Jesse Glick
Jesse Glick
@io7m looks to be https://github.com/spotbugs/spotbugs-maven-plugin/issues/423
A hybrid of the two: when choosing a push target for the first time, _prompt_ whether to remember it for this repository (and also offer a command to undo or...
> rather than introducing a new GitHub-CLI-specific mechanism to achieve the same result I am not familiar with all the options available in Git here, but one way or another...
Yes, a thread is only handling one request at a time, and the context is thread local. The problem is that a single `SecurityContext` object may be in use by...
I am not very familiar with Spring Security but it seems `SecurityContextPersistenceFilter` uses the same basic mechanism. [The manual](http://static.springsource.org/spring-security/site/docs/3.1.x/reference/technical-overview.html#tech-intro-sec-context-persistence) warns about the exact vulnerability mentioned here, so it seems that...
OK. On vacation for a bit but will keep this on my radar.
Simply checking for ``` SecurityContextHolder.getContext().setAuthentication(…); ``` might suffice. I am not sure if there are legitimate use cases for this.
Sorry for my slow responses here. I encountered the issue in Jenkins, which is still using an old version of ACEGI Security, so it is probably not the best source...
OK that much I should be able to do, give me a week until I am slightly less busy…
Another tool in this vein is `jx shell`: [docs](https://jenkins-x.io/commands/jx_shell/); [key bit of sources](https://github.com/jenkins-x/jx/blob/3b0a128b389a3e91dff759f7f711cecae634667c/pkg/cmd/shell.go#L134-L156)