hudson javaone meetup meet with fellow hudson users and developers sept. 19th in SF
improved matrix project support read up on some of the nitty-gritty bits of Kohsuke's recent label/matrix project improvements
Latest release (2010.08.27): Security Fix! Hudson 1.365 Released
The Hudson team has released Hudson 1.365 which contains a critical security fix! A security advisory released yesterday by InfraDNA goes on to explain the hole with more detail:
This vulnerability allows an attacker to read arbitrary files in the server file system whose path names are known, by sending malicious HTTP GET requests. While such access is still subject to the normal access control enforced by the operating system, Hudson can still leak "secrets" possessed by Hudson
The vulnerability inside of Hudson affects Hudson instances running inside the embedded Winstone container, instances behind Glasshfish or Jetty (for example) are not subject to this vulnerability. Instances running behind a reverse proxy such as mod_proxy or Nginx.
Hudson system administrators should subscribe to either the security advisories RSS feed or the advisories@ mailing list
You can go grab the latest .war file straight from our OSL mirror or if you're using a native package, use your package manager to upgrade.
Bookmark/Search this post with:
Digg
StumbleUpon
Reddit
Facebook
