Jenkins 2.91: the security of Jenkins was disabled for clean install

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Jenkins 2.91: the security of Jenkins was disabled for clean install

masaru tsuchiyama
Hello

I installed Jenkins 2.91 cleanly on clean-installed Windows 10 Pro.
But the security of Jenkins was disabled.

I also tried it on Fedora 27 too.
But I couldn't reproduce it.

I had reported this for Jenkins 2.80 too.
https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ

Regards.
Masaru

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins 2.91: the security of Jenkins was disabled for clean install

Baptiste MATHUS
The issue had been confirmed and fixed in 2.81 for the 2.80.

For the 2.91, I just tried using the Docker image, and couldn't reproduce either as you say. So either you need to come up with a way to reproduce, or I guess we'll assume you maybe actually didn't have a clean env on  that Windows 10 pro install you're talking about.

Cheers

2017-11-26 9:31 GMT+01:00 Masaru Tsuchiyama <[hidden email]>:
Hello

I installed Jenkins 2.91 cleanly on clean-installed Windows 10 Pro.
But the security of Jenkins was disabled.

I also tried it on Fedora 27 too.
But I couldn't reproduce it.

I had reported this for Jenkins 2.80 too.
https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ

Regards.
Masaru

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins 2.91: the security of Jenkins was disabled for clean install

masaru tsuchiyama
Hi,

I re-download jenkins-2.91.zip
And I reinstalled Jenkins, but it didn't happen.

This is what I had done when I could reproduce it.

1. recover Windows 10 Pro with the recovery disk.
2. download jenkins-2.91.zip
3. extract it.
4. double-click jenkins.msi
5. change the install folder from 'C:\Program Files (x86)\Jenkins' to
    C:\Jenkins
6. open browser automatically.
7. the warning that jenkins security is disabled is shows up.

Regards.
Masaru.

Baptiste Mathus wrote:

> The issue had been confirmed and fixed in 2.81 for the 2.80.
>
> For the 2.91, I just tried using the Docker image, and couldn't
> reproduce either as you say. So either you need to come up with a way to
> reproduce, or I guess we'll assume you maybe actually didn't have a
> clean env on  that Windows 10 pro install you're talking about.
>
> Cheers
>
> 2017-11-26 9:31 GMT+01:00 Masaru Tsuchiyama <[hidden email]
> <mailto:[hidden email]>>:
>
>     Hello
>
>     I installed Jenkins 2.91 cleanly on clean-installed Windows 10 Pro.
>     But the security of Jenkins was disabled.
>
>     I also tried it on Fedora 27 too.
>     But I couldn't reproduce it.
>
>     I had reported this for Jenkins 2.80 too.
>     https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ
>     <https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ>
>
>     Regards.
>     Masaru
>
>     --
>     You received this message because you are subscribed to the Google
>     Groups "Jenkins Users" group.
>     To unsubscribe from this group and stop receiving emails from it,
>     send an email to [hidden email]
>     <mailto:jenkinsci-users%[hidden email]>.
>     To view this discussion on the web visit
>     https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com
>     <https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com>.
>     For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [hidden email]
> <mailto:[hidden email]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com 
> <https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.


--
Masaru Tsuchiyama <[hidden email]>

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2f255309-89a0-2c69-968f-1efbe2c5028f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins 2.91: the security of Jenkins was disabled for clean install

Oleg Nenashev
Hello,

I have tried to install the specified version several times on my Windows 10 Pro amd64 version. I was unable to reproduce the issue after trying the installer with several different registry settings. I would assume that the instance actually had a non-clean JENKINS_HOME directory when you tried the installation.

If you manage to reproduce the issue again, please follow the security issue reporting guidelines: https://jenkins.io/security/#reporting-vulnerabilities

Best regards,
Oleg Nenashev


воскресенье, 26 ноября 2017 г., 16:32:17 UTC+3 пользователь masaru tsuchiyama написал:
Hi,

I re-download jenkins-2.91.zip
And I reinstalled Jenkins, but it didn't happen.

This is what I had done when I could reproduce it.

1. recover Windows 10 Pro with the recovery disk.
2. download jenkins-2.91.zip
3. extract it.
4. double-click jenkins.msi
5. change the install folder from 'C:\Program Files (x86)\Jenkins' to
    C:\Jenkins
6. open browser automatically.
7. the warning that jenkins security is disabled is shows up.

Regards.
Masaru.

Baptiste Mathus wrote:

> The issue had been confirmed and fixed in 2.81 for the 2.80.
>
> For the 2.91, I just tried using the Docker image, and couldn't
> reproduce either as you say. So either you need to come up with a way to
> reproduce, or I guess we'll assume you maybe actually didn't have a
> clean env on  that Windows 10 pro install you're talking about.
>
> Cheers
>
> 2017-11-26 9:31 GMT+01:00 Masaru Tsuchiyama <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="hwtsBiFoBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">m.tm...@...
> <mailto:<a href="javascript:" target="_blank" gdf-obfuscated-mailto="hwtsBiFoBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">m.tm...@...>>:
>
>     Hello
>
>     I installed Jenkins 2.91 cleanly on clean-installed Windows 10 Pro.
>     But the security of Jenkins was disabled.
>
>     I also tried it on Fedora 27 too.
>     But I couldn't reproduce it.
>
>     I had reported this for Jenkins 2.80 too.
>     <a href="https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ&#39;;return true;">https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ
>     <<a href="https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ&#39;;return true;">https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ>
>
>     Regards.
>     Masaru
>
>     --
>     You received this message because you are subscribed to the Google
>     Groups "Jenkins Users" group.
>     To unsubscribe from this group and stop receiving emails from it,
>     send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="hwtsBiFoBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkinsci-use...@googlegroups.com
>     <mailto:<a href="javascript:" target="_blank" gdf-obfuscated-mailto="hwtsBiFoBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkinsci-users%2Bunsubscribe@...>.
>     To view this discussion on the web visit
>     <a href="https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com
>     <<a href="https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com>.
>     For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout
>     <<a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout>.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="hwtsBiFoBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkinsci-use...@googlegroups.com
> <mailto:<a href="javascript:" target="_blank" gdf-obfuscated-mailto="hwtsBiFoBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkinsci-users+unsubscribe@...>.
> To view this discussion on the web visit
> <a href="https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com
> <<a href="https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.


