1. Unfortunately, I have upgraded to ver 1.378 and any user can run the cli without the proper credential. e.g, to put hudson in a prepare shutdown mode, etc.
Hence this is a security issue.
I use Active Directory for the user authentication.
>java -jar hudson-cli.jar -s http://<valid server URL> quiet-down
Any user can run the above cmd, even the anonymous user has a READ only access.
The system was accepted the above cmd and put hudson in the prepare shutdown mode without proper authentication. Since it failed anyway, see item#3 below.
2. The cli has only has a limited option now? not even login/logout option?
java -jar hudson-cli.jar -s http://<valid server URL> help
Builds a job, and optionally waits until its completion.
Cancel the effect of the "quiet-down" command.
Clears the build queue
Reconnect to a node
Copies a job
Creates a new job by reading stdin as a configuration XML file
Deletes build record(s)
Deletes a job
3. the login cli does not prompt what are the correct arguments, e.g
java -jar hudson-cli.jar -s http://<valid server URL> login --username <valid user> --password <valid passwd>
--username" is not a valid option
java -jar hudson-cli.jar login args...
***what will be the valid login args ...?????*****
Thanks and Regards,