Branch: refs/heads/master
Home: https://github.com/jenkinsci/remoting
Commit: 6000a6f0eef6ed71c66ee07ed076395cc8f65caf
https://github.com/jenkinsci/remoting/commit/6000a6f0eef6ed71c66ee07ed076395cc8f65caf
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-10 (Tue, 10 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
A src/test/java/hudson/remoting/DefaultClassFilterTest.java
Log Message:
-----------
[SECURITY-218] Allow a user to specificy the blacklisted classes.
We want a user to be able to blacklist classes without unpacking wars or
changing code, so provide a mechanism for an administrator to set a
property (hudson.remoting.ClassFilter.DEFAULTS_OVERRIDE_LOCATION) to point
at a file that contains a list of regular expressions. A match in the
RegExp signifies that the class should be blacklisted.
Commit: e00669b08ba60a1822833a0e96bc384726fb4d13
https://github.com/jenkinsci/remoting/commit/e00669b08ba60a1822833a0e96bc384726fb4d13
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-10 (Tue, 10 Nov 2015)
Changed paths:
M pom.xml
M src/main/java/hudson/remoting/ChannelBuilder.java
M src/main/java/hudson/remoting/ClassFilter.java
M src/main/java/hudson/remoting/ObjectInputStreamEx.java
M src/test/java/hudson/remoting/DefaultClassFilterTest.java
Log Message:
-----------
fix the codes use of the public static.
make sure we are using Linux line ends.
workround bug in javac (if you import org.hamcrest.BaseMatcher then the
compilation fails as if it can not resolve BaseMatcher)
Commit: 1d59ff3ca1da35a062acf11a49a678a2d0456f21
https://github.com/jenkinsci/remoting/commit/1d59ff3ca1da35a062acf11a49a678a2d0456f21
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-10 (Tue, 10 Nov 2015)
Changed paths:
M pom.xml
Log Message:
-----------
hamcrest shoukd be test scope
Commit: 9e2adc60ec2dd48a8da80b69caef748c2775c800
https://github.com/jenkinsci/remoting/commit/9e2adc60ec2dd48a8da80b69caef748c2775c800
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-11 (Wed, 11 Nov 2015)
Changed paths:
M pom.xml
Log Message:
-----------
fix broken pom
Commit: 7621980ea4ae6b50ac0883fb1513cdb004909d92
https://github.com/jenkinsci/remoting/commit/7621980ea4ae6b50ac0883fb1513cdb004909d92
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-11 (Wed, 11 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
remove volatile from ClassFilter.DEFAULT
Commit: 88e658101875cc9755e590911a426e8bf49fe893
https://github.com/jenkinsci/remoting/commit/88e658101875cc9755e590911a426e8bf49fe893
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-11 (Wed, 11 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
Fix logging lines containing 'load load'
Commit: a865b02d15c2cf7ee4bd05b9ef24f1f7ee5c8842
https://github.com/jenkinsci/remoting/commit/a865b02d15c2cf7ee4bd05b9ef24f1f7ee5c8842
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-11 (Wed, 11 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
add CheckForNull to helper function.
Commit: b7a5f494d93d23c1ff2c690d1a67687bc807ec66
https://github.com/jenkinsci/remoting/commit/b7a5f494d93d23c1ff2c690d1a67687bc807ec66
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-11 (Wed, 11 Nov 2015)
Changed paths:
M src/test/java/hudson/remoting/DefaultClassFilterTest.java
Log Message:
-----------
Add copyright statement.
Commit: 4717016bf449a44c075d8e55c81615906c619543
https://github.com/jenkinsci/remoting/commit/4717016bf449a44c075d8e55c81615906c619543
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-11 (Wed, 11 Nov 2015)
Changed paths:
A src/test/java/hudson/remoting/RegExpBenchmark.java
Log Message:
-----------
added a benchmark as requested by @oleg-nenashev
Commit: dd034a110175e29a0e30691ad996742649eb1fe5
https://github.com/jenkinsci/remoting/commit/dd034a110175e29a0e30691ad996742649eb1fe5
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-11 (Wed, 11 Nov 2015)
Changed paths:
M src/test/java/hudson/remoting/RegExpBenchmark.java
Log Message:
-----------
fix benchmark and optimize regexp
Commit: 647f76bd6193c668d754358f2c77cea76f25e49d
https://github.com/jenkinsci/remoting/commit/647f76bd6193c668d754358f2c77cea76f25e49d
Author: James Nord <jnord+git...@cloudbees.com>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
hudson.cli.Connection uses ClassFilter.Default.
@jglick notes that it is safer to retain the backwards compatability than
to fix the above class to use the new code.
