[JENKINS-67173] Remove agent-to-controller kill switch, FilePath support for a2c, etc. - Jenkins Jira

XML

Word

Printable

Details

Type: Epic
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: core
Labels:
- security

Epic Name:
Agent-to-controller security simplification
Similar Issues:

Show
Released As:
2.326

Description

Followup to https://www.jenkins.io/security/advisory/2021-11-04/ :

Remove the ability to disable agent-to-controller access control
Remove the customizable callable allowlist
Remove the capability for FilePath methods to operate in the agent-to-controller direction
- Remove the customizable file path filter allowlist supporting this
Deprecate SlaveToMasterFileCallable

Attachments

Issue Links

links to

jenkinsci/jenkins#5884

jenkinsci/jenkins#5885

jep #381

JEP-235

Activity

Ascending order - Click to sort in descending order

Daniel Beck added a comment - 2021-11-25 12:44

Proposed JEP: https://github.com/jenkinsci/jep/pull/381

Daniel Beck added a comment - 2021-11-25 12:44 Proposed JEP: https://github.com/jenkinsci/jep/pull/381

Daniel Beck added a comment - 2022-01-05 11:10 - edited

The core changes were delivered in Jenkins 2.326. Some plugins still need adapting, but that's up to their maintainers.

Daniel Beck added a comment - 2022-01-05 11:10 - edited The core changes were delivered in Jenkins 2.326. Some plugins still need adapting, but that's up to their maintainers.

People

Assignee:: Daniel Beck

Reporter:: Daniel Beck

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021-11-18 18:00

Updated:: 2022-01-05 11:12

Resolved:: 2022-01-05 11:10