On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
Hi Folks,
In response to news of directed attacks against public Jenkins instances[0], we are enabling some of the CSRF protections in ci.centos.org
It looks like this also caused:
https://github.com/janinko/ghprb/issues/84
However I'm a bit confused - it seems like a lot more people should be hitting this. Perhaps people just aren't turning on CSRF?
Then I also found https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c4... which: $ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900 ghprb-1.28~3^2
So it *should* be in the 1.30.4 we're running according to https://ci.centos.org/pluginManager/api/json?tree=plugins%5BshortName,versio...]
Did anyone else manage to get the ghprb hooks working?
(Aside, I was trying to work around this by using the raw `github` plugin's webhook which does work, but I couldn't quite figure out how to make a single job that builds multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the end we do need a way to retrigger as ghprb handles)