requested even though it can't remove the version number from other places. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.10098.1566838200166%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker started work on JENKINS-56217 Change By: Matt Sicker Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.10090.1566838140552%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker updated an issue Jenkins / JENKINS-56217 allow to hide version number Change By: Matt Sicker Component/s: core Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.10092.1566838140579%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number We've discovered several more areas where the Jenkins version is present that would be non-trivial to remove. For example, jenkins-cli.jar is available through an unprotected URL, and inside that jar contains both the MANIFEST.MF and pom.xml that contain the Jenkins version. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.8005.1566485580278%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker stopped work on JENKINS-56217 Change By: Matt Sicker Status: In Progress Open Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7995.1566485520497%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker updated an issue Jenkins / JENKINS-56217 allow to hide version number Change By: Matt Sicker Component/s: extended-security-settings-plugin Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7288.1566414120260%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker assigned an issue to Matt Sicker Jenkins / JENKINS-56217 allow to hide version number Change By: Matt Sicker Assignee: Matt Sicker Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7269.1566414061002%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker started work on JENKINS-56217 Change By: Matt Sicker Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7275.1566414061102%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number New approach: https://github.com/jenkinsci/jenkins/pull/4164 I'll have a follow up PR for extended-security-settings-plugin which implements the actual permission check to complete this feature. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.7281.1566414061214%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Draft: https://github.com/jenkinsci/jenkins/pull/4161 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.5583.1566238680227%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Update: only test failures I found were from UDPBroadcastThreadTest which is a known flaky test on my machine currently. I'll open a draft PR in order to run some more tests. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.5575.1566238380180%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number New approach I'm testing out: refactor Jenkins.VERSION into a static getter and setter named Jenkins.getJenkinsVersion() and Jenkins.setJenkinsVersion() respectively. The former implements a check to ensure that there is a Jenkins instance as well as checking for Overall/Read permissions on the principal; when this check fails, null is returned for the version. I also added an @AdaptField for backward compatibility, though all the direct references to this field in Jenkins were refactored to use the getter. I'm running through the unit tests now, though some manual exploration showed that this approach seems to work. There are likely some tests that need to be updated that make assumptions about the presence of the X-Jenkins header or the Jenkins version being in the response body somewhere. As of writing, the tests are still running, though I should have a better idea about any test failures soon. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.5571.1566238200566%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Using some fairly wide-reaching changes, the following test failures will need to be investigated: hudson.PluginTest.doDynamic hudson.cli.CLITest.interrupt hudson.cli.CLITest.strictHostKey hudson.model.AbstractProjectTest.configDotXmlSubmissionToDifferentType hudson.model.UsageStatisticsTest.roundtrip jenkins.I18nTest.test_baseName_plugin There were also some test errors in UDPBroadcastThreadTest, but that randomly happens to me anyways. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3743.1565908380238%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Still running tests, but as long as nothing relies on programmatic access to the version number without authentication, this shouldn't be an incompatible change. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3736.1565902560234%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number That's good news! Now for more things I've found: Jenkins.getApi() has no permission check. Several other getApi() methods likely also don't do this. I think that Api.setHeaders() can also do a permission check before adding that as a header. