Description David Carver 2010-07-13 14:43:37 EDT

Hudson should be upgrade to version 1.366 or newer to bring in a critical security leak fix.

Plus several required plugins have had upgrades as well, and depend on newer versions of Hudson in order to be installed.

Changes since 1.354 (current running version):
http://hudson-ci.org/changelog.html

What's new in 1.366 (2010/07/09)

    * Fixed a possible security issue where a malicious user with the project configuration access can trick Hudson into leaking the proxy password, if Hudson is configured with a proxy with username/password. (SECURITY-3)
    * Delete contained module builds when a maven project build is deleted, to avoid orphaned builds which can then affect the displayed result of a prior build. (issue 6779)
    * Hide some sidepanel links that should not be shown in user-private views. (issue 6832)
    * Fix for file parameters that are copied to a subdirectory of the workspace. (issue 6889)
    * File parameters uploaded via the CLI are now displayed correctly on the build Parameters page. (issue 6896)
    * Allowed file parameters to be downloaded even when the name contains URL-unfriendly characters. (issue 6897)
    * Fixed a garbage in the raw console plain text output. (issue 6034)
    * "Hudson is loading" page didn't take the user back to the same page.
    * Hudson can now remotely install JDK on Windows slaves when connecting via the "Let Hudson control this Windows slave as a Windows service" mode.
    * The "Let Hudson control this Windows slave as a Windows service" mode now allows the same Windows slave to be used by multiple Hudson masters. 

What's new in 1.365 (2010/07/05)

    * Fixed a critical security problem. See the advisory for more details. 

What's new in 1.364 (2010/06/25)

    * Fixed a race condition where a queued build may get executed multiple times. (issue 6819)
    * Some UI labels related to JUnit results were shown in the wrong locale. (issue 6824)
    * BuildWrappers can now contribute build variables. (issue 6497) 

What's new in 1.363 (2010/06/18)

    * Fix queue handling to close locking gap between removing job from queue and starting build, to prevent unintended concurrent builds (refactor of change first made in 1.360). (report)
    * Allow multiple dependencies between same two projects, as they may trigger under different conditions and with different parameters. (issue 5708)
    * Timeline on build trend page should use server timezone instead of always GMT. (issue 6692)
    * Don't mask the cause of the checkout related exception.
    * "who am I?" page should be visible to everyone.
    * Avoid pointless and harmful redirection when downloading slave.jar. (issue 5752)
    * Cache downloaded JDKs.
    * Reinstall a JDK when a different version is selected. (issue 5551)
    * Integrated community-contributed translations (Germany, Greek, Spanish, Finnish, Hungarian, Italian, Japanese, French, Russian, Slovenian, Dutch, Traditional Chinese, Swedish, Ukrainian, and Portuguese.)
    * Upgraded bundled Ant to version 1.8.1. (issue 6562) 

What's new in 1.362 (2010/06/11)

    * Restored optional container-based authentication for CLI. (issue 6587)
    * Fix javascript error when a plugin uses an empty dropdownList, resulting in LOADING overlay being left up. (issue 6542)
    * Add setting so job views may show only enabled or disabled jobs. (issue 6673)
    * File parameters can now be downloaded from the build Parameters page. (issue 6719)
    * Added an ability to point to different update sites.
    * Added a new extension point to plug in custom utility to kill processes.
    * Added a proactive error diagnostics to look for a broken reverse proxy setup. (report) 

What's new in 1.361 (2010/06/04)

    * Fixed a bug where IE shows empty client cert dialog when connecting to HTTPS site run by Winstone. (report)
    * "java -jar hudson.war" with AJP was broken. (issue 5753)
    * Safe restart stopped working on protected Hudson since 1.359. (issue 6667)
    * Parameterized jobs did not use configured quiet period. (issue 6660)
    * Fix form data conflict when fingerprinting is used with Promoted Builds plugin. (issue 6642)
    * Avoid possible exception at startup when some plugins have optional dependencies. (issue 6435)
    * Add autocomplete="off" for LDAP managerDN and managerPassword fields. (issue 3586)
    * Set a TCP timeout when slaves connect to the master. (issue 6262)
    * File parameter builds started with the CLI command no longer throw an NPE. (issue 4296)
    * Workaround for bug in Glassfish Enterprise. (issue 6459)
    * Ensure nested f:repeatable content does not inherit outer list when inner list is null. (issue 6679)
    * Add two new permalinks to job pages: "Last unstable build" and "Last unsuccessful build".
    * Allow the build number to be set so long as it's still bigger than the last build. (issue 4930)
    * Copied jobs are now disabled until configuration is saved, so they don't start building before ready. (issue 2494)
    * Reduced logging from jmDNS. 