Commit: 9ce77a5bd3e412925ceb6901fcabde066e3eb1aa
https://github.com/jenkinsci/remoting/commit/9ce77a5bd3e412925ceb6901fcabde066e3eb1aa
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M pom.xml
M src/main/java/hudson/remoting/ChannelBuilder.java
M src/main/java/hudson/remoting/ClassFilter.java
M src/main/java/hudson/remoting/ObjectInputStreamEx.java
A src/test/java/hudson/remoting/DefaultClassFilterTest.java
A src/test/java/hudson/remoting/RegExpBenchmark.java
Log Message:
-----------
Merge branch 'SECURITY-218-customizable-blacklist' into 2.53.x
This came from https://github.com/jenkinsci-cert/remoting/pull/4 but it
was accepted into 2.53.2 as a part of 1.625.3
Commit: 937fa06f72cd55d427e92571423d30d1f2838ff8
https://github.com/jenkinsci/remoting/commit/937fa06f72cd55d427e92571423d30d1f2838ff8
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ChannelBuilder.java
M src/main/java/hudson/remoting/ClassFilter.java
M src/main/java/hudson/remoting/ObjectInputStreamEx.java
M src/test/java/hudson/remoting/DefaultClassFilterTest.java
Log Message:
-----------
Fixed the signature change in ClassFilter.NOOP
I get that James doesn't like public static final fields, but in this
case I think the change is overzealous. Let's respect how this was
originally done and stick to it. There are multiple good reasons.
There's a principle of minimizing a change for security fixes. This fix
is allowed to get into 1.625.3 through a slip-stream, so let's not make
changes that are not necessary.
Then there's added complexity in keeping the old signature working while
adding the new getDefaultFilter() method. The code as it was also
removed the final modifier from the field, which is not nice.
There's also no good reason why constants like NONE is ever going to be
something other than constants.
All in all I think the fix is not worth the complication at this point.
Commit: 813962ca09cbf970e3e9bbb8606b6d46d61a1851
https://github.com/jenkinsci/remoting/commit/813962ca09cbf970e3e9bbb8606b6d46d61a1851
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
INFO logging interferes with console apps that uses remoting.
JVM puts INFO logging to stdout by default, so if it's used by a CLI app
that needs to precisely control its output, it'll mess that up.
This includes Jenkins CLI.
To make up for the loss of ability to inspect what the actual rules are,
add the toString() method, so that for example Jenkins users can run
"print ClassFilter.DEFAULT" to find out the actual rules, not just that
the custom properties are in use.
Commit: d7e780ca99977762f0966b7b5a734627d54856ad
https://github.com/jenkinsci/remoting/commit/d7e780ca99977762f0966b7b5a734627d54856ad
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
Better to fail instead of fall back.
If the user did specify an override file, it's better to fail hard than
fall back to the default in case of a problem.
The situation I'm afraid of is that when Jenkins is using this, you can
make an erranous change to the override file and fail to realize that
your configuration change is not taking effect. Noticing that requires
an active act of looking into log files, which people don't do.
Commit: 6147555e8a02142196cf0ac27b22bce39f6a80ca
https://github.com/jenkinsci/remoting/commit/6147555e8a02142196cf0ac27b22bce39f6a80ca
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
Make it obvious that 'return null' is an error case
Accidental fall through doesn't happen in this way, and nesting level
gets less.
Commit: aa4901c5f85e62a3617222bda42cf00deec4de2f
https://github.com/jenkinsci/remoting/commit/aa4901c5f85e62a3617222bda42cf00deec4de2f
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
M src/test/java/hudson/remoting/DefaultClassFilterTest.java
Log Message:
-----------
Fixed up test cases
Commit: e5f18b4f10cdbb99a3206f80f3b5c76b55186243
https://github.com/jenkinsci/remoting/commit/e5f18b4f10cdbb99a3206f80f3b5c76b55186243
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M src/main/java/hudson/remoting/ClassFilter.java
Log Message:
-----------
Fixing findbugs warning.
This is a difficult call. but in the environment where the platform encoding is
not UTF-8, users expect to write such files in the platform default encoding.
The downside is that the definition file is now non-portable, though non-ASCII
class names are uncommon even among CJK users, and this file is really only
going to be used in Jenkins masters, so portability is less important compared
to something that needs to be on all slaves.
Commit: 2b4c8708a871faa84b483f4b757cd3c8a817d6cb
https://github.com/jenkinsci/remoting/commit/2b4c8708a871faa84b483f4b757cd3c8a817d6cb
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare release remoting-2.53.2
Commit: db9c9d913b59e2b9a6f26d9936fb36bddd8492e1
https://github.com/jenkinsci/remoting/commit/db9c9d913b59e2b9a6f26d9936fb36bddd8492e1
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare for next development iteration
Commit: 1e68eb88f1f9c9a7ad76270d54f703148c947476
https://github.com/jenkinsci/remoting/commit/1e68eb88f1f9c9a7ad76270d54f703148c947476
Author: Kohsuke Kawaguchi <k...@kohsuke.org>
Date: 2015-11-25 (Wed, 25 Nov 2015)
Changed paths:
M pom.xml
M src/main/java/hudson/remoting/ClassFilter.java
A src/test/java/hudson/remoting/DefaultClassFilterTest.java
A src/test/java/hudson/remoting/RegExpBenchmark.java
Log Message:
-----------
Merge branch '2.53.x'
Conflicts:
pom.xml
Compare:
https://github.com/jenkinsci/remoting/compare/47ae12122cdd...1e68eb88f1f9
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