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3731.1565900520187%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number I'm running some experiments on this to see what (if anything) breaks by removing the version number when lacking the Overall/Read permission in those files. I do not know what the version number is used for in each of these, so they may require some additional changes to avoid unauthorized leaking of the version number. Both TcpSlaveAgentListener and UDPBroadcastThread seem like they need to provide the Jenkins version, though perhaps that's not necessary anymore with remoting? Jeff Thompson Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3713.1565898060495%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker edited a comment on JENKINS-56217 Re: allow to hide version number I don't see how that's going to help finding method calls in Jelly. I could look into that for checking what references Jenkins.VERSION to see if I missed anything, though.If we go the route of requiring Overall/Read to view a version number, then this will decrease the surface area of what needs to be updated somewhat significantly.* HudsonAuthenticationEntryPoint* TcpSlaveAgentListener* UDPBroadcastThread* IncompatibleVMDetected* l:layout and l:html* Other plugins TBD Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3704.1565897520172%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number I'm not finding any direct references to AbstractBuild.getHudsonVersion() other than in various plugins. Some of those plugins use it to display, though permissions involved are unknown. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3697.1565897160435%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number I don't see how that's going to help finding method calls in Jelly. I could look into that for checking what references Jenkins.VERSION to see if I missed anything, though. If we go the route of requiring Overall/Read to view a version number, then this will decrease the surface area of what needs to be updated somewhat significantly. HudsonAuthenticationEntryPoint TcpSlaveAgentListener UDPBroadcastThread IncompatibleVMDetected l:layout and l:html Other plugins TBD Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3689.1565896920288%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number A complete list of files that refer to Jenkins.VERSION along with the number of occurrences: metrics-plugin/src/main/java/jenkins/metrics/impl/JenkinsVersionsProviderImpl.java:1 artifactory-plugin/src/main/java/org/jfrog/hudson/util/ExtractorUtils.java:1 artifactory-plugin/src/main/java/org/jfrog/hudson/AbstractBuildInfoDeployer.java:1 anchore-container-scanner-plugin/src/main/java/com/anchore/jenkins/plugins/anchore/BuildWorker.java:1 qtest-plugin/src/main/java/com/qasymphony/ci/plugin/action/PushingResultAction.java:1 qtest-plugin/src/main/java/com/qasymphony/ci/plugin/action/SubmitJUnitStep.java:1 maven-plugin/src/main/java/hudson/maven/reporters/BuildInfoRecorder.java:2 custom-build-properties-plugin/src/main/java/org/jenkinsci/plugins/custombuildproperties/CustomBuildPropertiesAction.java:1 blueocean-plugin/blueocean-config/src/main/java/io/jenkins/blueocean/config/BlueOceanConfigStatePreloader.java:1 blueocean-plugin/blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java:1 support-core-plugin/src/main/java/com/cloudbees/jenkins/support/impl/AboutJenkins.java:2 support-core-plugin/src/main/java/com/cloudbees/jenkins/support/filter/ContentMappings.java:3 swamp-plugin/src/main/java/org/continuousassurance/swamp/jenkins/SwampPostBuild.java:1 compuware-topaz-for-total-test-plugin/src/main/java/com/compuware/jenkins/totaltest/TotalTestCTRunner.java:1 compuware-topaz-for-total-test-plugin/src/main/java/com/compuware/jenkins/totaltest/TotalTestRunner.java:1 bearychat-plugin/src/main/java/jenkins/plugins/bearychat/StandardBearyChatService.java:1 browserstack-integration-plugin/src/main/java/com/browserstack/automate/ci/common/analytics/Analytics.java:1 jenkins/core/src/main/java/hudson/Functions.java:2 jenkins/core/src/main/java/hudson/PluginManager.java:2 jenkins/core/src/main/java/hudson/cli/VersionCommand.java:1 jenkins/core/src/main/java/hudson/Plugin.java:1 jenkins/core/src/main/java/hudson/UDPBroadcastThread.java:1 jenkins/core/src/main/java/hudson/TcpSlaveAgentListener.java:1 jenkins/core/src/main/java/hudson/model/UsageStatistics.java:1 jenkins/core/src/main/java/hudson/model/DownloadService.java:2 jenkins/core/src/main/java/hudson/model/UpdateSite.java:3 jenkins/core/src/main/java/hudson/model/Api.java:1 jenkins/core/src/main/java/hudson/model/AbstractBuild.java:1 jenkins/core/src/main/java/jenkins/install/InstallUtil.java:6 jenkins/core/src/main/java/jenkins/model/AssetManager.java:1 practitest-integration-plugin/src/main/java/org/jenkinsci/plugins/practitest/PractitestApi.java:1 hpe-application-automation-tools-plugin/src/main/java/com/microfocus/application/automation/tools/octane/CIJenkinsServicesImpl.java:1 oracle-cloud-infrastructure-compute-plugin/src/main/java/com/oracle/cloud/baremetal/jenkins/client/SDKBaremetalCloudClient.java:1 sauce-ondemand-plugin/src/main/java/hudson/plugins/sauce_ondemand/SauceOnDemandProjectAction.java:1 sauce-ondemand-plugin/src/main/java/hudson/plugins/sauce_ondemand/JenkinsSauceREST.java:1 sauce-ondemand-plugin/src/main/java/hudson/plugins/sauce_ondemand/SauceOnDemandBuildWrapper.java:1 sauce-ondemand-plugin/src/main/java/hudson/plugins/sauce_ondemand/credentials/SauceCredentials.java:1 sysdig-secure-plugin/src/main/java/com/sysdig/jenkins/plugins/sysdig/BuildWorker.java:1
