提交 · 0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899 · FIY695 / jenkins

04 1月, 2017 5 次提交
- J
  Merge pull request #82 from jenkinsci-cert/security-343 · 0f92cd08
  由 Jesse Glick 提交于 1月 03, 2017
```
[SECURITY-343] Restrict API access to NodeMonitor data
```
  0f92cd08
- A
  
  [SECURITY-343] Adding @Issue on tests · 98cd6a7b
  由 Andrew Bayer 提交于 1月 03, 2017
  
  98cd6a7b
- A
  
  [SECURITY-343] Switching to using CONNECT permission. · 0491ee2c
  由 Andrew Bayer 提交于 1月 03, 2017
  
  0491ee2c
- J
  Merge pull request #95 from jenkinsci-cert/SECURITY-353 · fd2e081b
  由 Jesse Glick 提交于 1月 03, 2017
```
[SECURITY-353] Persisted XSS in parameter definition names and value descriptions
```
  fd2e081b
- J
  
  Documenting existence of escapeEntryTitleAndDescription flag as suggested by @daniel-beck. · 169056e7
  由 Jesse Glick 提交于 1月 03, 2017
  
  169056e7
22 12月, 2016 8 次提交
- J
  
  Extended markup formatter fix to other core parameter types. · ea2ca1c5
  由 Jesse Glick 提交于 12月 21, 2016
  
  ea2ca1c5
- J
  
  [SECURITY-353] Fixed markup formatter for StringParameterDefinition/Value. · 0b471b7b
  由 Jesse Glick 提交于 12月 21, 2016
  
  0b471b7b
- J
  
  Merge branch 'security-stable-1.625' into SECURITY-353 · bedf304c
  由 Jesse Glick 提交于 12月 21, 2016
  
  bedf304c
- J
  Placate the JDK 9 compiler. · 2c1c1ece
  由 Jesse Glick 提交于 10月 17, 2016
```
(cherry picked from commit 441bf1c2)
```
  2c1c1ece
- J
  
  [SECURITY-353] Solved XSS, at the cost of markup formatters. · b561ca56
  由 Jesse Glick 提交于 12月 21, 2016
  
  b561ca56
- J
  
  We also expect descriptions to be formatted, not merely escaped. · 2e883752
  由 Jesse Glick 提交于 12月 21, 2016
  
  2e883752
- J
  
  Noting need for escapes. · c8aa949f
  由 Jesse Glick 提交于 12月 21, 2016
  
  c8aa949f
- J
  
  [SECURITY-353] Reproduced problem in test. · 33675161
  由 Jesse Glick 提交于 12月 21, 2016
  
  33675161
21 12月, 2016 2 次提交
- J
  Merge pull request #83 from jenkinsci-cert/SECURITY-354 · 767a919b
  由 Jesse Glick 提交于 12月 20, 2016
```
[SECURITY-354] Using jBCrypt 0.4
```
  767a919b
- J
  Merge pull request #85 from jenkinsci-cert/security-371-staplerproxy · 6efcf6c2
  由 Jesse Glick 提交于 12月 20, 2016
```
[SECURITY-371] Secure all administrative monitors
```
  6efcf6c2
17 12月, 2016 2 次提交
- A
  
  Responding to review comments. · 17b98d62
  由 Andrew Bayer 提交于 12月 16, 2016
  
  17b98d62
- A
  
  [SECURITY-371] Ensure admin access for all AdministrativeMonitor actions. · 81265255
  由 Andrew Bayer 提交于 11月 29, 2016
  
  81265255
22 11月, 2016 1 次提交
- J
  
  [SECURITY-354] Using jBCrypt 0.4. · 578298e7
  由 Jesse Glick 提交于 11月 21, 2016
  
  578298e7
18 11月, 2016 1 次提交

[SECURITY-343] Restrict API access to NodeMonitor data · c19a56d2

由 Andrew Bayer 提交于 11月 17, 2016

Switch to requiring EXTENDED_READ permission for access to NodeMonitor
data. It might theoretically be better if we had more granular
permissions on each NodeMonitor, but that's a bigger change, and since
EXTENDED_READ is already what we use to limit access to serving the
computer's config.xml, I think this is appropriate.

