Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
review+feedback much welcome
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
r-b.o/website.git now
|
|
|
|
|
|
|
|
needs it
|
|
|
|
|
|
|
|
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
It seems that two channels need to be secured. The first is a custom tcp
port which is firewalled anyway. The other part is urls starting with
/cli. Instead of filtering this entry point in jenkins (and thus
breaking bin/abort.sh), we apply the filtering in apache. Thus a local
execute vulnerability remains, but we didn't care about those earlier.
|
|
|
|
|
|
|
|
|
|
|
|
Even if Git can fetch the repositories, people are unhappy when they see a 403.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Niels Thykier <niels@thykier.net>
|
|
|