- Feb 14, 2013
-
-
Kohsuke Kawaguchi authored
-
Kohsuke Kawaguchi authored
Fixed the HTTP request thread saturation problem with Winstone. (cherry picked from commit 4b1a95f2) Conflicts: changelog.html
-
Jesse Glick authored
(cherry picked from commit 20d628fa)
-
Jesse Glick authored
(cherry picked from commit b44df8b1) Conflicts: core/pom.xml
-
Jesse Glick authored
(cherry picked from commit 6d99c02b)
-
Jesse Glick authored
This patch makes standard post-build action refuse to let you configure a downstream project you cannot currently build. The one from parameterized-trigger will show an error in the configure screen but still lets you save the configuration; needs an analogous patch to that plugin. Does not yet protect against POSTing config.xml with the trigger. (cherry picked from commit 757bc8a5) Conflicts: core/src/main/java/hudson/model/Descriptor.java
-
Jesse Glick authored
- My second patch, with whitelisted XPath values and forbidden JSONP. - Disabling JSONP altogether for REST API (unless explicitly allowed). - Forbid primitive XPath result sets by default. - Refuse to serve _crumb=123456 as this could (very hypothetically) be exploited. (cherry picked from commit f4af9b1a) Conflicts: core/src/main/java/hudson/model/Api.java
-
Kohsuke Kawaguchi authored
(cherry picked from commit f8d2a0ba)
-
Jesse Glick authored
Require POST for various operations. (cherry picked from commit 36c86243) Conflicts: core/src/main/java/hudson/model/AbstractBuild.java
-
Jesse Glick authored
(cherry picked from commit 1fb2acfd) Conflicts: core/src/main/java/hudson/model/AbstractProject.java core/src/main/java/hudson/model/ParametersDefinitionProperty.java
-
Kohsuke Kawaguchi authored
- Use the proper block cipher mode. Or else the information about the plain text still ends up revealing as a pattern without the attacker knowing the key. - No need to hide SLAVE_SECRET from the encrypted payload. jnlpMac is needed to decrypt this payload to begin with, so there's no point in hiding it. This simplifies the code a little bit. - Using a newer slave installer that uses the -secret option (cherry picked from commit f4496df1)
-
Kohsuke Kawaguchi authored
Jesse's original patch (cherry picked from commit 01a24e2c)
-
- Feb 11, 2013
-
-
Kohsuke Kawaguchi authored
-
Kohsuke Kawaguchi authored
-
Kohsuke Kawaguchi authored
-
Jesse Glick authored
-
Kohsuke Kawaguchi authored
-
Kohsuke Kawaguchi authored
-
Kohsuke Kawaguchi authored
-
- Feb 09, 2013
-
-
Jesse Glick authored
-
- Feb 08, 2013
-
-
Jesse Glick authored
translation cleanup
-
Harald Albers authored
purged duplicated translations for GlobalCrumbIssuerConfiguration ("Prevent Cross Site Request Forgery exploits"). Changed property name "Crumb" to "Crumbs" because this is the value that the existing translations actually use.
-
Christoph Kutzinski authored
-
- Feb 07, 2013
-
-
Jesse Glick authored
Improve UpdateSiteTest by adding valid Update sites
-
Ryan Campbell authored
-
Nicolas De Loof authored
-
Jesse Glick authored
Removing old static field, which was not friendly to tests, especially multithreaded runners. Cleaned up existing tests to use updateDirectly rather than POSTing raw JSON.
-
Jesse Glick authored
-
Jesse Glick authored
-
Jesse Glick authored
-
Jesse Glick authored
[JENKINS-15156] AbstractProject.builds accessed by Maven & matrix module builds before onLoad or onCreatedFromScratch called. Seem to need to keep the deprecated no-arg RunMap initializer though it is unclear to me how it could work.
-
Nicolas De Loof authored
so iterate on itemGroup.getItems and filter by job names
-
Nicolas De Loof authored
-
Nicolas De Loof authored
used to browse workspace and run scm polling
-
Jesse Glick authored
Seems that the RunMap must be initialized before updateTransientActions, which uses it, is called.
-
Jesse Glick authored
-
Jesse Glick authored
-
Jesse Glick authored
[FIXED JENKINS-15156] Initialize AbstractLazyLoadRunMap.dir for newly created jobs.
-
Johno Crawford authored
-
Johno Crawford authored
-