Skip to content
  1. May 23, 2012
  3. May 22, 2012
  5. May 16, 2012
  7. May 14, 2012
  9. May 09, 2012
    • David Reiss's avatar
      [FIXED JENKINS-13202] Don't set mtime or mode on symlinks · e15b2e19
      David Reiss authored 
      Previously, the untar code tries to set the last modified time and mode
on every untarred file.  However, if the tar contains a broken symlink,
or a symlink that points to a file that has not been untarred yet, the
time/mode setting would fail on the broken symlink.

Symlinks don't have meaningful modified times or modes of their own, so
only set these values on non-symlinks.

Rename the file "a" in the test to expose the bug.
      e15b2e19
  11. May 08, 2012
  13. May 07, 2012
  15. May 06, 2012
  17. May 05, 2012
  19. May 04, 2012
    • Kohsuke Kawaguchi's avatar
      I think this covers what the user cares about better. · c37adad3
      Kohsuke Kawaguchi authored
      c37adad3
    • Kohsuke Kawaguchi's avatar
      [FIXED JENKINS-12585] restrict where sessions are created. · 7a4858d6
      Kohsuke Kawaguchi authored 
      If a resource with 'Set-Cookie' header is cached (either by intermediary
like HTTP proxy and reverse proxy, or by the browser), it'll cause
identity swap / session mix-up as discussed in this ticket.

I suspect this was caused by HttpSessionContextIntegrationFilter2, which
is the only code path that attempts to create a session when a request
to a static resource is made.

So I'm disabling the creation of session in
HttpSessionContextIntegrationFilter2. This in turn requires that we
have sessions already created when the authentication was successful and
people need to login (or else the login will have no effect.)

We already do so in layout.jelly, so any request that renders a Jenkins
page would have a session, but I've also added it in
AuthenticationProcessingFilter2, which ensures that a successful login
does have a session.
      7a4858d6
  21. May 03, 2012
  23. Apr 30, 2012
  25. Apr 26, 2012
  27. Apr 25, 2012
  29. Apr 24, 2012