From 9164f6c527b0a413192d4920465e9c237d35931d Mon Sep 17 00:00:00 2001 From: Daniel Beck Date: Mon, 27 Feb 2017 01:19:10 +0100 Subject: [PATCH 1/2] Add upgrade guide and changelog for 2.32.3 --- content/_data/changelogs/lts.yml | 29 ++++++++++++++++++++++++++++- content/doc/upgrade-guide/2.32.adoc | 12 ++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/content/_data/changelogs/lts.yml b/content/_data/changelogs/lts.yml index 52a2dcc0c70f..cefa1a5c9934 100644 --- a/content/_data/changelogs/lts.yml +++ b/content/_data/changelogs/lts.yml @@ -107,7 +107,34 @@ This option is deprecated and will be removed in a future release. We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead. issue: 25333 - +- version: "2.32.3" + date: 2017-02-29 + changes: + - type: bug + message: > + Display an informative message, rather than a Groovy exception, when View#getItems fails. + issue: 41825 + pull: 2739 + - type: bug + message: Don't try to set Agent Port when it is enforced, breaking form submission. + issue: 41511 + pull: 2726 + - type: bug + message: Don't add all group names as HTTP headers on "access denied" pages, possibly breaking reverse proxies due to very large headers. + issue: 39402 + pull: 2727 + - type: bug + message: Fix handling of the POST flag in ManagementLinks within the Manage Jenkins page. + issue: 38175 + pull: 2692 + - type: bug + message: IllegalStateException from Winstone when making certain requests with access logging enabled. + issue: 37625 + pull: 2721 + - type: bug + message: Do not fail to write a log file just because something deleted the parent directory. + issue: 16634 + pull: 2738 # DO NOT EDIT THIS FILE DIRECTLY # ALL CHANGES MUST GO THROUGH PULL REQUESTS diff --git a/content/doc/upgrade-guide/2.32.adoc b/content/doc/upgrade-guide/2.32.adoc index 4bc2c1ffda01..790f9ea28518 100644 --- a/content/doc/upgrade-guide/2.32.adoc +++ b/content/doc/upgrade-guide/2.32.adoc @@ -8,6 +8,18 @@ notitle: true Each section covers the upgrade from the previous LTS release, the section on 2.32.1 covers the upgrade from 2.19.4. +=== Upgrading to Jenkins LTS 2.32.3 + +==== Removal of +X-You-Are-In-Group+ headers on "Permission denied" pages + +https://issues.jenkins-ci.org/browse/JENKINS-39402[JENKINS-39402] + +"Permission denied" pages will no longer include HTTP headers listing all the groups the current user is a member of, as a large number of headers could in some cases result in reverse proxies errors. + +Access URLs such as +/whoAmI+ to get information about the currently logged in user and group memberships. + +To restore the previous behavior, set the system property `hudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS` to `true`. This is not generally recommended. + === Upgrading to Jenkins LTS 2.32.2 ==== Console notes security fix From 66d1d102cb90efe83a84b34b6fa73bf8d9047e0e Mon Sep 17 00:00:00 2001 From: Daniel Beck Date: Mon, 27 Feb 2017 21:03:10 +0100 Subject: [PATCH 2/2] February has 28 days this year, it's not 2016 anymore --- content/_data/changelogs/lts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/_data/changelogs/lts.yml b/content/_data/changelogs/lts.yml index cefa1a5c9934..70ad82001603 100644 --- a/content/_data/changelogs/lts.yml +++ b/content/_data/changelogs/lts.yml @@ -108,7 +108,7 @@ We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead. issue: 25333 - version: "2.32.3" - date: 2017-02-29 + date: 2017-03-01 changes: - type: bug message: >