Allan Burdajewicz
Allan Burdajewicz
This solution has limitation I think. The extension is not used when polling: * https://github.com/jenkinsci/git-plugin/blob/6525c2714322563fb3ae339e6b1d43500311f31c/src/main/java/hudson/plugins/git/GitSCM.java#L726 * https://github.com/jenkinsci/git-plugin/blob/6525c2714322563fb3ae339e6b1d43500311f31c/src/main/java/hudson/plugins/git/GitSCM.java#L802 Maybe it's best to wait for https://github.com/jenkinsci/git-plugin/pull/1649 .. That would complement what we...
[git-plugin 5.5.0](https://github.com/jenkinsci/git-plugin/releases/tag/git-5.5.0) has been released. Added a temporary dependency in the pom until that version of git is included in the BOM. Updated the BOM. cc @jenkinsci/bitbucket-branch-source-plugin-developers
@jglick The decorator would solve the leakage in the console output but I recall another source.. I think the "Changes" page that of a job with [GitSCM that displays the...
I was thinking of splitting this into 2 PRs. * PR-1: One PR that remove the `GitClientAuthenticatorExtension` when using SSHCheckoutTrait. * PR-2: One PR that re-add the credentials ID We...
@nfalco79 Thanks for the help. Can we get a release of the first part ? The automated release did not kick in because it misses required labels. Then I can...
@nfalco79 turns out git-plugin already moved to 2.479.1 baseline so I had to bump this requirement here too.
From https://www.jenkins.io/doc/developer/publishing/releasing-cd/#releasing: > You can also trigger a deployment explicitly, if the current commit has a passing check from Jenkins. Visit https://github.com/jenkinsci/your-plugin/actions?query=workflow%3Acd and click Run workflow.
Yeah this is a caveat of the current design with Authenticator I guess. It is not 100% clear what users, among the one impacted by the missing credentials ID, were...
@Pldi23 Why was `Item.CONFIGURE` required as part of SECURITY-2033 on the `/checkServerUrl` endpoint ? According to https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2033, it was about an attacker being able to enumerate credentials ID which does...
@Pldi23 With the fix I propose, only authenticated and authorized users could access the bitbucket URL. So per my understanding those endpoints are still safe.