Page MenuHomePhabricator
Create Task
Maniphest T177962

Upgrade Jenkins to 2.73.2 (security release)
Closed, ResolvedPublic
Actions

Description

We've released new versions of Jenkins and Swarm Plugin today to fix several security vulnerabilities.

These vulnerabilities affect all previous releases:

  • weekly releases up to and including 2.83
  • LTS releases up to and including 2.73.1
  • Swarm Plugin (client) up to and including 3.4

We recommend updating to the new releases:

  • Jenkins weekly 2.84
    • Jenkins LTS 2.73.2**
  • Swarm Plugin (client) 3.5

Additionally, the recently released Maven Plugin 3.0 fixes a vulnerability, and distribution of Speaks! Plugin has been suspended due to a vulnerability for which there is no fix available.

Please see the advisory for more details:
https://jenkins.io/security/advisory/2017-10-11/

  • Maven Plugin up to and including 2.17
  • some arbitrary execution command on the master (we are not affected)
  • Update to commons-httpclient which is bundled in several plugins

Event Timeline

hashar created this task.Oct 11 2017, 4:09 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 11 2017, 4:09 PM
Paladox subscribed.Oct 11 2017, 4:09 PM
hashar updated the task description. (Show Details)Oct 11 2017, 4:10 PM
Stashbot subscribed.Oct 11 2017, 4:12 PM

Mentioned in SAL (#wikimedia-operations) [2017-10-11T16:12:07Z] <hasharAway> Upgrading Jenkins CI T177962

hashar added a project: SRE.Oct 11 2017, 4:15 PM

Installed on contint1001/contint2001 from http://pkg.jenkins-ci.org/debian-stable/binary/jenkins_2.73.2_all.deb

@MoritzMuehlenhoff could you upload it to apt.wikimedia.org please? reprepro should be able to handle all the magic.

Then we would want an apt-get upgrade on releases1001.eqiad.wmnet and releases2001.codfw.wmnet

Stashbot added a comment.Oct 11 2017, 4:24 PM

Mentioned in SAL (#wikimedia-operations) [2017-10-11T16:24:41Z] <hasharAway> Upgrade jenkins Maven integration plugin to 3.0 - T177962

hashar triaged this task as High priority.Oct 11 2017, 4:43 PM
hashar moved this task from Backlog to In-progress on the Release-Engineering-Team (Kanban) board.
MoritzMuehlenhoff added a comment.Oct 11 2017, 5:50 PM

I've uploaded 2.73.2 to apt.wikimedia.org

hashar closed this task as Resolved.Oct 11 2017, 7:28 PM
hashar added a subscriber: Dzahn.

21:27:51 <@Dzahn> !log releases2001 - upgraded jenkins to 2.73.2, kept existing config (vs overwriting with package config)

:)

Stashbot added a comment.Oct 11 2017, 7:29 PM

Mentioned in SAL (#wikimedia-operations) [2017-10-11T19:29:24Z] <mutante> releases1001 - same as 2001, upgraded jenkins to 2.73.2, kept existing config (T177962)

Dzahn added a comment.Oct 11 2017, 8:09 PM

19:20 mutante: apt: reprepro copy stretch-wikimedia jessie-wikimedia jenkins

Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q2; removed Release-Engineering-Team (Kanban).Dec 21 2017, 6:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL