#46: upgrade
jenkins.ovirt.org to latest LTS version
-----------------------+------------------------
Reporter: eedri | Owner: infra@…
Type: outage | Status: new
Priority: critical | Milestone: oVirt 3.3
Component: Jenkins | Version: Production
Severity: High | Keywords:
Blocked By: | Blocking:
-----------------------+------------------------
due to recent security vulnerabilities we must upgrade our jenkins master
server.
What's new in 1.509.1 (2013/05/01)
FilePath.installIfNecessaryFrom routes download over remoting channel
(issue 17330)
Add 'Are you sure' on Reload configuration from disk (issue 15340)
MavenAbstractArtifactRecord.doRedeploy should require POST (SECURITY-69)
Hover-over "Build Now" broken for parameterized jobs: "This page expects
a
form submission" (issue 17110)
XSS issue, where an internal attacker can cause a remote stylesheet to be
loaded and containing scripts executed. (SECURITY-67)
CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload
into buffer (SECURITY-71)
Jenkins.doEval checks ADMINISTER rather than RUN_SCRIPTS; doScript CSRF
(SECURITY-63)
Jenkins is no more WinXP compliant : CreateSymbolicLinkW is not available
(issue 17343)
probably best to backup the configuration 1st and then upgrade.
--
Ticket URL: <
https://fedorahosted.org/ovirt/ticket/46>
ovirt <
http://www.ovirt.org/>
oVirt - virtualization made easy.