Age | Commit message (Collapse) | Author | Files | Lines |
|
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
It seems that two channels need to be secured. The first is a custom tcp
port which is firewalled anyway. The other part is urls starting with
/cli. Instead of filtering this entry point in jenkins (and thus
breaking bin/abort.sh), we apply the filtering in apache. Thus a local
execute vulnerability remains, but we didn't care about those earlier.
|
|
|
|
Even if Git can fetch the repositories, people are unhappy when they see a 403.
|
|
|
|
|
|
This reverts commit b32118218c89ad429ef26fa03ed16d55069728ac.
|
|
|
|
otherwise `pbuilder clean` removes the symlink, and the following builds won't
use the tmpfs, etc..
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
we have problems properly unmounting it (or rather
cleanup…) and I'm unable to debug and fix this properly
atm. thus, to avoid false ftbfs due to out of disk space
problems, we disable it temporarily.
|
|
|
|
|
|
|
|
|
|
|
|
starting a build
|
|
each and every build - this is a followup for 049a78fc
|
|
This reverts commit 6db56cf69baf0808697148bb9cf84d18d65bfe77.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
'(/(amd64|armhf)' properly
|
|
Schnepp for this.)
|