New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SECURITY-1468's solution impacts ATH builds #877
Comments
Unless From a quick look, I think that CC @Pldi23 in case my comment is not quite right |
Or we can move to recent Ubuntu with accept-new |
I started with that in #878 earlier, needs some fixup in terms of Java directories to get it to work 👀 |
Dropping a note: we discussed this issue in today's infra meeting because the weekly release 2.363 was also bitten by this behavior on ci.jenkins.io. Expect a fix in ci.jenkins.io wednesday 10th of August to apply the config as code change. |
It’s an ATH framework change though, we’re trying to upgrade to a more maintained OS but tests are failing on it :( |
Depends if the If the ATH uses the native |
Manual configuration to validate:
|
it's not checking out via ci.jenkins.io, it's checking out in the tests. Those changes won't impact it |
I created a #886 with proposal to use 'No verification' strategy for ATH, because git-client 3.11.2 uses 'Known hosts file' as default strategy instead of 'Accept first connection' used in git-client 3.11.1, so tests will continue to fail even when we switch recent Ubuntu. I only worries if we are sure that ATH only connects to local git servers and we could not worry about MitM attacks? |
We ignored it the last 10 years or whatever I don't see it being a concern in this repository |
After investigating into the failure of #876, ATH is impacted by the security fix in the git-client-plugin too, jenkinsci/git-client-plugin#875, because ATH runs on CentOS 7 and doesn't know how to deal with "accept new" as strategy.
Later reading over JENKINS-69149, am I correct assuming that jenkinsci/git-client-plugin#882 restores the functionality of ATH, once merged and released?
The text was updated successfully, but these errors were encountered: