[Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT) - Full Restart 00h UTC (20h EDT)

Brian Stinson bstinson at redhat.com
Wed Apr 20 02:56:47 UTC 2016


Hi All,

This is finally finished up. We had a long quiet period while a few jobs
finished up and it looks like everything got queued up for re-execution
once we restarted. 

We'll be checking in with the JJB folks and others using the Jenkins
REST API to see how they're affected by the new CSRF settings.

Cheers!
--Brian 

On Apr 19 10:03, Brian Stinson wrote:
> The first part of this maintenance has been done. We will need to
> schedule a full restart for tonight (00h UTC). We'll be monitoring
> running jobs throughout the day.
> 
> Cheers
> --Brian 
> 
> On Apr 19 08:54, Brian Stinson wrote:
> > Hi Folks,
> > 
> > In response to news of directed attacks against public Jenkins
> > instances[0], we are enabling some of the CSRF protections in ci.centos.org
> > 
> > To do this we will issue a SafeRestart at 14:30 UTC Today! Running jobs
> > will be given a chance to clear and new jobs should be queued up and
> > will execute as soon as the restart finishes. 
> > 
> > Potential Impact:
> > - If you are using the Jenkins REST interface you may need to modify
> >   your scripts to send the appropriate headers[1]
> > 
> > - Jenkins Job Builder is tracking an issue to enable CSRF support[2].
> >   Some basic tests were performed on our side, and simple jobs were
> >   configured correctly, but you may notice strange behavior if you are
> >   using JJB.
> > 
> > 
> > [0]: https://groups.google.com/d/topic/jenkinsci-advisories/lJfvDs5s6bk
> > [1]: https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection
> > [2]: https://storyboard.openstack.org/#!/story/2000556
> > 
> > If you have any questions or comments, let us know here or find one of
> > us in #centos-devel on Freenode.
> > 
> > Cheers!
> > --
> > Brian Stinson
> > CentOS CI Infrastructure Team
> > _______________________________________________
> > Ci-users mailing list
> > Ci-users at centos.org
> > https://lists.centos.org/mailman/listinfo/ci-users
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users



More information about the Ci-users mailing list