-
Bug
-
Resolution: Incomplete
-
Minor
-
None
-
We installed Active choice parameter 2.5.7 version, which is compatible for Jenkins 2.222.4 and it dependency plugins (Script security 1.78 version, owasp markup formatter 1.5 version, caffeine api 2.9.2-29.v717aac953ff3).
To reflect the changes I restarted the jenkins, after restart I am unable to see Jenkins jobs and strangely I found that caffeine api latest version installed which is not compatible with our Jenkins. Then I downgraded caffeine api plugin to compatible version.
Now I can see jobs and able to deploy those successfully. But now without login we can see the job details and console out put etc. When we refreshed Jenkins page after session timeout it should redirect to login page, but that is also not happening. This is security breach for us, can anyone help us on this.
Environment details:
Jenkins version: 2.222.4 (deployed in docker container)
jdk version: 1.8.0_242-b08 (oracle jdk)
java.vm.name : OpenJDK 64-Bit Server VM
oa name: linx
os version: 3.10.0-1160.105.1.el7.x86_64We installed Active choice parameter 2.5.7 version, which is compatible for Jenkins 2.222.4 and it dependency plugins (Script security 1.78 version, owasp markup formatter 1.5 version, caffeine api 2.9.2-29.v717aac953ff3). To reflect the changes I restarted the jenkins, after restart I am unable to see Jenkins jobs and strangely I found that caffeine api latest version installed which is not compatible with our Jenkins. Then I downgraded caffeine api plugin to compatible version. Now I can see jobs and able to deploy those successfully. But now without login we can see the job details and console out put etc. When we refreshed Jenkins page after session timeout it should redirect to login page, but that is also not happening. This is security breach for us, can anyone help us on this. Environment details: Jenkins version: 2.222.4 (deployed in docker container) jdk version: 1.8.0_242-b08 (oracle jdk) java.vm.name : OpenJDK 64-Bit Server VM oa name: linx os version: 3.10.0-1160.105.1.el7.x86_64
We installed Active choice parameter 2.5.7 version, which is compatible for Jenkins 2.222.4 and it dependency plugins (Script security 1.78 version, owasp markup formatter 1.5 version, caffeine api 2.9.2-29.v717aac953ff3).
To reflect the changes I restarted the jenkins, after restart I am unable to see Jenkins jobs and strangely I found that caffeine api latest version installed which is not compatible with our Jenkins. Then I downgraded caffeine api plugin to compatible version.
Now I can see jobs and able to deploy those successfully. But now without login we can see the job details and console out put etc. When we refreshed Jenkins page after session timeout it should redirect to login page, but that is also not happening. This is security breach for us, can anyone help us on this.
In Mange Jenkins > Configure Global Security> Authorization , we selected Role-Based Stratagy
Environment details:
Jenkins version: 2.222.4 (deployed in docker container)
jdk version: 1.8.0_242-b08 (oracle jdk)
java.vm.name : OpenJDK 64-Bit Server VM
oa name: linx
os version: 3.10.0-1160.105.1.el7.x86_64
