On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote: > Hi Folks, > > In response to news of directed attacks against public Jenkins > instances[0], we are enabling some of the CSRF protections in ci.centos.org It looks like this also caused: https://github.com/janinko/ghprb/issues/84 However I'm a bit confused - it seems like a lot more people should be hitting this. Perhaps people just aren't turning on CSRF? Then I also found https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900 which: $ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900 ghprb-1.28~3^2 So it *should* be in the 1.30.4 we're running according to https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version] Did anyone else manage to get the ghprb hooks working? (Aside, I was trying to work around this by using the raw `github` plugin's webhook which does work, but I couldn't quite figure out how to make a single job that builds multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the end we do need a way to retrigger as ghprb handles)