The Hudson team has released Hudson 1.365 which contains a critical security fix! A security advisory released yesterday by InfraDNA goes on to explain the hole with more detail:
This vulnerability allows an attacker to read arbitrary files in the
server file system whose path names are known, by sending malicious
HTTP GET requests. While such access is still subject to the normal
access control enforced...
It's been quite a while since I posted a Hudson links-roundup post, so without further ado, here goes nothing
Max tells us about using Hudson with Symbian's CodeScanner tool.
Running slaves on Mac OS X? Mirko has some handy launchctl foo for keeping his JNLP slaves online
Scott threw up a great configuration sample for running Hudson with an Nginx reverse...
Hudson, like all web applications, is not immune from vulnerabilities that could open up attack vectors for malicious use. What puts Hudson in a league of its own compared to others is its ability to execute arbitrary commands on slave machines, or in the case of the EC2 plugin, execute arbitrary commands "in the cloud." In light of all this, Hudson is quite secure...
Last week, friend-of-Hudson Leandro Nunes sent the following message to the users mailing list regarding his upcoming talk on continuous integration and Hudson:
Next month I will present a talk about Hudson in the 11th
International Free Software Forum (FISL 11), held in Porto Alegre
Brazil (detailed time and date of the talk are not yet scheduled so).
FISL 11 is one of the biggest free...
Recently our fearless leader, Kohsuke Kawaguchi, was invited by the nice folks over at Digg to give a tech talk about continuous integration and automated testing. The Digg engineering team is full of believers in continuous integration, including our very own Andrew Bayer (abayer). Being big users of the Sauce Labs service to drive their vast Selenium test suite, the house was packed with...
Way back in March, I asked you all: Want some Hudson stickers?
Turns out, a lot of you do! Thanks to a huge amuont of help by my future wife , the first shipment of Hudson stickers went into the mail last week. This first shipment was only to United States addresses! If you live outside of the U.S., or if you requested more...
Last Friday the Hudson team released release 1.363 which is yet another mixed bag of enhancements and bug fixes. Along with the usual bunch of fixes, this release includes a number of localization updates courtesy of a team of Hudson community volunteers participating in the Hudson Internationalization project.
It is also worth noting that this post is being published on Tuesday, contrary to the schedule...
The 1.362 release of Hudson has a few bug-fixes and a few minor enhancements, all together a good stabilization release. Not too much interesting to discuss so straight on to the changelog!
Restored optional container-based authentication for CLI.