Advisory is out https://www.jenkins.io/security/advisory/2022-01-12/
Description
Related Objects
- Mentioned Here
- T298949: Fix Gearman plugin for Jenkins to 2.319.1
Event Timeline
I have upgraded the releases Jenkins to the latest LTS: 2.319.1
For the CI Jenkins I have to investigate since the main node is no more named master T298949
I could not upgrade the CI Jenkins to 2.319.1 since I had to fix the Jenkins Gearman plugin and publish a new release of it. It is done now T298949
It is too late (11pm) to attempt an upgrade to 2.319.1. I will upgrade directly to the security update 2.319.2 when it is published and upgrade the Gearman plugin.
The advisory is out and plugins got updated. I have applied the plugin updates to https://releases-jenkins.wikimedia.org/
For CI Jenkins that conflicts with the backport window, so gotta wait a bit. I have already downloaded all the plugins updates.
Mentioned in SAL (#wikimedia-operations) [2022-01-12T19:09:26Z] <hashar> Upgraded releases Jenkins from 2.319.1 to 2.319.2 # T298691
Mentioned in SAL (#wikimedia-operations) [2022-01-12T19:34:49Z] <hashar> Upgrading CI Jenkins and Gearman plugin T298691
Mentioned in SAL (#wikimedia-operations) [2022-01-12T19:52:14Z] <hashar> Restarting CI Jenkins once more to apply the Gearman plugin update T298691
The master node got renamed to (built-in) https://integration.wikimedia.org/ci/computer/(built-in)/ builds are running fine on it. I then upgraded the Gearman plugin and all jobs seem to be working including the workflow ones.
Actually the migration for master to built-in has to be applied via the Web UI. There are requisites and guidances listed at http://www.jenkins.io/doc/book/managing/built-in-node-migration/
Mentioned in SAL (#wikimedia-releng) [2022-01-13T10:42:31Z] <hashar> Applied Jenkins built-in node migration to CI Jenkins (master > built-in renaming) # T298691
Mentioned in SAL (#wikimedia-operations) [2022-01-13T10:52:16Z] <hashar> Restarting Jenkins CI for plugins update T298691