Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Enable SSL Signature Checks #58

Merged
merged 1 commit into from Jan 29, 2024
Merged

Security: Enable SSL Signature Checks #58

merged 1 commit into from Jan 29, 2024

Conversation

steelhead31
Copy link
Contributor

Remove disabled signature checks for download of Jenkins slave.jar from HTTPs served jenkins server.

Fixes adoptium/infrastructure#3342

Identified in Trail Of Bits Security Audit: TOB-9

github-actions[bot]
github-actions bot previously requested changes Jan 25, 2024
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.

If this pull request needs to be merged during the release cycle then please comment /merge and a PMC member will be able to remove the block.

If the code freeze is over you can remove this block by commenting /thaw.

andrew-m-leonard
andrew-m-leonard approved these changes Jan 29, 2024
View reviewed changes
Copy link
Contributor

@andrew-m-leonard andrew-m-leonard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good spot

@steelhead31
Copy link
Contributor Author

/thaw

@github-actions GitHub Actions
Copy link

Sorry @steelhead31, the code freeze is still in place.

@steelhead31
Copy link
Contributor Author

/thaw

@github-actions github-actions bot dismissed their stale review January 29, 2024 13:56

Pull Request unblocked - code freeze is over.

@steelhead31 steelhead31 merged commit 2c90dad into adoptium:master Jan 29, 2024
3 checks passed
@steelhead31 steelhead31 self-assigned this Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karianna karianna karianna approved these changes

@andrew-m-leonard andrew-m-leonard andrew-m-leonard approved these changes

@github-actions github-actions[bot] github-actions left review comments

Assignees

@steelhead31 steelhead31

Labels
None yet
Projects
2024 1Q Adoptium Plan
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Insecure download using wget command
3 participants
@steelhead31 @karianna @andrew-m-leonard