Skip to content

Latest commit

 

History

History
338 lines (253 loc) · 14.5 KB

CHANGELOG.md

File metadata and controls

338 lines (253 loc) · 14.5 KB
Raw

Version 0.33 (Released Aug 5, 2019)

  • Bugfix configureSecurity HTTP 403 errors and CSRF crumb form validation issues tracked by JENKINS-57154. (pull request #115)
  • Bugfix Reference GitHub teams by slug tracked by JENKINS-34835. (pull request #116)

Version 0.32 (Released Apr 12, 2019)

  • Refactored to make fewer GitHub v3 API calls. (pull request #106)
  • CSRF protection bugfix by using state parameter (pull request #107)
  • Use the correct access token when impersonating a user (pull request #109)

Version 0.31 (Released Dec 6, 2018)

  • Bugfix GitHub Committer Authorization Strategy bug introduced by Jenkins 2.146 security release tracked by JENKINS-54031. (pull request #103)
  • Enabled Cache for User Teams. (pull request #100)
  • Authenticated team members have read/build permissions when using GitHub Committer Authorization Strategy tracked by JENKINS-42509. (pull request #91)

Version 0.30

  • [SECURITY-602] Mask client secret in UI - the round-trip is now done in encrypted format
  • [SECURITY-797] Prevent session fixation - by the invalidation of the session after a successful login
  • [SECURITY-798] Prevent open redirect. Use the "from" in priority as it is managed directly inside the main layout. Otherwise, fallback to the referer header value. In all cases, check the URL is either relative or inside Jenkins.

Version 0.29 (Released Jan 22, 2018)

  • New feature: When users authorize OAuth apps from GitHub the token is now stored in a user property. This will allow Jenkins admins to provide tigher integration with GitHub on the user's behalf. Use case: Job DSL scripts which configures webhooks for user projects. This is tracked by JENKINS-47113. (pull request #87)
  • Significant performance improvement when visiting user pages when rendering GitHub organizations and teams. It now uses the built-in cache. (pull request #92)
  • Bugfix rendering GitHub teams on user pages tracked by JENKINS-42421. (pull request #92)
  • Grammar and typo fixes. (pull request #89)

Version 0.28.1 (Released Nov 2, 2017)

  • Fix a botched release. 0.28 was not released to Artifactory so this is another attempt.

Version 0.28 (Released Oct 1, 2017)

  • Corrected a connectivity error on auth with proxy tracked by JENKINS-45726. (pull request #85)

Version 0.27 (Released May 1, 2017)

  • Allow collaborators to cancel/abort a build tracked by JENKINS-40566. (pull request #81)
  • Bugfix breaking SSH key authentication and transport authentication in Jenkins CLI tracked by JENKINS-43822. (pull request #83)

Version 0.26 (Released Apr 21, 2017)

  • Bugfix Fix for NPE in GithubOAuthUserDetails.getAuthorities(). (pull request #76)
  • Bugfix JENKINS-27045 Jenkins CLI --username/--password options. (pull request #77)
  • Bugfix JENKINS-38096 add in authorization checks for multibranch workflow jobs. (pull request #78)

Version 0.25 (Released Dec 3, 2016)

  • Security improvement: Added support for SSL server name indication. (pull request #59)
  • Security improvement: release over HTTPS. (pull request #67)
  • Performance enhancement: Fixes github client rate limitor waits and eats web threads causing Jenkins to be unresponsive tracked by JENKINS-39200. (pull request #63)
  • Performance enhancement: cache user lookups from GitHub. (pull requests #64, #65, #71, #72, #73)
  • Bugfix skip searching users when searching for teams tracked by JENKINS-34896 (pull request #68)
  • Bugfix logout/login process tracked by JENKINS-16350. (pull request #58)
  • Bugfix building plugin with JDK7 and JDK8. (pull request #73)
  • General bug fixes and code cleanup. (pull requests #61, #62, #66, #69, #70)

Version 0.24 (Released May 26, 2016)

Version 0.23 (Released May 1, 2016)

Version 0.22.2 (Released July 25, 2015)

  • The wiki page was having issues rendering plugin information. Unless I renamed it back (tracked by JENKINS-29636). I renamed the wiki page back to "Github OAuth Plugin" so plugin info would be rendered. I released 0.22.2 to revert release 0.22.1.

