[Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT)
Colin Walters
walters at verbum.orgSat May 21 13:31:48 UTC 2016
- Previous message: [Ci-users] Important infra outage notification - dates to be discussed
- Next message: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC (26-May-2016 21h00 - 22h00 EDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote: > Hi Folks, > > In response to news of directed attacks against public Jenkins > instances[0], we are enabling some of the CSRF protections in ci.centos.org It looks like this also caused: https://github.com/janinko/ghprb/issues/84 However I'm a bit confused - it seems like a lot more people should be hitting this. Perhaps people just aren't turning on CSRF? Then I also found https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900 which: $ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900 ghprb-1.28~3^2 So it *should* be in the 1.30.4 we're running according to https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version] Did anyone else manage to get the ghprb hooks working? (Aside, I was trying to work around this by using the raw `github` plugin's webhook which does work, but I couldn't quite figure out how to make a single job that builds multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the end we do need a way to retrigger as ghprb handles)
- Previous message: [Ci-users] Important infra outage notification - dates to be discussed
- Next message: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC (26-May-2016 21h00 - 22h00 EDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CI-users mailing list