c19a56d2

14 11月, 2016 2 次提交
- J
  Merge pull request #73 from jenkinsci-cert/20161116-for-1.625 · ce8a2d51
  由 Jesse Glick 提交于 11月 13, 2016
```
[SECURITY-360] 2016/11/16 security fix for 1.625
```
  ce8a2d51
- K
  
  Released version · b379e773
  由 Kohsuke Kawaguchi 提交于 11月 13, 2016
  
  b379e773
13 11月, 2016 1 次提交
- K
  
  Remoting jar round #2 · f1fd60f7
  由 Kohsuke Kawaguchi 提交于 11月 13, 2016
  
  f1fd60f7
12 11月, 2016 11 次提交
- K
  Preparing the integration commit for Nov 16th release · d84d9a2a
  由 Kohsuke Kawaguchi 提交于 11月 11, 2016
```
Merge branch 'SECURITY-360-test' into security-stable-1.625
```
  d84d9a2a
- K
  Merge pull request #72 from jenkinsci-cert/ysoserialnew · e7db5264
  由 Kohsuke Kawaguchi 提交于 11月 11, 2016
```
Extend ysoserial coverage for latest cases [SECURITY-317]
```
  e7db5264
- K
  [SECURITY-360] integration test · 6078dd7a
  由 Kohsuke Kawaguchi 提交于 11月 11, 2016
```
Make sure LDAPAttribute gets rejected.
```
  6078dd7a
- K
  Merge pull request #71 from jenkinsci-cert/SECURITY-360 · f574224c
  由 Kohsuke Kawaguchi 提交于 11月 11, 2016
```
[SECURITY-360] system property to disable CLI
```
  f574224c
- S
  
  Add explanation for spring tests · d42c39c9
  由 Sam Van Oort 提交于 11月 11, 2016
  
  d42c39c9
- S
  
  Fix quirks in the tests · 594ffcec
  由 Sam Van Oort 提交于 11月 11, 2016
  
  594ffcec
- S
  
  Add entries for the new ysoserial tests and license headers · 3ba3a322
  由 Sam Van Oort 提交于 11月 11, 2016
  
  3ba3a322
- S
  
  Compileable ysoserial classes · 4fc68251
  由 Sam Van Oort 提交于 11月 11, 2016
  
  4fc68251
- S
  
  Mostly working ysoserial updates · 8395b78c
  由 Sam Van Oort 提交于 11月 11, 2016
  
  8395b78c
- K
  [SECURITY-360] introduce a system switch to kill CLI · fde9c42f
  由 Kohsuke Kawaguchi 提交于 11月 11, 2016
```
This basically is a convenient version of
https://github.com/jenkinsci-cert/SECURITY-218.

During the course of discussing how to fix SECURITY-360, it was agreed
by the CERT team that we provide this switch.
```
  fde9c42f
- K
  
  Fixing this back to 2.53.3 as the baseline · cfc9491e
  由 Kohsuke Kawaguchi 提交于 11月 11, 2016
  
  cfc9491e
30 4月, 2016 7 次提交
- J
  
  Merge branch 'security-stable-1.609' into security-stable-1.625 · 0f5e70f1
  由 Jesse Glick 提交于 4月 29, 2016
  
  0f5e70f1
- J
  Merge pull request #59 from jenkinsci-cert/SECURITY-170-v2 · edffecea
  由 Jesse Glick 提交于 4月 29, 2016
```
[FIX SECURITY-170] Don't expose parameters not defined on the run
```
  edffecea
- J
  
  Missing import. · 6de0fc0f
  由 Jesse Glick 提交于 4月 29, 2016
  
  6de0fc0f
- J
  
  Merge branch 'security-stable-1.609' into security-stable-1.625 · 4242be8b
  由 Jesse Glick 提交于 4月 29, 2016
  
  4242be8b
- J
  
  [JENKINS-26775] Suppress ApiTest.wrappedMultipleItems prior to 1.651 where it is fixed for JDK 8. · e4b97c59
  由 Jesse Glick 提交于 4月 29, 2016
  
  e4b97c59
- A
  
  [SECURITY-170] More tests · a7264a96
  由 Antonio Muñiz 提交于 4月 29, 2016
  
  a7264a96
- A
  
  [SECURITY-170] Fixing test · eb2b62e1
  由 Antonio Muñiz 提交于 4月 29, 2016
  
  eb2b62e1

FIY695 / jenkins 与 Fork 源项目一致

FIY695 / jenkins
与 Fork 源项目一致