Improvements by the Security Team
These are some contributions by members of the Jenkins security team that weren’t delivered as security fixes, but still are security-related.
2021
- Jenkins (core)
- Jenkins Plugins
-
-
Matrix Authorization: Explicitly assign permissions by type (user/group)
-
2020
- Jenkins (core)
-
-
Plugin Manager: Add inline security warnings to installed plugins list
-
Plugin Manager: Show on 'updates' tab when a warning would be fixed
-
UI/UX: Separate security and non-security administrative monitors
-
UI/UX: Add stack trace suppression into core as a standard behavior
-
UI/UX: Do not show disabled permissions in permission errors
-
- Developers
-
-
Listen on loopback interface: Jenkins (core)
-
Listen on loopback interface: Maven HPI Plugin
-
2019
- Jenkins (core)
- Jenkins Plugins
-
-
Published Strict Crumb Issuer Plugin
-
Credentials: Allow credential parameters to shadow credential ids in lookup
-
Credentials: Support user-scoped credentials in input step
-
Credentials: Support more credential masking scenarios
-
2018
- Jenkins (core)
- Jenkins Plugins
-
-
Published Extended Security Settings Plugin
-
2017
- Jenkins (core)
-
-
CSRF Protection: Remove requirement to have a CSRF crumb for requests with API tokens
-
CSRF Protection: Make the form that allows resubmission as POST work with CSRF protection enabled
-
CSRF Protection: Add a new administrative monitor for CSRF protection
-
- Jenkins Plugins
2016
- Jenkins (core)
-
-
Administrative Monitors: Show admin monitors on most URLs
-
Administrative Monitors: Add configuration for disabling admin monitors
-