--
Masaru Tsuchiyama <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="hwtsBiFoBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">m.tm...@...>

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e94be2d1-5574-4a25-862c-6a16b9928165%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins 2.91: the security of Jenkins was disabled for clean install

masaru tsuchiyama
Hi,

 > If you manage to reproduce the issue again, please follow the security
 > issue reporting guidelines:
 > https://jenkins.io/security/#reporting-vulnerabilities

I understand that.

Regards.
Masaru.

Oleg Nenashev wrote:

> Hello,
>
> I have tried to install the specified version several times on my
> Windows 10 Pro amd64 version. I was unable to reproduce the issue after
> trying the installer with several different registry settings. I would
> assume that the instance actually had a non-clean JENKINS_HOME directory
> when you tried the installation.
>
> If you manage to reproduce the issue again, please follow the security
> issue reporting guidelines:
> https://jenkins.io/security/#reporting-vulnerabilities
>
> Best regards,
> Oleg Nenashev
>
>
> воскресенье, 26 ноября 2017 г., 16:32:17 UTC+3 пользователь masaru
> tsuchiyama написал:
>
>     Hi,
>
>     I re-download jenkins-2.91.zip
>     And I reinstalled Jenkins, but it didn't happen.
>
>     This is what I had done when I could reproduce it.
>
>     1. recover Windows 10 Pro with the recovery disk.
>     2. download jenkins-2.91.zip
>     3. extract it.
>     4. double-click jenkins.msi
>     5. change the install folder from 'C:\Program Files (x86)\Jenkins' to
>          C:\Jenkins
>     6. open browser automatically.
>     7. the warning that jenkins security is disabled is shows up.
>
>     Regards.
>     Masaru.
>
>     Baptiste Mathus wrote:
>      > The issue had been confirmed and fixed in 2.81 for the 2.80.
>      >
>      > For the 2.91, I just tried using the Docker image, and couldn't
>      > reproduce either as you say. So either you need to come up with a
>     way to
>      > reproduce, or I guess we'll assume you maybe actually didn't have a
>      > clean env on  that Windows 10 pro install you're talking about.
>      >
>      > Cheers
>      >
>      > 2017-11-26 9:31 GMT+01:00 Masaru Tsuchiyama <[hidden email]
>     <javascript:>
>      > <mailto:[hidden email] <javascript:>>>:
>      >
>      >     Hello
>      >
>      >     I installed Jenkins 2.91 cleanly on clean-installed Windows
>     10 Pro.
>      >     But the security of Jenkins was disabled.
>      >
>      >     I also tried it on Fedora 27 too.
>      >     But I couldn't reproduce it.
>      >
>      >     I had reported this for Jenkins 2.80 too.
>      >
>     https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ
>     <https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ>
>
>      >    
>     <https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ
>     <https://groups.google.com/forum/#!msg/jenkinsci-users/e2TFX4W5oI0/zZv9bgiyAgAJ>>
>
>      >
>      >     Regards.
>      >     Masaru
>      >
>      >     --
>      >     You received this message because you are subscribed to the
>     Google
>      >     Groups "Jenkins Users" group.
>      >     To unsubscribe from this group and stop receiving emails from
>     it,
>      >     send an email to [hidden email] <javascript:>
>      >     <mailto:jenkinsci-users%[hidden email]
>     <javascript:>>.
>      >     To view this discussion on the web visit
>      >
>     https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com
>     <https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com>
>
>      >    
>     <https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com
>     <https://groups.google.com/d/msgid/jenkinsci-users/79ec55bd-739c-6fa1-94fa-cbf553f9330d%40gmail.com>>.
>
>      >     For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>
>      >     <https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>>.
>      >
>      >
>      > --
>      > You received this message because you are subscribed to the Google
>      > Groups "Jenkins Users" group.
>      > To unsubscribe from this group and stop receiving emails from it,
>     send
>      > an email to [hidden email] <javascript:>
>      > <mailto:[hidden email] <javascript:>>.
>      > To view this discussion on the web visit
>      >
>     https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com
>     <https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com>
>
>      >
>     <https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com?utm_medium=email&utm_source=footer
>     <https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7fec7qZbmgfaZ8LW-BpXTxG%2BRV5E4M6c9OjU2iG9M5Rw%40mail.gmail.com?utm_medium=email&utm_source=footer>>.
>
>      > For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>.
>
>
>     --
>     Masaru Tsuchiyama <[hidden email] <javascript:>>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [hidden email]
> <mailto:[hidden email]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/e94be2d1-5574-4a25-862c-6a16b9928165%40googlegroups.com 
> <https://groups.google.com/d/msgid/jenkinsci-users/e94be2d1-5574-4a25-862c-6a16b9928165%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.


--
Masaru Tsuchiyama <[hidden email]>

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6901f468-b9d3-0549-653b-fcd013a5f47d%40gmail.com.
For more options, visit https://groups.google.com/d/optout.