Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [technology-pmc] Hudson 3.1 release

+1, you can always spin a 3.1.1


On Fri, Sep 6, 2013 at 7:14 AM, Duncan Mills <duncan.r.mills@xxxxxxxxx> wrote:
PMC Mambers - I thank Wayne for kicking things off in relation to Hudson 3.1 Release Review:

In the interests of full disclosure I wanted to make you aware of an issue that I've just added to the Security section of the document. This is an (legacy) issue documented in Bug 412488 which illustrates the potential for user impersonation in the Hudson Web UI under a particular set of circumstances if the  Hudson app is deployed in the unsecured HTTP mode on an untrusted network. We have a plan in place to address this issue but this additional hardening involves some significant library upgrades and so is scheduled for 3.2.0. In the short term there are simple workarounds (which also happen to be best practice) which I'm documenting in the release notes now.
Hopefully this will not effect your judgement on the release. We're hoping to squeeze this out in time for JavaOne… 
Thanks 
Duncan 

Regards 
Duncan Mills




_______________________________________________
technology-pmc mailing list
technology-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/technology-pmc




--
Cheers,

Chris Aniszczyk
http://aniszczyk.org
+1 512 961 6719

Back to the top