[JENKINS-16417]

My recommended fix in response to https://github.com/jenkinsci/jenkins/pull/1093. This does not eliminate nor exclude the need for more generic pluggability, but it would at least address the security concern.

[JENKINS-16417]
My recommended fix in response to https://github.com/jenkinsci/jenkins/pull/1093. This does not eliminate nor exclude the need for more generic pluggability, but it would at least address the security concern.
22f2238b · Kohsuke Kawaguchi · 0c9d7dba · 22f2238b · 22f2238b
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

changelog.html changelog.html +3 -0

core/src/main/java/hudson/model/Run.java core/src/main/java/hudson/model/Run.java +1 -1

未找到文件。
--- a/changelog.html
+++ b/changelog.html
@@ -55,6 +55,9 @@ Upcoming changes</a>
 <!-- Record your changes in the trunk here. -->
 <div id="trunk" style="display:none"><!--=TRUNK-BEGIN=-->
 <ul class=image>
+  <li class=bug>
+    Removing the "keep this build forever" lock on a build should require the DELETE permission.
+    (<a href="https://issues.jenkins-ci.org/browse/JENKINS-16417">issue 16417</a>)
  <li class=bug>
    Files added to zip archive are closed properly.
    (<a href="https://issues.jenkins-ci.org/browse/JENKINS-20345">issue 20345</a>)

--- a/core/src/main/java/hudson/model/Run.java
+++ b/core/src/main/java/hudson/model/Run.java
@@ -2086,7 +2086,7 @@ public abstract class Run <JobT extends Job<JobT,RunT>,RunT extends Run<JobT,Run
    }

    public void keepLog(boolean newValue) throws IOException {
-        checkPermission(UPDATE);
+        checkPermission(newValue ? UPDATE : DELETE);
        keepLog = newValue;
        save();
    }