Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Improvement
Resolution: Fixed
Priority: Major
Component/s: github-plugin
Labels:
- issue-exported-to-github
- security

URL:
https://developer.github.com/webhooks/securing/
Released As:
https://github.com/jenkinsci/github-plugin/releases/tag/v1.21.0

For security reasons, it's quite important for this plugin to support an option to verify a "secret" token. This option was added some time ago, you basically configure a "secret" in the GitHub webhook end, so you know the requests you are receiving is really from GitHub. The GitHub Pull Request Builder plugin (ghprb) already supports it. It would be great if this plugin add support too.

is related to

JENKINS-37956 Missing notification about request with bad secret for GitHub plugin

Open

relates to

JENKINS-62097 Permit multiple webhook secrets to be registered

Resolved

links to

github-plugin #134

Assignee:: Kirill Merkushev
Reporter:: Leandro Lucarella

Created:: 2016-04-01 09:56
Updated:: 5 days ago 07:13
Resolved:: 2020-04-29 15:36
Archived:: 5 days ago 07:13

Details

Description

Attachments

Issue Links

Activity

People

Dates