Version 0.22.1 (Released July 25, 2015)

  • I renamed the wiki page to "Github Authentication Plugin" which caused the plugin to disappear from the update center (tracked by JENKINS-29636). I released the plugin with the new wiki link.

Version 0.22 (Released July 24, 2015)

  • Bugfix Java 7 compatibility. The plugin now compiles and tests with Java 7 (pull request #42)
  • Scripting feature: equals() method available for idempotent groovy configuration (pull request #43)
  • Allow limited oauth scopes (pull request #45)
  • Allow Jenkins email to be set using GitHub private email ([pull request
  • #47]#47)
  • Private GitHub organization memberships can be used for authorization (pull request #48)

Version 0.21.2 (Released July 20, 2015)

Version 0.21.1 (Released July 12, 2015)

Version 0.21 (Released July 11, 2015)

  • Fewer github api calls for performance (pull request #27)
  • Fix for when user enters a badly formed github url for repo (pull request #32)
  • Make Github OAuth scopes configurable in Security Realm of Global Security configuration (pull request #35)
  • Default GitHub OAuth scope is now read:org (pull request #39)
  • Include GitHub teams as groups when doing matrix based authorization strategies (pull request #41)
  • Allow username and GitHub Personal Access Token to be used to access Jenkins API instead of requiring a Jenkins token to be generated (pull request #37)

Version 0.20 (Released Sept 30, 2014)

  • Minor code comments and updated GitHub API dependency.

Version 0.19 (Released July 2, 2014)

Version 0.15 (Released March 21, 2014)

  • Don't attempt to set email address property for a user upon login (pull request #14)
  • Use hasExplicitlyConfiguredAddress instead of getAddress(which scans all projects and builds to find users's email address) (committed directly).
  • Fix API token usage on Jenkins core 1.551 (pull request #18)

Version 0.14 (Released July 11, 2013)

Version 0.12 (Released June 13, 2012)

  • Removed the GitHub V2 API dependency.

Version 0.10 (Released March 4, 2012)

  • Thanks to virtix for reporting a bug with the plugin not working with github enterprise.
  • Note that you also have to upgrade the github-api plugin to version 1.17

Version 0.9 (Released January 8, 2012)

  • Thanks to Kohsuke Kawaguchi for several commits that allow github organizations to be specified using the matrix-based security.

Version 0.8.1 (Released November 1, 2011)

  • Fix the custom XStream Converter to allow the configurations to be saved correctly.

Version 0.8 (Released November 1, 2011)

  • Use custom XStream Converter to let < 0.7 configurations to still work.

Version 0.7 (Released October 29, 2011)

  • Adds support for Github Enterprise/Firewall installs.

Version 0.6 (Released September 17, 2011)

  • Adds checkbox to the AuthorizationStrategy configuration page to enable the anonymous read permission. (default is false: no anonymous reads).

Version 0.5 (Released September 10, 2011)

  • Fixes a problem where all users of the plugin would see a stack trace instead of Jenkins. The regex for detecting the github-webhook url was reworked to support that text appearing anywhere in the request URI.

Version 0.4 (Released September 9, 2011)

  • Thanks to vkravets for testing and contributing a patch to fix the regex so that it actually works for the github-wehook.

Version 0.3 (Released September 8, 2011)

  • Adds support for github-plugin's /github-webhook which can be enabled to allow anonymous READ access to this url. This permits a post commit hook in Github to notify Jenkins to build the related projects.

Version 0.2 (Released July 25, 2011)

  • Fixes serialization issue that prevented plugin from working after Jenkins was restarted.

Version 0.1 (Released July 16, 2011)