[Ci-users] Brief Jenkins Outage Completed *Security Implications - Please Read*

Brian Stinson bstinson at redhat.com
Wed Feb 14 20:34:24 UTC 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Folks,

We just took a short full restart of Jenkins in ci.centos.org to patch
against Jenkins SECURITY-705[0], a path-traversal exploit that could
have caused the leak of sensitive files on the Jenkins master.

If you have secrets stored with us in the Jenkins credential store,
please consider contacting me directly to get these rotated. We *do not*
have evidence of an active exploit at this time, but it is standard
practice to rotate secrets under these circumstances.

[0]: https://jenkins.io/security/advisory/2018-02-14/

Thank you for your patience while we work this through,

- --
Brian Stinson
CentOS CI Infrastructure Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJahJ1QAAoJEIMGvNKzCweMrUMQAIVSYK9OjSB67WuJhHq4a5ew
QeQ/4C+bE6vlMRhSTlViQZ1hzzfLrvgYzEFyK6vbaepO1DpSaA0/Znz9l644Yrt7
P1DiPGI2ba4r6p81uaEdlgIiIHUfmvMv48GHUrFk6872awFf8/Xr2QJ497vDerCg
SQICr+1I0WtsiLcQV5H37QUkLWw3iS71NP8H8ma11rEYYFBq9xaa14kr80299ZGD
aOQ3LZd0I+k45AGbIQMowWjoUWjCW9Rgf+kSK6PbZGMJJHLvfWFtEysUmvxPGcbx
7uBWun7hNxiZutgbSJAT7X07SpUCHJ8pmhR4QjEBqQG04E+GfK0aA58puvCNbhdZ
NH9lVIF7k6ILKUdr1qLR+In8ef3b36zy54P4ORPcLBZcsVCLeghmZP0raWugz63K
Cxg1Yl23tvENOiAcoM+f2lP1prFvFwBgeMnLVOexdX7w4q5ne9+kLPLbQ0y6P+ZZ
DidAMY1TeUyXkWyuTk9Oy2BR2UjaoDkwVDBblTYV1L4CSoNgHYiVHWU8wzIuYv6+
oDXQO8/UuJ8fZvkYMtXaZxrmYFvki39tUBKltKcBgddu9lwIZMphGqavjkx9SCZ6
E8cfEx9IF1lhPQtKm8j9fOdPHdELF2cC6InnWtjQLi0d3qZLyDDuo5fo1iBfVUNE
v1GeqCHcolY4qa34JPHC
=ALkV
-----END PGP SIGNATURE-----



More information about the Ci-users mailing list