What's new in 1.360 (2010/05/28)

    * A Java6 dependency had crept in in 1.359. (issue 6653)
    * Workaround for bug in Glassfish Enterprise. (issue 6459)
    * Added an extension point to control the assignment of tasks to nodes. (issue 6598) 

What's new in 1.359 (2010/05/21)

    * Accept latest JRockit JVM release as a compatible JVM. (issue 6556)
    * Hudson now broadcasts itself in DNS multicast at "_hudson._tcp.local" to facilitate auto-discovery from other tools
    * Added the "-block" option to the "quiet-down" CLI command so that the command will block until the system really quiets down. 

What's new in 1.358 (2010/05/14)

    * Too much memory used by stdout/stderr from test results. (issue 6516)
    * Fixed a memory leak in Winstone sessions. (issue 5119)
    * Fix to handle usernames with colon character on Windows. (issue 6476)
    * Fixed the port number handling problem in debian init script. (issue 6474)
    * Fix FilePath.getParent() handling of edge cases. (issue 6494)
    * Fix css conflict introduced in 1.357 that caused missing data display in analysis plugins. (issue 6496)
    * Support "optional=true" parameter for @Extension.
    * Supported OpenSSL-style certificate/key file format with "java -jar hudson.war"
    * If --httpsPort option is given without the certificate, run with a one-time self-signed certificate.
    * Hudson shouldn't show a login error page unless the user really failed to login (think about when the user presses a back button.) 

What's new in 1.357 (2010/05/07)

    * Maven builds abort unexpectedly due to a SocketTimeoutException on machine with poor resources. (issue 3273)
    * Fix incorrect handling of ".." in paths with mix of / and \ separators since 1.349. (issue 5951)
    * Javadoc publishing should not fail build if javadoc is already current. (issue 6332)
    * Fix download of files/artifacts larger than 2GB. (issue 6351)
    * Build page may not list all of the artifacts since 1.348. (issue 6371)
    * Add workaround for Opera 10.52/53 bug causing error in saving job configuration. (issue 6424)
    * Fix createSymlink problem on *nix systems that do not use GNUCLibrary since 1.356. (issue 6437)
    * Hide add/edit description link on test result pages when user does not have permission to submit a description.
    * Changed permission required to set description on test result pages from Build Job to Update Run.
    * Add "LOADING" overlay on global and job config pages until form is ready for use.
    * Email recipient lists now support build parameters. (issue 6394)
    * Make it easier to see the latest update jobs on the Update Center page. (issue 4255)
    * Allow plugins to use forms with an onsubmit handler, and fix "no-json" handling. (issue 5927) 

What's new in 1.356 (2010/05/03)

    * Fix StringIndexOutOfBoundsException in console log from UrlAnnotator. (issue 6252)
    * Fixed potential deadlock between saving project config and getting project page. (issue 6269)
    * Fixed timeline display on build time trend page. (issue 6439)
    * Fixed garbled response of XML API if xpath is specified. (ja@hudson.dev.javanet)
    * Fix broken links for stopping jobs in executor list on pages for slave nodes or filtered views.
    * Fixed NoSuchMethodError with Maven and Ivy plugins. (issue 6311)
    * Extension points can be now sorted. 

What's new in 1.355 (2010/04/16)

    * Colored ball image at top of build pages was broken for Hudson in some web containers (fixed by removing workaround for a Firefox bug fixed since 3.0.5/Dec2008). (issue 2341)
    * Console page while build is running did not wrap lines when viewed in IE. (issue 5869)
    * Fixed build history to indicate test failure for MavenBuild and MavenModuleSetBuild.
    * Make dropdownList work in repeatable content, such as a build step.
    * Fixed a bug where a job created via XML didn't properly receive upstream/downstream computation. (report)
    * Argument masking wasn't working correctly for commands run on slaves (report)
    * Added the slave retention strategy based on a schedule.
    * Added to configure charset option of Mailer.