[Box-Admins] Jenkins vulnerability
Frank Shearar
frank.shearar at gmail.com
Tue Jan 8 22:17:24 UTC 2013
On 08 Jan 2013, at 21:46, Chris Cunnington <smalltalktelevision at gmail.com> wrote:
> On 2013-01-08 4:42 PM, Frank Shearar wrote:
>> On 8 January 2013 21:09, Chris Cunnington <smalltalktelevision at gmail.com> wrote:
>>> On 2013-01-08 4:00 PM, Frank Shearar wrote:
>>>> On 8 January 2013 20:48, Chris Cunnington <smalltalktelevision at gmail.com>
>>>> wrote:
>>>>> On 2013-01-08 3:44 PM, Frank Shearar wrote:
>>>>>>
>>>>>>
>>>>>> https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
>>>>>>
>>>>>> There's an action-to-be-taken message in the management console for
>>>>>> Jenkins. I haven't pushed the button for it yet (mainly because I'm
>>>>>> not sure it's me who should be deciding this).
>>>>>>
>>>>>> frank
>>>>> Can you initiate an update to Jenkins 1.498? That might be the easiest
>>>>> thing.
>>>> We're already on 1.498, according to the About Jenkins page.
>>>>
>>>> frank
>>>>
>>>>> Chris
>>> OK, the encryption data is being re-keyed in the background now.
>>>
>>> Chris
>> Cool. Wonder just how much longer it's going to take :/.
>>
>> frank
> I looked at the log and it seemed already to be over. Is there a sign that it's still doing it?
> Ah, you have a queue. I'm not sure why it's doing that, as I'm confident the process is over.
>
> Chris
I'll have to look at it tomorrow. My build slaves are being challenged and they weren't before: they're getting 403s to the slave-agent jar they need.
frank
More information about the Box-Admins
mailing list