News

2015 Jenkins User Conferences - Call for Papers

The Jenkins User Conference 2015 is seeking submissions that reflect the latest innovations in Jenkins usage.

Office Hours tomorrow: workflow security model & plugin compatibility

In tomorrow's Jenkins office hours, Jesse Glick will talk about two topics in the workflow plugin that he has been asked about:

  • Security model: script security, permissions
  • Plugin compatibility: SimpleBuildStep and friends, custom steps, etc.

The session should be interesting to anyone using workflow or thinking about using workflow. Jesse is one of the top contributors in the community, so it'd be definitely worth your time!

#BreakingBuilds

A lot of us has grown fond of our loyal butler Mr.Jenkins over time, which was created by Frontside and chosen as a result of a logo contest. In the true open-source style, the logo has since evolved into many different derivative works, such as a plugin, a 3D model, and a bobble head.

Our friends at CloudBees are running a #BreakingBuilds social media contest through Jan 5th to have some fun with Mr.Jenkins.

Mobile App for Jenkins User Conference Bay Area

Jenkins User Conference in Bay Area is this Thursday, and one of the new things this year is the mobile app.

There's an Android version as well as an iPhone version. I've installed it locally, and it's very handy for checking the agenda, get more info about speakers and sponsors.

CVE-2014-3566 "poodle" impact on Jenkins

Another day, another SSL vulnerability! Google has announced a vulnerability in SSL v3, and if you are using the "Winstone" servlet container built into Jenkins, and if you are using the HTTPS connector with the --httpsPort option (it is off by default), then you are vulnerable to this problem.

I've just issued a security advisory on this. If you haven't already subscribed to the Jenkins security advisory mailing list, this is a great opportunity to do so.

The advisory includes the target delivery vehicles for the fix and how you can address the problem in the mean time. Inside corporate intranet, where Jenkins is typically used, I suppose there's a degree of trust among participants to make this less of a problem.