Critical regression in Jenkins 2.80
378 views
Skip to first unread message
Daniel Beck
Sep 27, 2017, 12:24:03 PM9/27/17
to Jenkins Advisories
We have identified a critical regression in Jenkins 2.80 that results in the setup wizard being disabled for newly set up Jenkins instances. We are tracking this issue as JENKINS-47139.
This means that any security options enabled during the setup wizard initialization, most notably authorization and authentication, remain disabled. The Jenkins instance will be accessible to anonymous users without authentication, and they will have full (Administer) permissions, until an administrator restricts access.
We are currently preparing Jenkins 2.81 and strongly recommend new installations of Jenkins do not use 2.80.
Instances being updated from previous versions of Jenkins are not affected. This issue is limited to newly set up instances.
This means that any security options enabled during the setup wizard initialization, most notably authorization and authentication, remain disabled. The Jenkins instance will be accessible to anonymous users without authentication, and they will have full (Administer) permissions, until an administrator restricts access.
We are currently preparing Jenkins 2.81 and strongly recommend new installations of Jenkins do not use 2.80.
Instances being updated from previous versions of Jenkins are not affected. This issue is limited to newly set up instances.
Daniel Beck
Sep 28, 2017, 2:10:37 AM9/28/17
to jenkinsci-...@googlegroups.com
> On 27. Sep 2017, at 18:23, Daniel Beck <m...@beckweb.net> wrote:
>
> We are currently preparing Jenkins 2.81 and strongly recommend new installations of Jenkins do not use 2.80.
More information about this regression in the advisory we published here:
https://jenkins.io/security/advisory/2017-09-27/
Reply all
Reply to author
Forward
0 new messages