[Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT) - Full Restart 00h UTC (20h EDT)
Brian Stinson
bstinson at redhat.com
Tue Apr 19 15:03:22 UTC 2016
The first part of this maintenance has been done. We will need to
schedule a full restart for tonight (00h UTC). We'll be monitoring
running jobs throughout the day.
Cheers
--Brian
On Apr 19 08:54, Brian Stinson wrote:
> Hi Folks,
>
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org
>
> To do this we will issue a SafeRestart at 14:30 UTC Today! Running jobs
> will be given a chance to clear and new jobs should be queued up and
> will execute as soon as the restart finishes.
>
> Potential Impact:
> - If you are using the Jenkins REST interface you may need to modify
> your scripts to send the appropriate headers[1]
>
> - Jenkins Job Builder is tracking an issue to enable CSRF support[2].
> Some basic tests were performed on our side, and simple jobs were
> configured correctly, but you may notice strange behavior if you are
> using JJB.
>
>
> [0]: https://groups.google.com/d/topic/jenkinsci-advisories/lJfvDs5s6bk
> [1]: https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection
> [2]: https://storyboard.openstack.org/#!/story/2000556
>
> If you have any questions or comments, let us know here or find one of
> us in #centos-devel on Freenode.
>
> Cheers!
> --
> Brian Stinson
> CentOS CI Infrastructure Team
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
More information about the Ci-users
mailing list