https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-...
There's an action-to-be-taken message in the management console for Jenkins. I haven't pushed the button for it yet (mainly because I'm not sure it's me who should be deciding this).
frank
On 2013-01-08 3:44 PM, Frank Shearar wrote:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-...
There's an action-to-be-taken message in the management console for Jenkins. I haven't pushed the button for it yet (mainly because I'm not sure it's me who should be deciding this).
frank
Can you initiate an update to Jenkins 1.498? That might be the easiest thing.
Chris
On 8 January 2013 20:48, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 3:44 PM, Frank Shearar wrote:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-...
There's an action-to-be-taken message in the management console for Jenkins. I haven't pushed the button for it yet (mainly because I'm not sure it's me who should be deciding this).
frank
Can you initiate an update to Jenkins 1.498? That might be the easiest thing.
We're already on 1.498, according to the About Jenkins page.
frank
Chris
On 2013-01-08 4:00 PM, Frank Shearar wrote:
On 8 January 2013 20:48, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 3:44 PM, Frank Shearar wrote:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-...
There's an action-to-be-taken message in the management console for Jenkins. I haven't pushed the button for it yet (mainly because I'm not sure it's me who should be deciding this).
frank
Can you initiate an update to Jenkins 1.498? That might be the easiest thing.
We're already on 1.498, according to the About Jenkins page.
frank
Chris
OK, the encryption data is being re-keyed in the background now.
Chris
On 8 January 2013 21:09, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 4:00 PM, Frank Shearar wrote:
On 8 January 2013 20:48, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 3:44 PM, Frank Shearar wrote:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-...
There's an action-to-be-taken message in the management console for Jenkins. I haven't pushed the button for it yet (mainly because I'm not sure it's me who should be deciding this).
frank
Can you initiate an update to Jenkins 1.498? That might be the easiest thing.
We're already on 1.498, according to the About Jenkins page.
frank
Chris
OK, the encryption data is being re-keyed in the background now.
Chris
Cool. Wonder just how much longer it's going to take :/.
frank
On 2013-01-08 4:42 PM, Frank Shearar wrote:
On 8 January 2013 21:09, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 4:00 PM, Frank Shearar wrote:
On 8 January 2013 20:48, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 3:44 PM, Frank Shearar wrote:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-...
There's an action-to-be-taken message in the management console for Jenkins. I haven't pushed the button for it yet (mainly because I'm not sure it's me who should be deciding this).
frank
Can you initiate an update to Jenkins 1.498? That might be the easiest thing.
We're already on 1.498, according to the About Jenkins page.
frank
Chris
OK, the encryption data is being re-keyed in the background now.
Chris
Cool. Wonder just how much longer it's going to take :/.
frank
I looked at the log and it seemed already to be over. Is there a sign that it's still doing it? Ah, you have a queue. I'm not sure why it's doing that, as I'm confident the process is over.
Chris
On 08 Jan 2013, at 21:46, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 4:42 PM, Frank Shearar wrote:
On 8 January 2013 21:09, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 4:00 PM, Frank Shearar wrote:
On 8 January 2013 20:48, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 3:44 PM, Frank Shearar wrote:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-...
There's an action-to-be-taken message in the management console for Jenkins. I haven't pushed the button for it yet (mainly because I'm not sure it's me who should be deciding this).
frank
Can you initiate an update to Jenkins 1.498? That might be the easiest thing.
We're already on 1.498, according to the About Jenkins page.
frank
Chris
OK, the encryption data is being re-keyed in the background now.
Chris
Cool. Wonder just how much longer it's going to take :/.
frank
I looked at the log and it seemed already to be over. Is there a sign that it's still doing it? Ah, you have a queue. I'm not sure why it's doing that, as I'm confident the process is over.
Chris
I'll have to look at it tomorrow. My build slaves are being challenged and they weren't before: they're getting 403s to the slave-agent jar they need.
frank
On 8 January 2013 22:17, Frank Shearar frank.shearar@gmail.com wrote:
On 08 Jan 2013, at 21:46, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 4:42 PM, Frank Shearar wrote:
On 8 January 2013 21:09, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 4:00 PM, Frank Shearar wrote:
On 8 January 2013 20:48, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-08 3:44 PM, Frank Shearar wrote: > > > https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-... > > There's an action-to-be-taken message in the management console for > Jenkins. I haven't pushed the button for it yet (mainly because I'm > not sure it's me who should be deciding this). > > frank Can you initiate an update to Jenkins 1.498? That might be the easiest thing.
We're already on 1.498, according to the About Jenkins page.
frank
Chris
OK, the encryption data is being re-keyed in the background now.
Chris
Cool. Wonder just how much longer it's going to take :/.
frank
I looked at the log and it seemed already to be over. Is there a sign that it's still doing it? Ah, you have a queue. I'm not sure why it's doing that, as I'm confident the process is over.
Chris
I'll have to look at it tomorrow. My build slaves are being challenged and they weren't before: they're getting 403s to the slave-agent jar they need.
OK, it's because we've (pretty reasonably) stopped anonymous reads, so build slaves must now authenticate through magic like
java -classpath commons-codec-1.7.jar -jar slave.jar -jnlpUrl http://squeakci.org/computer/angband/slave-agent.jnlp -jnlpCredentials username:password
The codec jar comes from here: http://mirrors.enquira.co.uk/apache//commons/codec/binaries/commons-codec-1....
But now I'm getting weirder errors:
SEVERE: I/O error in channel channel java.io.IOException: Unexpected termination of the channel at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:50)
Sigh.
frank
box-admins@lists.squeakfoundation.org