commit | 93a2c057829cdbc9abb8189038c05f9ad26fa5c6 | [log] [tgz] |
---|---|---|
author | Luca Milanesio <luca.milanesio@gmail.com> | Mon Jan 29 20:26:03 2024 +0000 |
committer | Luca Milanesio <luca.milanesio@gmail.com> | Mon Jan 29 21:43:17 2024 +0000 |
tree | 9781763fb0ffd2f302285f53fd30e708a9ff8214 | |
parent | ba36a085ae4dc0f73e084433b83876969558f941 [diff] |
Add workaround for mitigating CVE-2024-23897 The CVE-2024-23897 allows any anonymous user to access any files on the filesystem by exploiting the ability of args4j to access files content as parameters. Until Jenkins gets upgraded to at least 2.442, LTS 2.426.3 make sure that the CLI is fully disabled, using the workaround suggested at [1]. [1] https://www.jenkins.io/security/advisory/2024-01-24/ Bug: Issue 322839800 Change-Id: I1bd6d8c2506ff0cc9cf40b76f2306b080d0a7ef8
This project uses Jenkins Jobs Builder [1] to generate jobs from yaml descriptor files.
To add new jobs reuse existing templates, defaults etc. as much as possible. E.g. adding a job to build an additional branch of a project may be as easy as adding the name of the branch to an existing project.
To ensure well readable yaml-files, use yamllint [2] to lint the yaml-files. Yamllint can be downloaded using Python Pip:
pip3 install --require-hashes yamllint
To run the linter, execute this command from the project's root directory:
yamllint -c yamllint-config.yaml jenkins/**/*.yaml
Yamllint will not fix detected issues itself.
[1] https://docs.openstack.org/infra/jenkins-job-builder/index.html [2] https://pypi.org/project/yamllint/