LTS is supposed to include critical security fixes too... otherwise it's just a version that stays around for a while.
https://groups.google.com/forum/?fromgroups=#!topic/jenkinsci-advisories/P32IpTQNT5o https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 "Slaves that are started via Java Web Start will fail to reconnect if the *.jnlp file is locally stored. This is because the authentication tokens change. An administrator would have to login to the UI, retrieve the *.jnlp file and overwrite what's already on the slave. A slave that was launched via Java Web Start and then turned into a service through its menu falls into this category." My understanding of this issue, and until now I have stayed off contributing to the security advisory list as I don't want that to be seen as too CloudBees heavy (there's already KK & Jesse on the list and perhaps Ryan and Nicolas too), is that there was no other way to fix the issue at hand. Perhaps the changelog (http://jenkins-ci.org/changelog-stable) could have given a link to the Security Advisory, or at least mentioned that there were manual steps to be taken... that would be a good issue to put before the biweekly jenkins project meetings (at a time when I am cooking dinner, hence why I am never on them) -Stephen On 13 February 2013 13:39, Les Mikesell <lesmikes...@gmail.com> wrote: > So, does that mean surprising changes should go undocumented and even > backed into revs where they are more surprising? Or did I just miss > the part in the release notes that said previously-working systems > would break? > > > On Wed, Feb 13, 2013 at 2:57 AM, Stephen Connolly > <stephen.alan.conno...@gmail.com> wrote: > > IIRC this was fallout from fixing a critical security issue > > > > > > On 12 February 2013 16:21, Les Mikesell <lesmikes...@gmail.com> wrote: > >> > >> On Tue, Feb 12, 2013 at 9:37 AM, Fisher, Allen <afis...@makemusic.com> > >> wrote: > >> > I did notice something interesting. If I launch via the website, the > >> > slaves > >> > will connect, until I install the service. After that, they don’t > >> > connect. > >> > >> If it works when you are authenticated in the browser before > >> launching, but not as a service it is because the system changed to > >> require slaves to authenticate via jnlp but it seems to be mostly > >> broken. I changed mine to start via ssh (linux) and 'let jenkins > >> control this windows slave" on the windows systems where that worked. > >> Not sure what to do about the windows 2008 systems where none of that > >> works. > >> > >> If you are on a private firewalled LAN, you might be OK with allowing > >> anonymous read and slave connect in your main authorization matrix to > >> restore the old behavior. > >> > >> By the way - was this change documented somewhere for the LTS 1.480.2 > >> release?. I had seen the problem mentioned for 1.49x versions but > >> wasn't expecting it in 1.480.2. - and I thought the point of the LTS > >> line was to avoid surprises. > >> > >> -- > >> Les Mikesell > >> lesmikes...@gmail.com > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Jenkins Users" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to jenkinsci-users+unsubscr...@googlegroups.com. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Jenkins Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to jenkinsci-users+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
