Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67173

Remove agent-to-controller kill switch, FilePath support for a2c, etc.

    XMLWordPrintable

Details

    • Agent-to-controller security simplification
    • 2.326

    Description

      Followup to https://www.jenkins.io/security/advisory/2021-11-04/ :

      • Remove the ability to disable agent-to-controller access control
      • Remove the customizable callable allowlist
      • Remove the capability for FilePath methods to operate in the agent-to-controller direction
        • Remove the customizable file path filter allowlist supporting this
      • Deprecate SlaveToMasterFileCallable

       

      Attachments

        Activity

          danielbeck Daniel Beck added a comment - Proposed JEP: https://github.com/jenkinsci/jep/pull/381
          danielbeck Daniel Beck added a comment - - edited

          The core changes were delivered in Jenkins 2.326. Some plugins still need adapting, but that's up to their maintainers.

          danielbeck Daniel Beck added a comment - - edited The core changes were delivered in Jenkins 2.326. Some plugins still need adapting, but that's up to their maintainers.

          People

            danielbeck Daniel Beck
            danielbeck Daniel Beck
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: