I'll update Jenkins on Saturday 14th May to the latest LTS version
(1.651.2) which includes some security fixes.
There is a change to how job parameters are handled which poses a small
amount of risk, but I'll try to review jobs beforehand. If a job calls
another job with undeclared parameters, these are currently passed
through. After the upgrade, they will be filtered out unless the child
job declares them in its accepted parameter list.
If you see any unexpected job failures after the weekend, please let me
know.
···
--
Dominic Cleal
dominic@cleal.org
I've disabled this security change for the time being as it broke with
matrix jobs (JENKINS-34758), and so I'll re-enable it when a fix is
available. Otherwise Jenkins has been upgraded and it appears to be
running OK.
···
On 12/05/16 09:05, Dominic Cleal wrote:
> I'll update Jenkins on Saturday 14th May to the latest LTS version
> (1.651.2) which includes some security fixes.
>
> There is a change to how job parameters are handled which poses a small
> amount of risk, but I'll try to review jobs beforehand. If a job calls
> another job with undeclared parameters, these are currently passed
> through. After the upgrade, they will be filtered out unless the child
> job declares them in its accepted parameter list.
–
Dominic Cleal
dominic@cleal.org
I've noticed that we're missing a few jobs:
- test_kafo_master, pull_request
- test_kafo_parsers_master, pull_request
- test_proxy_develop, pr core, stable
PR tests on the smart proxy and kafo projects will currently fail. I had
updated the matrix job plugin in an attempt to resolve the issue with
its parameters not working with the security update, and it looks like
an unrelated security change between versions prevents the use of
regexes in matrix combination filters.
I'm working on fixing these jobs now, probably by rewriting the
combination filters.
···
On 12/05/16 09:05, Dominic Cleal wrote:
> I'll update Jenkins on Saturday 14th May to the latest LTS version
> (1.651.2) which includes some security fixes.
>
> There is a change to how job parameters are handled which poses a small
> amount of risk, but I'll try to review jobs beforehand. If a job calls
> another job with undeclared parameters, these are currently passed
> through. After the upgrade, they will be filtered out unless the child
> job declares them in its accepted parameter list.
>
> If you see any unexpected job failures after the weekend, please let me
> know.
–
Dominic Cleal
dominic@cleal.org
I've whitelisted the blocked piece of filter code through Jenkins
settings and restarted it to pick up the jobs from the configs again.
Sorry for the disruption.
···
On 16/05/16 12:31, Dominic Cleal wrote:
> On 12/05/16 09:05, Dominic Cleal wrote:
>> I'll update Jenkins on Saturday 14th May to the latest LTS version
>> (1.651.2) which includes some security fixes.
>>
>> There is a change to how job parameters are handled which poses a small
>> amount of risk, but I'll try to review jobs beforehand. If a job calls
>> another job with undeclared parameters, these are currently passed
>> through. After the upgrade, they will be filtered out unless the child
>> job declares them in its accepted parameter list.
>>
>> If you see any unexpected job failures after the weekend, please let me
>> know.
>
> I've noticed that we're missing a few jobs:
>
> - test_kafo_master, pull_request
> - test_kafo_parsers_master, pull_request
> - test_proxy_develop, pr core, stable
>
> PR tests on the smart proxy and kafo projects will currently fail. I had
> updated the matrix job plugin in an attempt to resolve the issue with
> its parameters not working with the security update, and it looks like
> an unrelated security change between versions prevents the use of
> regexes in matrix combination filters.
>
> I'm working on fixing these jobs now, probably by rewriting the
> combination filters.
–
Dominic Cleal
dominic@cleal.org