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Some plugins use Functions.advertiseHeaders(): warnings-ng-plugin: issues/layout.jelly kerberos-sso-plugin, negotiatesso-plugin: servlet filters add the header. I don't see any other calls to advertiseHeaders() in any jenkinsci repo. Search was done with up to date copies of all repos as of a few minutes ago. Now that I have an updated set of working copies, I'll perform additional searches for use of Jenkins.VERSION. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3008.1565816640168%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Some initial searches for Jenkins.VERSION in jenkinsci has found some interesting places: blueocean-plugin seems to include it in its REST API Numerous other plugins access this value, though I'm not sure if it exposes it as a header or in the response in general. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.3002.1565814720161%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Ok, time for some fun. I've done some digging in Jenkins and found several places where the version number is exposed in situations with no permission checks. HudsonAuthenticationEntryPoint exposes the version in a header. This class is used for handling permission errors to redirect the user to login in the first place, so clearly there are no permission checks involved. TcpSlaveAgentListener exposes that header when you send a "GET /" request to it. UDPBroadcastThread exposes the version number as an XML tag in the metadata included in the multicast packet sent for autodiscovery. I'm not sure how important the version number is to include here, though it might be required. VersionCommand only requires Overall/Read to execute. Api instances include setting the version header, though typically, these objects are already guarded by other permission checks. However, if even a single API endpoint is unsecured, this would leak the version number. AbstractBuild tracks the version of Jenkins that build was executed in. DownloadService adds a script to the footer of any page that includes the version number in the body of an Ajax request as long as the user has Overall/Read permissions. IncompatibleVMDetected shows information about the running JVM as well, but no Jenkins version other than the footer that's not specific to this error page. l:layout and l:html both include the version number as a header, and l:layout includes the version number in the footer itself. Jenkins/login.jelly exposes the version in headers. Add Comment
[JIRA] (JENKINS-23349) Item names containing an emoji are not accessible
Title: Message Title Matt Sicker commented on JENKINS-23349 Re: Item names containing an emoji are not accessible I was about to say that it was a newer emoji, but it appears as though it's not new at all. Strange. I know that we use XML 1.1 instead of 1.0 in order to allow for better Unicode support, though that's likely irrelevant here unless you're trying to use an emoji in an XML tag name. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.155495.1402054331000.2990.1565812860293%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Too many things directly access the static field, nevermind. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.2986.1565810580139%40Atlassian.JIRA.
[JIRA] (JENKINS-56217) allow to hide version number
Title: Message Title Matt Sicker commented on JENKINS-56217 Re: allow to hide version number Could we add that permission check in Jenkins.getVersion() and return null when unauthorized? I'm going to try that out and see what breaks. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.19.1550676909000.2982.1565810460176%40Atlassian.JIRA.
[JIRA] (JENKINS-23349) Item names containing an emoji are not accessible
Title: Message Title Matt Sicker commented on JENKINS-23349 Re: Item names containing an emoji are not accessible Updates to Unicode support in Java likely fixed this bug since Jenkins has required Java 8 for a while now. The initial ticket is using Java 7. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.155495.1402054331000.2131.1565724720224%40Atlassian.JIRA.
[JIRA] (JENKINS-58595) rssAll feed doesn't have published field after 2.176.2 upgrade
Title: Message Title Matt Sicker commented on JENKINS-58595 Re: rssAll feed doesn't have published field after 2.176.2 upgrade Added PR to fix this for both RSS and Atom. There were no other views that removed the h variable in SECURITY-534. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200752.1563783758000.11404.1565365020143%40Atlassian.JIRA.
[JIRA] (JENKINS-58595) rssAll feed doesn't have published field after 2.176.2 upgrade
Title: Message Title Matt Sicker updated JENKINS-58595 Jenkins / JENKINS-58595 rssAll feed doesn't have published field after 2.176.2 upgrade Change By: Matt Sicker Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200752.1563783758000.11400.1565364960806%40Atlassian.JIRA.
[JIRA] (JENKINS-58595) rssAll feed doesn't have published field after 2.176.2 upgrade
Title: Message Title Matt Sicker started work on JENKINS-58595 Change By: Matt Sicker Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200752.1563783758000.11394.1565364180825%40Atlassian.JIRA.
[JIRA] (JENKINS-58595) rssAll feed doesn't have published field after 2.176.2 upgrade
Title: Message Title Matt Sicker assigned an issue to Matt Sicker Jenkins / JENKINS-58595 rssAll feed doesn't have published field after 2.176.2 upgrade Change By: Matt Sicker Assignee: Matt Sicker Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200752.1563783758000.11392.1565364180796%40Atlassian.JIRA.
