The Hudson team has released Hudson 1.365 which contains a critical security fix! A security advisory released yesterday by InfraDNA goes on to explain the hole with more detail: This vulnerability allows an attacker to read arbitrary files in the server file system whose path names are known, by sending malicious HTTP GET requests. While such access is still subject to the normal access control enforced by the...
Hudson, like all web applications, is not immune from vulnerabilities that could open up attack vectors for malicious use. What puts Hudson in a league of its own compared to others is its ability to execute arbitrary commands on agent machines, or in the case of the EC2 plugin, execute arbitrary commands "in the cloud." In light of all this, Hudson is quite secure...
It’s been quite a while since I posted a Hudson links-roundup post, so without further ado, here goes nothing Max tells us about using Hudson with Symbian’s CodeScanner tool. Running agents on Mac OS X? Mirko has some handy launchctl foo for keeping his JNLP agents online Scott threw up a great configuration sample for running Hudson with an Nginx reverse proxy with SSL Mark walks us through...
Last week, friend-of-Hudson Leandro Nunes sent the following message to the users mailing list regarding his upcoming talk on continuous integration and Hudson: Next month I will present a talk about Hudson in the 11th International Free Software Forum (FISL 11), held in Porto Alegre Brazil (detailed time and date of the talk are not yet scheduled so). FISL 11 is one of the biggest free software events...
Recently our fearless leader, Kohsuke Kawaguchi, was invited by the nice folks over at Digg to give a tech talk about continuous integration and automated testing. The Digg engineering team is full of believers in continuous integration, including our very own Andrew Bayer (abayer). Being big users of the Sauce Labs service to drive their vast Selenium test suite, the house was packed with...
Way back in March, I asked you all: Want some Hudson stickers? Turns out, a lot of you do! Thanks to a huge amuont of help by my future wife, the first shipment of Hudson stickers went into the mail last week. This first shipment was only to United States addresses! If you live outside of the U.S., or if you requested more than...
Last Friday the Hudson team released release 1.363 which is yet another mixed bag of enhancements and bug fixes. Along with the usual bunch of fixes, this release includes a number of localization updates courtesy of a team of Hudson community volunteers participating in the Hudson Internationalization project. It is also worth noting that this post is being published on Tuesday, contrary to the schedule...
The 1.362 release of Hudson has a few bug-fixes and a few minor enhancements, all together a good stabilization release. Not too much interesting to discuss so straight on to the changelog! Bugs Restored optional container-based authentication for CLI. (issue 6587) Fix javascript error when a plugin uses an empty dropdownList, resulting in LOADING overlay being left up. (issue 6542) Enhancements Add setting so job views may show only...
The Jenkins Contributor Summit brings together current and future contributors to the Jenkins project. At this event we will talk about the current state of the project and its future evolution.