abd047b558
Changelog: What's new in 1.565.3 (2014/10/01) Plugin code can be downloaded by anyone with Overall/Read (SECURITY-155) Stored passwords can be read out from build with parameters page (SECURITY-138) Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2 as included with Jenkins (SECURITY-149) Unauthenticated users can make Jenkins behind Apache unresponsive (SECURITY-87) Users with limited Job/Configure can replace other jobs they have no access to (if they know the name) (SECURITY-128) CLI calls are causing file descriptor leaks. (issue 23248) Users with limited Job/Configure can change the kind of job via CLI, getting access to denied job types (SECURITY-127) Test result trend breaks lazy-loading (issue 23945) Unable to kill a job which is running (issue 17667) XSS weakness in load-statistics (SECURITY-143) Job is removed from ListView after rename (issue 23893) set-build-result and set-build-parameter do insufficient checks (issue 24080) Missing no-sniff header (SECURITY-122) Directory traversal (SECURITY-131) "incompatible InnerClasses attribute" error in IBM J9 VM (issue 22525) Arbitrary file system write via DiskFileItem deserialization (SECURITY-159) Missing SecureFlag cookie (SECURITY-120) Prevent (private security realm) usernames from being guessed (SECURITY-79 redux!) (SECURITY-110) Deadlock in OldDataMonitor (issue 24358) RemoteInvocationHandler.RPCRequest allows invoking any method on an exported object event those not exposed by the exported interface (SECURITY-150) What's new in 1.565.2 (2014/09/03) Jenkins needs to check whether the war's directory is writeable before offering to upgrade (issue 23683) AbstractLazyLoadRunMap.iterator() calls .all() (issue 18065) Jenkins no longer kills running processes after job fails (issue 22641) HTTP error 405 when trying to restart ssh host (issue 23094) Run.delete (from LogRotator) failing with "...looks to have already been deleted" (issue 22395) file name encoding broken in zip archives (issue 20663) Kill win32 processes from win64 JVMs (issue 23410) What's new in 1.565.1 (2014/07/30) Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822) “Form too large” errors submitting view configurations with many jobs (issue 20327) NPE on plugin install (issue 20031) Link to the console output missing in popup when log >200Kb (issue 14264) Parameters: NPE in canTake() procedures may kill all executors (issue 15094) NPE from AbstractBuild$AbstractBuildExecution.run (issue 23277) broken ProjectNamingStrategy Extension (issue 23127) Move DecoratedLauncher from the custom-tools plugin to the Jenkins Core (issue 19454) hudson.Launcher:ProcStarter::envs() may throw NPE (issue 20559) Resource leak in hudson.model.FileParameterValue (issue 22693) ReverseBuildTrigger.threshold not consistently saved (issue 23191) AccessRestriction on SecurityListener methods (issue 23417) After deleting folder, get 404 (issue 23375) email-ext plugin doesn't handle tokens when slave has gone offline: IAE from AbstractProject.getEnvironment (issue 23517) Jenkins cannot restart Windows service (issue 22685) Rules for showing/hiding SCMTrigger.pollingThreadCount option are broken (issue 22934) What's new in 1.554.3 (2014/06/30) Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822) Non-recursive ListViews unnecessarily call owner.getAllItems in getItems (issue 22720) SSH slave connections die after the slave outputs 4MB of stderr, usually during findbugs analysis (issue 22938) Jenkins cannot restart Windows service (issue 22685) What's new in 1.554.2 (2014/05/30) Don't ask for confirmation when it doesn't make any sense (issue 21720) On a configure screen that has multiple groups of radio buttons, clicking the apply button clears all but the last radio group selection (issue 22570) Optimize creation of relative links to jobs (issue 18364) Jenkins asks for confirmation before leaving edited 'View Configuration' page (issue 20597) OutOfOrderBuildMonitor fails to correct builds with duplicate number (issue 22631) Computer does not exist returns NPE (issue 21999) Last build of project reloaded when project asked for later build (issue 22681) After clicking 'Apply' at least once, 'Save' opens a new window (issue 20245) hetero-radio should work with multiple instances of the same ui (issue 22583) Cannot submit configuration after removing groovy step (issue 22582) No autocompletion and NullPointerException when using 'Copy Existing Job' (issue 22142) What's new in 1.554.1 (2014/04/30) NPE if trying to install a plugin from the update center and either the update source or the plugin contains a '.' in its name (issue 22080) Download update center from master by default (issue 19081) OutOfMemory due to unbounded storage in OldDataMonitor (issue 19544) Very slow resource loading from UberClassLoader (issue 21579) Jetty exploding war to /tmp is a bad idea (issue 22442) Performance issue with search box (issue 21969) ArrayIndexOutOfBoundsException during Jenkins.doConfigSubmit; need XStream 1.4.6 (issue 18537) NullPointerException when trying to mark slave temporarily offline (issue 21875) Build queue is not filtered after progress updated (issue 20500) copy-job permission checks wrong (issue 22262) What's new in 1.532.3 (2014/04/11) Replace description in error dialog instead of appending (issue 21457) NPE from xstream.core.JVM.isOpenJDK (issue 21183) WorkspaceCleanupThread does not handle folders (issue 21023) Copy Artifact's fingerprinting creates second hudson.tasks.Fingerprinter_-FingerprintAction section with just the artifacts copied (issue 17606) /login offers link to /opensearch.xml which anonymous users cannot retrieve (issue 21254) Miscellaneous exceptions in config.xml can prevent entire job from loading (issue 21024) Jobs named "." can be created, but not built, configured, accessed, ... (issue 21639) DirectoryBrowserSupport.buildChildPaths does quadratic number of calls to check whether entries are directories (issue 21780) ZIP file download generates corrupt zip file (issue 20345) Update credentials plugin to 1.9.4 (issue 21820) Apply button does not work in IE Compat View (issue 19826) Deadlock while parallel deletion/rename of jobs (issue 19446) What's new in 1.532.2 (2014/02/14) CannotResolveClassException breaks loading of entire containing folder, not just one job (issue 20951) Default markup formatter permits offsite-bound forms (SECURITY-88) Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629) ApiTokenFilter does not check that the user actually exists (SECURITY-89) HTTP two-way remoting does not work (jenkins-cli.jar without JNLP) (issue 20128) Slave launcher fails after NoClassDefFoundError: Could not initialize class jenkins.model.Jenkins$MasterComputer (issue 19453) StreamCorruptedException (issue 8856) UI Redressing/ClickJacking (SECURITY-80) Fail to run 'groovysh' in CLI due to insufficient permission (issue 17929) Loading projects too slow because of File.isDirectory calls (issue 21078) HTML metacharacters not escaped in log messages (issue 20800) Channel's executorService's pool should have a name (issue 19004) ListView.expand throws ClassCastException: … cannot be cast to hudson.model.TopLevelItem (issue 20415) Stored XSS (SECURITY-74) Session Fixation (SECURITY-75) /heapDump offered to anyone with ADMINISTER (SECURITY-73) Username Guessing/Enumeration (SECURITY-79) RingBufferLogHandler throws ArrayIndexOutOfBoundsException after int-overflow (issue 9120) Iframe Injection (SECURITY-76) Reflected XSS in Cookie (SECURITY-77) l:breakable mishandles HTML metacharacters (issue 20928) Start JNLP slave ignores jar-cache flag (issue 20093) Stored passwords can be read out from UIs with password fields (SECURITY-93) Too many open files upon HTTP listener init or shutdown (issue 14336) Extension point for secure users of Api (issue 16936) 'Apply' error screens don't work (issue 20772) Workspaces seem to be removed prematurely on concurrent jobs (issue 10615) Job creators are able to edit or destroy the system configuration via the CLI (SECURITY-108) Disable\Delete "Remember me on this computer" check box in login screen (issue 15757) SECURITY-55 fails if downstream project not visible (SECURITY-109) Builds disappear some time after renaming job (issue 18678) Use RunAction2 from TestResultAction (issue 18410) java.lang.NoClassDefFoundError: sun/net/www/protocol/jar/JarURLConnection (issue 20163) Remote code execution via xstream deserialization in XML API (SECURITY-105) Jenkins on winstone vulnerable to session hijacking (SECURITY-106) Jenkins allows anonymous access if the Authorization Strategy can't be loaded (SECURITY-107) you cannot use the cli without giving Overall read to Anonymous (issue 8815) |
||
---|---|---|
.. | ||
DESCR | ||
distinfo | ||
Makefile | ||
MESSAGE | ||
PLIST |