Page MenuHomePhabricator
Create Task
Maniphest T298691

2022-01-12 Jenkins security advisory pre-announcement
Closed, ResolvedPublicSecurity
Actions

Description

Advisory is out https://www.jenkins.io/security/advisory/2022-01-12/

Related Objects

Event Timeline

hashar created this task.Jan 6 2022, 12:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 6 2022, 12:57 PM
Aklapper added a project: Jenkins.Jan 6 2022, 3:47 PM
Restricted Application added a project: Continuous-Integration-Infrastructure. · View Herald TranscriptJan 6 2022, 3:47 PM
Jdforrester-WMF subscribed.Jan 6 2022, 5:46 PM
Reedy edited projects, added SecTeam-Processed; removed Security-Team.Jan 10 2022, 5:21 PM
hashar added a comment.Jan 11 2022, 9:34 AM

I have upgraded the releases Jenkins to the latest LTS: 2.319.1

For the CI Jenkins I have to investigate since the main node is no more named master T298949

hashar added a comment.Jan 11 2022, 10:22 PM

I could not upgrade the CI Jenkins to 2.319.1 since I had to fix the Jenkins Gearman plugin and publish a new release of it. It is done now T298949

It is too late (11pm) to attempt an upgrade to 2.319.1. I will upgrade directly to the security update 2.319.2 when it is published and upgrade the Gearman plugin.

hashar updated the task description. (Show Details)EditedJan 12 2022, 6:59 PM

The advisory is out and plugins got updated. I have applied the plugin updates to https://releases-jenkins.wikimedia.org/

For CI Jenkins that conflicts with the backport window, so gotta wait a bit. I have already downloaded all the plugins updates.

hashar changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 12 2022, 7:08 PM
hashar changed the edit policy from "Custom Policy" to "All Users".
Stashbot added a comment.Jan 12 2022, 7:09 PM

Mentioned in SAL (#wikimedia-operations) [2022-01-12T19:09:26Z] <hashar> Upgraded releases Jenkins from 2.319.1 to 2.319.2 # T298691

Stashbot added a comment.Jan 12 2022, 7:34 PM

Mentioned in SAL (#wikimedia-operations) [2022-01-12T19:34:49Z] <hashar> Upgrading CI Jenkins and Gearman plugin T298691

Stashbot added a comment.Jan 12 2022, 7:52 PM

Mentioned in SAL (#wikimedia-operations) [2022-01-12T19:52:14Z] <hashar> Restarting CI Jenkins once more to apply the Gearman plugin update T298691

hashar closed this task as Resolved.Jan 12 2022, 8:05 PM
hashar claimed this task.

The master node got renamed to (built-in) https://integration.wikimedia.org/ci/computer/(built-in)/ builds are running fine on it. I then upgraded the Gearman plugin and all jobs seem to be working including the workflow ones.

hashar reopened this task as Open.EditedJan 13 2022, 10:25 AM

Actually the migration for master to built-in has to be applied via the Web UI. There are requisites and guidances listed at http://www.jenkins.io/doc/book/managing/built-in-node-migration/

Stashbot added a comment.Jan 13 2022, 10:42 AM

Mentioned in SAL (#wikimedia-releng) [2022-01-13T10:42:31Z] <hashar> Applied Jenkins built-in node migration to CI Jenkins (master > built-in renaming) # T298691

Stashbot added a comment.Jan 13 2022, 10:52 AM

Mentioned in SAL (#wikimedia-operations) [2022-01-13T10:52:16Z] <hashar> Restarting Jenkins CI for plugins update T298691

hashar closed this task as Resolved.Jan 13 2022, 10:53 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL