Hot on the heels of Hudson 1.370, which was released last Friday, the Hudson team released 1.371 which addresses a critical vulnerability in all Hudson versions prior to 1.371. The vulnerability was disclosed by InfraDNA in the following security advisory, which details the issue: This critical vulnerability allows an attacker to use CLI commands that they are otherwise unauthorized for. CLI commands can perform various...
Regular readers will recognize that I’ve been slacking off quite a bit lately with my release announcements, my apologies. With the release of 1.368 on Sunday, which fixed a few fairly important bugs, I figured I’d dusty off my blogging fedora and give this a shot. This release has three bug fixes in it which were causing some issues for some users, particularly those deploying...
The Hudson team has released Hudson 1.365 which contains a critical security fix! A security advisory released yesterday by InfraDNA goes on to explain the hole with more detail: This vulnerability allows an attacker to read arbitrary files in the server file system whose path names are known, by sending malicious HTTP GET requests. While such access is still subject to the normal access control enforced by the...
Last week, friend-of-Hudson Leandro Nunes sent the following message to the users mailing list regarding his upcoming talk on continuous integration and Hudson: Next month I will present a talk about Hudson in the 11th International Free Software Forum (FISL 11), held in Porto Alegre Brazil (detailed time and date of the talk are not yet scheduled so). FISL 11 is one of the biggest free software events...
Recently our fearless leader, Kohsuke Kawaguchi, was invited by the nice folks over at Digg to give a tech talk about continuous integration and automated testing. The Digg engineering team is full of believers in continuous integration, including our very own Andrew Bayer (abayer). Being big users of the Sauce Labs service to drive their vast Selenium test suite, the house was packed with...
Hello again! It’s been a long time since I’ve written for the Hudson community, but now I’m back and ready to tackle some of the latest developments in the Hudson community. What is Hudson Labs? As you may have read in April, Kohsuke left Oracle to found InfraDNA, a company specializing around Hudson. The departure meant the Hudson community would no longer have access to some...
After Hudson got some major publicity at PyCon Atlanta 2010 I haven’t been as quick as I would have liked with Python-related posts and tutorials. I use Hudson to build and test a number of pure Python modules and C extensions across numerous Python versions (covering 2.4 - 3.1). For most beginners, or those simply looking to get started with Python on Hudson, starting...
Month-long worldwide event to support open source software. Jenkins participates in it!