[Gluster-infra] Jenkins security update available 1.638

Michael Scherer mscherer at redhat.com
Mon Nov 23 23:15:25 UTC 2015

Le lundi 23 novembre 2015 à 13:16 -0500, Vijay Bellur a écrit :
> ----- Original Message -----
> > From: "Kaushal M" <kshlmster at gmail.com>
> > To: "gluster-infra" <gluster-infra at gluster.org>
> > Sent: Monday, November 23, 2015 1:54:38 AM
> > Subject: [Gluster-infra] Jenkins security update available 1.638
> > 
> > Hi, Jenkins 1.638 was released which fixes many security issues. More
> > details on the issues fixed can be found in the announcement [1].
> > 
> > As we've been looking forward to improve our infra security, I think
> > we should upgrade at once.
> > 
> > IIUC, jenkins is now installed using RPMs via the upstream repository.
> > So we should be able to easily update it to the latest version. If no
> > one has objections, I'll update the package and schedule a jenkins
> > restart.
> > 
> You can upgrade from the jenkins Web UI too. The nice thing about the UI is that it allows you to downgrade to the current version if the upgrade breaks something.

But that also mean that jenkins, if there is a security issue, can just
change its own code and so make any malware be persistant :/

I updated the rpm this morning (or afternoon), and just restarted
jenkins, tell me if there is issues.
(like, new issue)

Also, if someone want to help, I think jenkins-job-builder would be
great to use to track the job and config in git :)

Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20151124/0768a707/attachment.sig>

More information about the Gluster-infra mailing list