14 Feb
2018
14 Feb
'18
8:34 p.m.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
We just took a short full restart of Jenkins in ci.centos.org to patch against Jenkins SECURITY-705[0], a path-traversal exploit that could have caused the leak of sensitive files on the Jenkins master.
If you have secrets stored with us in the Jenkins credential store, please consider contacting me directly to get these rotated. We *do not* have evidence of an active exploit at this time, but it is standard practice to rotate secrets under these circumstances.
[0]: https://jenkins.io/security/advisory/2018-02-14/
Thank you for your patience while we work this through,
- -- Brian Stinson CentOS CI Infrastructure Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJahJ1QAAoJEIMGvNKzCweMrUMQAIVSYK9OjSB67WuJhHq4a5ew
QeQ/4C+bE6vlMRhSTlViQZ1hzzfLrvgYzEFyK6vbaepO1DpSaA0/Znz9l644Yrt7
P1DiPGI2ba4r6p81uaEdlgIiIHUfmvMv48GHUrFk6872awFf8/Xr2QJ497vDerCg
SQICr+1I0WtsiLcQV5H37QUkLWw3iS71NP8H8ma11rEYYFBq9xaa14kr80299ZGD
aOQ3LZd0I+k45AGbIQMowWjoUWjCW9Rgf+kSK6PbZGMJJHLvfWFtEysUmvxPGcbx
7uBWun7hNxiZutgbSJAT7X07SpUCHJ8pmhR4QjEBqQG04E+GfK0aA58puvCNbhdZ
NH9lVIF7k6ILKUdr1qLR+In8ef3b36zy54P4ORPcLBZcsVCLeghmZP0raWugz63K
Cxg1Yl23tvENOiAcoM+f2lP1prFvFwBgeMnLVOexdX7w4q5ne9+kLPLbQ0y6P+ZZ
DidAMY1TeUyXkWyuTk9Oy2BR2UjaoDkwVDBblTYV1L4CSoNgHYiVHWU8wzIuYv6+
oDXQO8/UuJ8fZvkYMtXaZxrmYFvki39tUBKltKcBgddu9lwIZMphGqavjkx9SCZ6
E8cfEx9IF1lhPQtKm8j9fOdPHdELF2cC6InnWtjQLi0d3qZLyDDuo5fo1iBfVUNE
v1GeqCHcolY4qa34JPHC
=ALkV
-----END PGP SIGNATURE-----
2502
Age (days ago)
2502
Last active (days ago)
0 comments
1 participants
participants (1)
-
Brian Stinson