- 08 9月, 2014 2 次提交
-
-
由 Kohsuke Kawaguchi 提交于
-
由 Kohsuke Kawaguchi 提交于
-
- 03 9月, 2014 4 次提交
-
-
由 Kohsuke Kawaguchi 提交于
Plugins that depend on LTS shouldn't be using this API.
-
由 Kohsuke Kawaguchi 提交于
CONFIGURE permission shouldn't allow the type of the job to be changed. That's more of CREATE+DELETE. In any case, the code doesn't correctly handling submitting config.xml for a different type.
-
由 Kohsuke Kawaguchi 提交于
After talking to Jesse, he's OK with me bringing it back to public so long as we don't allow other programmatic dependencies to it. The intention of leaving them mutable is to allow admins to play with this in the groovy script during the initialization and at runtime. Groovy currently ignores the private access modifier anyway, but that is considered as a bug in the upstream (https://jira.codehaus.org/browse/GROOVY-3010)
-
由 Kohsuke Kawaguchi 提交于
It may be that the 'newName' exists and just not visible to the user trying to do a rename
-
- 01 9月, 2014 1 次提交
-
-
由 Jesse Glick 提交于
[SECURITY-120] Do not print a warning with stack trace just because we are using a 2.x servlet container.
-
- 31 8月, 2014 1 次提交
-
-
由 Jesse Glick 提交于
-
- 30 8月, 2014 6 次提交
-
-
由 Kohsuke Kawaguchi 提交于
If Jenkins URL is set to https, force the secure flag. Also force the cookie to be HTTP only, which mitigates the damage that XSS can cause. See https://www.owasp.org/index.php/SecureFlag
-
由 Kohsuke Kawaguchi 提交于
Don't let UsernameNotFoundException vs BadCredentialsException difference to be seen by the caller, for that tells whether the user exists or not. But to assist trouble-shooting, do report that error to the server. UUID helps the user finds the information in the log file
-
由 Kohsuke Kawaguchi 提交于
Don't wait for a connection forever, which can cause the thread to hang forever if the upload link never arrives
-
由 Kohsuke Kawaguchi 提交于
ZeroClipboard 1.3.5 is rather incompatible with 1.1.7, and various API changes were needed. - setText() call doesn't work until the DOM is populated, which is at some unknown time AFAICT. installing it via the datarequested event avoids this problem. - constructor now demands the element to attach to, and it's unclear if relative positioning is working or not. - "display: inline-block" is needed for ZeroClipboard to correctly compute the height of the element
-
由 Kohsuke Kawaguchi 提交于
Protect default password value from users who are triggering builds.
-
由 Kohsuke Kawaguchi 提交于
Coerce the parameter value to one of a legal value
-
- 23 8月, 2014 2 次提交
-
-
由 Jesse Glick 提交于
[FIXED SECURITY-155] Do not allow plugin code to be downloaded via doDynamic, only static resources.
-
由 Jesse Glick 提交于
In this case we are probably interested in looking at the output as it arrives in real time. Can always be overridden on the command line if desired. (cherry picked from commit 44a8ec11)
-
- 21 8月, 2014 3 次提交
-
-
由 Jesse Glick 提交于
[FIXED SECURITY-131] Recode restOfPath before constructing URLs from it, so it cannot be used for directory traversal.
-
由 Jesse Glick 提交于
Seems to work in 8.0 at least for some functional tests. Developers can always disable it privately if they run into issues. (cherry picked from commit 7b420175) Conflicts: pom.xml
-
由 Jesse Glick 提交于
-
- 31 7月, 2014 1 次提交
-
-
由 Jesse Glick 提交于
Updating branch base to 1.532.
-
- 12 2月, 2014 16 次提交
-
-
由 Jesse Glick 提交于
-
由 Jesse Glick 提交于
-
由 Jesse Glick 提交于
[FIXED SECURITY-109] SECURITY-55 fix to BuildTrigger configuration failed if downstream project was not visible.
-
由 Vojtech Juranek 提交于
-
由 Jesse Glick 提交于
[FIXED SECURITY-107] When security-related fields in Jenkins cannot be unmarshaled, it is best to halt startup.
-
由 Jesse Glick 提交于
-
由 Jesse Glick 提交于
[FIXED SECURITY-93] PasswordParameterDefinition should serve existing default value in encrypted form. And strengthen functional tests (using configRoundTrip) to ensure that the same mistake is not made elsewhere.
-
由 Jesse Glick 提交于
-
由 Jesse Glick 提交于
-
由 Vojtech Juranek 提交于
-
由 Jesse Glick 提交于
-
由 Jesse Glick 提交于
-
由 Vojtech Juranek 提交于
-
由 Vojtech Juranek 提交于
-
由 Jesse Glick 提交于
-
由 Jesse Glick 提交于
-
- 23 9月, 2013 2 次提交
-
-
由 Kohsuke Kawaguchi 提交于
-
由 Kohsuke Kawaguchi 提交于
-
- 17 9月, 2013 2 次提交
-
-
由 Kohsuke Kawaguchi 提交于
-
由 Kohsuke Kawaguchi 提交于
-