[ros-users] [Discourse.ros.org] [Buildfarm] Jenkins 2.60.1 and Script Security plugin

Steven! Ragnarök ros.discourse at gmail.com
Fri Jun 30 19:19:03 UTC 2017

[quote="gavanderhoorn, post:1, topic:2094"]
Is this expected with Jenkins 2.60.x, and is this karma for trying to upgrade things,or is this 'fixable' and am I missing a setting somewhere?

The security advisory and updated versions that introduced the whitelist changes were announced [in April](https://jenkins.io/blog/2017/04/10/security-advisory/). The ROS 1 buildfarm hasn't updated as it's still based on Trusty which lacks Java 8. The buildfarm we're currently using for the next beta of ROS 2 has not upgraded to 2.60 because we're focused on getting the release shipped. From scanning the changelog, I don't believe there's anything new that's security related in this LTS release from the changes in April. 

There's a [seed scriptApproval.xml]( https://github.com/nuclearsandwich/buildfarm_deployment/blob/1dba10f358a91598aca43e2eb19e5214006503a8/modules/jenkins_files/files/var/lib/jenkins/scriptApproval.xml) that the new Xenial based buildfarm masters will start with but as far as I recall manual intervention will still be required for a few jobs. I didn't document which jobs specifically as thoroughly as I wish I had.

[Visit Topic](https://discourse.ros.org/t/jenkins-2-60-1-and-script-security-plugin/2094/3) or reply to this email to respond.

More information about the ros-users mailing list