[JIRA] (JENKINS-49235) Fingerprinting added in ssh-slaves causes memory-leak and performance issue with dynamic slaves
Title: Message Title Matt Sicker updated JENKINS-49235 Released in credentials-2.2.1. Jenkins / JENKINS-49235 Fingerprinting added in ssh-slaves causes memory-leak and performance issue with dynamic slaves Change By: Matt Sicker Status: Fixed but Unreleased Resolved Released As: credentials-2.2.1 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.188081.1517243908000.5931.1564691760932%40Atlassian.JIRA.
[JIRA] (JENKINS-56607) Broken Jelly permission check creates MANAGE_DOMAINS user
Title: Message Title Matt Sicker updated JENKINS-56607 Released in credentials-2.2.1. Jenkins / JENKINS-56607 Broken Jelly permission check creates MANAGE_DOMAINS user Change By: Matt Sicker Status: Fixed but Unreleased Resolved Released As: credentials-2.2.1 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.198230.1552949216000.5941.1564691761131%40Atlassian.JIRA.
[JIRA] (JENKINS-49235) Fingerprinting added in ssh-slaves causes memory-leak and performance issue with dynamic slaves
Title: Message Title Matt Sicker updated JENKINS-49235 Merged to master. Jenkins / JENKINS-49235 Fingerprinting added in ssh-slaves causes memory-leak and performance issue with dynamic slaves Change By: Matt Sicker Status: In Review Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.188081.1517243908000.5733.1564686480829%40Atlassian.JIRA.
[JIRA] (JENKINS-58170) Allow credential parameters to shadow credential ids in lookup
Title: Message Title Matt Sicker commented on JENKINS-58170 Re: Allow credential parameters to shadow credential ids in lookup Linking related issues that can be implemented through this feature. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200221.1561401761000.5707.1564686180105%40Atlassian.JIRA.
[JIRA] (JENKINS-56607) Broken Jelly permission check creates MANAGE_DOMAINS user
Title: Message Title Matt Sicker updated JENKINS-56607 Merged to master. Jenkins / JENKINS-56607 Broken Jelly permission check creates MANAGE_DOMAINS user Change By: Matt Sicker Status: In Review Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.198230.1552949216000.5706.1564685640235%40Atlassian.JIRA.
[JIRA] (JENKINS-58743) Remove need to store master key in filesystem
Title: Message Title Matt Sicker created an issue Jenkins / JENKINS-58743 Remove need to store master key in filesystem Issue Type: Improvement Assignee: Unassigned Components: core Created: 2019-07-31 20:04 Priority: Minor Reporter: Matt Sicker The existing implementation of ConfidentialStore in Jenkins relies on a secret key that is stored inside JENKINS_HOME/secrets/master.key which is used for encrypting the keys used to encrypt various other secrets. This key file is really only required during startup as the key is loaded into memory and used for unlocking the confidential store which allows for encrypting and decrypting data elsewhere in Jenkins. Add Comment
[JIRA] (JENKINS-58734) DefaultCrumbIssuer should use more secure hashing algorithm
Title: Message Title Matt Sicker updated JENKINS-58734 Jenkins / JENKINS-58734 DefaultCrumbIssuer should use more secure hashing algorithm Change By: Matt Sicker Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201034.1564513818000.4377.1564519320106%40Atlassian.JIRA.
[JIRA] (JENKINS-58734) DefaultCrumbIssuer should use more secure hashing algorithm
Title: Message Title Matt Sicker commented on JENKINS-58734 Re: DefaultCrumbIssuer should use more secure hashing algorithm See https://github.com/jenkinsci/jenkins/pull/4134 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201034.1564513818000.4378.1564519320154%40Atlassian.JIRA.
[JIRA] (JENKINS-58734) DefaultCrumbIssuer should use more secure hashing algorithm
Title: Message Title Matt Sicker created an issue Jenkins / JENKINS-58734 DefaultCrumbIssuer should use more secure hashing algorithm Issue Type: Improvement Assignee: Matt Sicker Components: core Created: 2019-07-30 19:10 Priority: Minor Reporter: Matt Sicker The default crumb issuer for Jenkins uses an MD5 hash of some state data to create a crumb for users. This may be hypothetically vulnerable to brute forcing of MD5 hashes to form a valid crumb if the crumb's state is predictable to some level of detail (unsure on the specifics, hence why it's just hypothetical). This is most predictable when the administrator excludes remote IP address and session ID information from being used to seed the crumb, so it's a somewhat contrived scenario potentially. This can be hardened by simply updating the message digest algorithm chosen. Since all JDKs must support SHA-256 as well, this seems like a reasonable update. Add Comment
[JIRA] (JENKINS-58734) DefaultCrumbIssuer should use more secure hashing algorithm
Title: Message Title Matt Sicker started work on JENKINS-58734 Change By: Matt Sicker Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201034.1564513818000.4351.1564513860174%40Atlassian.JIRA.
[JIRA] (JENKINS-58729) Extended security settings plugin cannot be configured
Title: Message Title Matt Sicker updated JENKINS-58729 Fixed and released in extended-security-settings 1.1. Jenkins / JENKINS-58729 Extended security settings plugin cannot be configured Change By: Matt Sicker Status: Fixed but Unreleased Resolved Released As: extended-security-settings-1.1 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201024.1564489867000.4314.1564512000128%40Atlassian.JIRA.
[JIRA] (JENKINS-58729) Extended security settings plugin cannot be configured
Title: Message Title Matt Sicker updated JENKINS-58729 Jenkins / JENKINS-58729 Extended security settings plugin cannot be configured Change By: Matt Sicker Status: In Review Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201024.1564489867000.4312.1564511700245%40Atlassian.JIRA.
[JIRA] (JENKINS-58729) Extended security settings plugin cannot be configured
Title: Message Title Matt Sicker updated JENKINS-58729 Jenkins / JENKINS-58729 Extended security settings plugin cannot be configured Change By: Matt Sicker Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201024.1564489867000.4103.1564501440258%40Atlassian.JIRA.
[JIRA] (JENKINS-58729) Extended security settings plugin cannot be configured
Title: Message Title Matt Sicker started work on JENKINS-58729 Change By: Matt Sicker Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201024.1564489867000.4101.1564501440224%40Atlassian.JIRA.
[JIRA] (JENKINS-58548) scriptText URL returns extra newlines
Title: Message Title Matt Sicker commented on JENKINS-58548 Re: scriptText URL returns extra newlines https://github.com/jenkinsci/jenkins/pull/4133 Figured out the problem. Jelly will trim things by default, but a JEXL _expression_ in l:view was introducing untrimmed whitespace for some reason. Refactoring the JEXL _expression_ into vanilla Jelly tags fixed the whitespace issue. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200698.156345283.3500.1564426860125%40Atlassian.JIRA.
[JIRA] (JENKINS-58548) scriptText URL returns extra newlines
Title: Message Title Matt Sicker updated JENKINS-58548 Jenkins / JENKINS-58548 scriptText URL returns extra newlines Change By: Matt Sicker Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200698.156345283.3498.1564426800349%40Atlassian.JIRA.
[JIRA] (JENKINS-58548) scriptText URL returns extra newlines
Title: Message Title Matt Sicker assigned an issue to Matt Sicker Jenkins / JENKINS-58548 scriptText URL returns extra newlines Change By: Matt Sicker Assignee: Matt Sicker Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200698.156345283.3428.1564424160498%40Atlassian.JIRA.
[JIRA] (JENKINS-58548) scriptText URL returns extra newlines
Title: Message Title Matt Sicker started work on JENKINS-58548 Change By: Matt Sicker Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200698.156345283.3430.1564424160598%40Atlassian.JIRA.
