Slaves installed as a service stores the secret token information in the startup configuration file, such as /etc/init/jenkins-slave-*.conf (Linux), /System/Library/LaunchDaemons/org.jenkins-ci.slave.*.plist (OS X), or $SLAVE_ROOT/jenkins-slave.xml (Windows). Look for seemingly meaningless hex-encoded token in this file (which is passed as an argument to the the Java program).
Now download the JNLP file again for that slave from Jenkins Web UI, then look for a similar seemingly meaningless hex-encoded token in that file. Overwrite the local version with what's now in JNLP, and it'd be good to go. If you aren't sure, you can also simply re-install the slave agent again. Existing slave agent will do no harm since it will not be able to connect back. 2013/1/11 <stuart.gr...@doccentrics.com> > > Thanks for the info, but how is this change applied to a linux slave? > > On Tuesday, 8 January 2013 02:50:39 UTC, Kohsuke Kawaguchi wrote: > >> This is unfortunately a necessary measure. >> >> See the "Fix" section in >> https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 >> >> >> -- >> Kohsuke Kawaguchi >> > -- Kohsuke Kawaguchi
