Branch: refs/heads/stable-2.8
Home: https://github.com/jenkinsci/git-client-plugin
Commit: 883343de9f0ea1567b192510493d810e8cfa5419
https://github.com/jenkinsci/git-client-plugin/commit/883343de9f0ea1567b192510493d810e8cfa5419
Author: Mark Waite <[email protected]>
Date: 2019-09-06 (Fri, 06 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Log Message:
-----------
Options should precede operands to git commands
Commit: 04d2c155d19a37ae28ffe2345e0e2ccd96556b07
https://github.com/jenkinsci/git-client-plugin/commit/04d2c155d19a37ae28ffe2345e0e2ccd96556b07
Author: Mark Waite <[email protected]>
Date: 2019-09-06 (Fri, 06 Sep 2019)
Changed paths:
A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java
Log Message:
-----------
Add SECURITY-1534 tests
Commit: 899123fa2eb9dd2c37137aae630c47c6be6b4b02
https://github.com/jenkinsci/git-client-plugin/commit/899123fa2eb9dd2c37137aae630c47c6be6b4b02
Author: Mark Waite <[email protected]>
Date: 2019-09-06 (Fri, 06 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Log Message:
-----------
[SECURITY-1534] Prevent remote execution by repo URL
SECURITY-1534 reports that user input in the repository URL field is not
validated sufficiently. A carefully crafted value in the URL field can
allow a user with Job administration permissions to execute an arbitrary
program on the Jenkins master.
Sanity check the values passed as repository URL to the ls-remote and
fetch commands so that user entered data cannot execute arbitrary programs
on the Jenkins master.
Use -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL=false
to disable URL checking.
Commit: 701c12c1b40d509fddbdf547818baf483b57415d
https://github.com/jenkinsci/git-client-plugin/commit/701c12c1b40d509fddbdf547818baf483b57415d
Author: Mark Waite <[email protected]>
Date: 2019-09-07 (Sat, 07 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
M src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java
Log Message:
-----------
Test with remote URL checking enabled and disabled
Randomize remote check test, test a subset for speed.
Don't assert expected message when testing with remote URL checks
disabled. The assertion messages come from command line git and vary
depending on the version of git installed on the computer. Not reliable
across multiple git versions.
Ignore marker file existence in some tests
If a test has remote URL checking disabled, then it is expected that
some cases will allow the marker file to be created. Only check for
the marker file when running with remote URL checking enabled.
Commit: ce1b99ec62038466ee40401894bcd99901934f59
https://github.com/jenkinsci/git-client-plugin/commit/ce1b99ec62038466ee40401894bcd99901934f59
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare release git-client-2.8.5
Commit: 7d5e0b388ee4a264556c56718571caddcf793b44
https://github.com/jenkinsci/git-client-plugin/commit/7d5e0b388ee4a264556c56718571caddcf793b44
Author: Mark Waite <[email protected]>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare for next development iteration
Compare:
https://github.com/jenkinsci/git-client-plugin/compare/04f6e15d6059...7d5e0b388ee4
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/git-client-plugin/push/refs/heads/stable-2.8/04f6e1-7d5e0b%40github.com.