[JIRA] (JENKINS-58540) Console output of pipeline extra stars
Title: Message Title Matt Sicker commented on JENKINS-58540 Re: Console output of pipeline extra stars That looks like it's replacing empty spaces by asterisks, so yeah, it does appear that way. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200689.1563433318000.16702.1563548700117%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-58548) scriptText URL returns extra newlines
Title: Message Title Matt Sicker commented on JENKINS-58548 Re: scriptText URL returns extra newlines Yeah, that could be. Perhaps we can revert the jelly file and just annotate the base model class? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200698.156345283.16699.1563548640164%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50181) ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile
Title: Message Title Matt Sicker updated JENKINS-50181 Released in 1.17.1. Jenkins / JENKINS-50181 ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile Change By: Matt Sicker Status: Fixed but Unreleased Resolved Released As: ssh-credentials-1.17.1 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.189200.1521076967000.7547.1562783460743%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50181) ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile
Title: Message Title Matt Sicker updated JENKINS-50181 Fixed in PR https://github.com/jenkinsci/ssh-credentials-plugin/pull/33 which was just merged. Jenkins / JENKINS-50181 ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile Change By: Matt Sicker Status: Open Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.189200.1521076967000.7463.1562777880847%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-55203) Jenkins EC2 plugin prints private key contents in Jenkins log
Title: Message Title Matt Sicker commented on JENKINS-55203 Re: Jenkins EC2 plugin prints private key contents in Jenkins log I backported the public security fix to create 1.42.1 and 1.41.1 due to some configuration changes in 1.43 that make it forward incompatible. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.196273.1544798485000.1418.1562182500093%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-55203) Jenkins EC2 plugin prints private key contents in Jenkins log
Title: Message Title Matt Sicker updated an issue Jenkins / JENKINS-55203 Jenkins EC2 plugin prints private key contents in Jenkins log Change By: Matt Sicker Released As: Amazon EC2 plug ec2 - in v1 1 .44 , 1.42.1, 1.41.1 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.196273.1544798485000.1416.1562182440245%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker commented on JENKINS-56243 Re: Jenkins GUI is slow -removing cookie fixes it (temporarily) Incremental release available: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/cli/2.184-rc28433.92d6063c40c3/ Still waiting for reviews before someone can merge it for the next weekly. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.219.1562097481015%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker updated JENKINS-56243 Jenkins / JENKINS-56243 Jenkins GUI is slow -removing cookie fixes it (temporarily) Change By: Matt Sicker Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.127.1562083204977%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker updated JENKINS-56243 Jenkins / JENKINS-56243 Jenkins GUI is slow -removing cookie fixes it (temporarily) Change By: Matt Sicker Status: In Review Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.14524.1562078767234%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker commented on JENKINS-56243 Re: Jenkins GUI is slow -removing cookie fixes it (temporarily) Need to add another test, but this looks to be about fixed. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.14604.1562078774312%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker updated JENKINS-56243 Jenkins / JENKINS-56243 Jenkins GUI is slow -removing cookie fixes it (temporarily) Change By: Matt Sicker Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.13799.1562016604571%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker commented on JENKINS-56243 Re: Jenkins GUI is slow -removing cookie fixes it (temporarily) Added link to PR. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.13801.1562016604627%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker assigned an issue to Matt Sicker Jenkins / JENKINS-56243 Jenkins GUI is slow -removing cookie fixes it (temporarily) Change By: Matt Sicker Assignee: Matt Sicker Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.13409.1562006045021%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker commented on JENKINS-56243 Re: Jenkins GUI is slow -removing cookie fixes it (temporarily) I chatted with Wadeck Follonier earlier today, and we've found that the most likely culprit is that TokenBasedRememberMeServices2 does not cache the user seed property in their session. I'll submit a PR later to address this. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.13370.1562006044301%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker started work on JENKINS-56243 Change By: Matt Sicker Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.13411.1562006045041%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker commented on JENKINS-56243 Re: Jenkins GUI is slow -removing cookie fixes it (temporarily) I discovered that the remember me service bypasses the user details cache entirely. I've made a draft PR with this fixed: https://github.com/jenkinsci/jenkins/pull/4093 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.11835.1561742281057%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56243) Jenkins GUI is slow -removing cookie fixes it (temporarily)
Title: Message Title Matt Sicker commented on JENKINS-56243 Re: Jenkins GUI is slow -removing cookie fixes it (temporarily) So far from my testing, I'm not finding any slow code in seed renewal. Some basic JMH tests in this branch: https://github.com/jenkinsci/jenkins/compare/master...jvz:user-seed-perf-JENKINS-56243?expand=1 Right now, my hypothesis is that if a SecurityRealm is having any performance issues, multiple requests to load the same user's details could be piling up due to the remember me cookie validation check. The same happens in the session cookie itself. Basically, the reason why it was performing better before was because it wasn't validating authentication properly in the first place. I'm working on some basic load tests to compare 2.150.1 and 2.150.2 to see if I can reproduce this idea. Based on the comments so far, it sounds like this should even be potentially reproducible using just the built-in user database. The JMH tests above only use an in-memory user database, so introducing lag in the calls to loadUserDetails() could be an interesting way to potentially test this as well. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.197810.1550821517000.11759.1561740120930%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-58213) Jenkins Slave Can't reach Gitlab, but Server can
Title: Message Title Matt Sicker commented on JENKINS-58213 Re: Jenkins Slave Can't reach Gitlab, but Server can What type of SSH key are you using? And did this behavior start in a specific version of the plugin? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.200273.1561559419000.10071.1561579560205%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.