An extensible open source continuous integration server
Submitted by kohsuke on Thu, 2014-09-25 15:26
I suspect many of you have been impacted by CVE-2014-6271 (aka "shellshock" bash vulnerability.) We had our share of updates to do for various *.jenkins-ci.org servers.
Java application servers in general (including one that ships in Jenkins) do not fork off processes like Apache does to serve requests, so the kind of CGI attacks you see on Apache does not apply. We are currently unaware of any vulnerabilities in Jenkins related to CVE-2014-6271, and no plan to issue a patch for that.
That said, we did come up with one possible way attackers can exploit vulnerable bash through Jenkins, that you might want to be aware of.
When a build is parameterized, parameters are passed to the processes Jenkins launch as environment variables.
Submitted by kohsuke on Wed, 2014-09-24 14:54
The usual suspects, such as CloudBees, XebiaLabs, SOASTA, PuppetLabs, et al are doing a Jenkins-themed continuous delivery event series called "cdSummit." The event is free, has a nice mix of user/vendor talks, and has an appeal to managers and team leads who are working on and struggling with continuous delivery and automation.
I've spoken in the past events, and I enjoyed the high-level pitches from various speakers.
The last two events at Paris and London filled up completely, so I suspect others have liked them, too.
If you live near Chicago, Washington DC, or San Francisco, check out the date and see if you can make it. RSVP is from here. If you do, be sure to pick up Jenkins stickers and pin badges!
Submitted by kohsuke on Thu, 2014-08-28 13:09
JUC SF on October 23, 2014 is shaping up to be bigger and better this year.
Here’s what we have in store for you!
We’ve received a record high of 40 stellar proposals this year. To accommodate the many community proposals, we’ve decide to add a third track to the
agenda. JUC SF sessions are now available for you to view. We have speakers from Google,
Target, Gap, Cloudera, Ebay, Chicago Drilling Company, and much more. Register now for early bird price.
The early bird price is only good until September 21, 2014.
If you can’t attend the conference in person, Track 1 sessions will be available via live
stream, it’s all free. Brought to you by CloudBees. Registration for JUC SF live stream is here.
Submitted by kohsuke on Mon, 2014-08-11 10:44
This is a guest post from Tom Fennelly
Over the last number of weeks we've been trying to "refresh" the Jenkins UI, modernizing the look and feel a bit. This has been a real community effort, with collaboration from lots of people, both in terms of implementation and in terms of providing honest/critical feedback. Lots of people deserve credit but, in particular, a big thanks to Kevin Burke and Daniel Beck.
You're probably familiar with how the Jenkins UI currently looks, but for the sake of comparison I think it's worth showing a screenshot of the current/old UI alongside a screnshot of the new UI.
Current / Old Look & Feel
New Look & Feel
Among other things, you'll see: