The first part of this maintenance has been done. We will need to schedule a full restart for tonight (00h UTC). We'll be monitoring running jobs throughout the day. Cheers --Brian On Apr 19 08:54, Brian Stinson wrote: > Hi Folks, > > In response to news of directed attacks against public Jenkins > instances[0], we are enabling some of the CSRF protections in ci.centos.org > > To do this we will issue a SafeRestart at 14:30 UTC Today! Running jobs > will be given a chance to clear and new jobs should be queued up and > will execute as soon as the restart finishes. > > Potential Impact: > - If you are using the Jenkins REST interface you may need to modify > your scripts to send the appropriate headers[1] > > - Jenkins Job Builder is tracking an issue to enable CSRF support[2]. > Some basic tests were performed on our side, and simple jobs were > configured correctly, but you may notice strange behavior if you are > using JJB. > > > [0]: https://groups.google.com/d/topic/jenkinsci-advisories/lJfvDs5s6bk > [1]: https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection > [2]: https://storyboard.openstack.org/#!/story/2000556 > > If you have any questions or comments, let us know here or find one of > us in #centos-devel on Freenode. > > Cheers! > -- > Brian Stinson > CentOS CI Infrastructure Team > _______________________________________________ > Ci-users mailing list > Ci-users at centos.org > https://lists.centos.org/mailman/listinfo/ci-users