SebastianM6L, to jenkins
@SebastianM6L@mastodon.social avatar

Anyone had an issue with from django.test import Client causing a high memory usage in a docker container?

I run the tests in a pipeline using a #jenkins agent in #docker.

When this test runs:

def test_login_user(self):  
 c = Client()  
 response = c.post('/user/login/', {'email': 'test1@test.de', 'password': 'test123'})  
self.assertEqual(response.status_code, 302)

The memory usage goes thru the roof. Literally using up all memory until it crashes.

#django #pytest

Wen, to jenkins
@Wen@mastodon.scot avatar

Britain’s ‘most dangerous’ years lie ahead, warns Sunak. It’s cheap politics from a floundering PM

https://www.theguardian.com/commentisfree/article/2024/may/13/sunak-most-dangerous-britain-values

Comment is neither free or easy on the Gruaniad. I notice that Jenkins (a Brexit supporting unionist) failed to mention that Scots were included in Sunaks list of threats.

So much for free comment, and another reason I dropped my contribution to this SE England rag.

#sunak #Jenkins #Unionists #ScottishIndependence #Guardian

osjobhub, to sysadmin
@osjobhub@fosstodon.org avatar

On a mission to promote and defend digital privacy, @calyxinstitute is seeking applicants for Senior Systems Developer positions. Learn more and apply now on https://opensourcejobhub.com/job/15037/

vwbusguy, to jenkins
@vwbusguy@mastodon.online avatar

We need a plugin to enable automatic updates of Jenkins plugins.

jesterchen, to jenkins
@jesterchen@social.tchncs.de avatar

Currently I'm setting up an environment to create a new song book. I'm using , , , and .

My kid(12) wants to help creating the book. Now I'm in trouble: should I teach him (no, isn't a choice!), or should I be easy on his soul and the rest of his life by teaching him some gui text editor?

vwbusguy, to Meme
@vwbusguy@mastodon.online avatar

I made a .

csanchez, to jenkins

During @fosdem I realized that it has been 10 years since I started the #Jenkins plugin for #Kubernetes. 10 years!!! 4170 commits, installed in 13% of all Jenkins instances (more than 37k instances of those that report usage). What a ride 🎉

image/png

itnewsbot, to jenkins
@itnewsbot@schleuss.online avatar

This Week in Security: Glibc, Ivanti, Jenkins, and Runc - There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. ... - https://hackaday.com/2024/02/02/this-week-in-security-glibc-ivanti-jenkins-and-runc/

itnewsbot, to security
@itnewsbot@schleuss.online avatar

Around 45k Jenkins servers still vulnerable to attacks due to critical flaw - Tens of thousands of Jenkins servers have been exposed to a high-severity bug afte... - https://readwrite.com/around-45k-jenkins-servers-still-vulnerable-to-attacks-due-to-critical-flaw/

peter, to jenkins
@peter@area51.social avatar

If you are running Jenkins 2.441 or LTS 2.426.2 and earlier, you'll probably need to upgrade, more so if your Jenkins instance is publicly accessible!

A critical issue with the Jenkins CLI potentially exposing files on the controller

CVE-2024-23897 https://nvd.nist.gov/vuln/detail/CVE-2024-23897

It seems to be down to the args4j library

https://www.jenkins.io/security/advisory/2024-01-24/

simontsui, to jenkins

Horizon3 discusses factors that could significantly increase the criticality of Jenkins RCE CVE-2024-23897 (9.8 critical): "There are two dangerous Jenkins configuration options that allow unauthenticated attackers to effectively act like authenticated attackers. The “Allow users to sign up” option allows anyone with access to the Jenkins instance to self-register an account. And the “Allow anonymous read access” option gives everyone the Overall/Read permission." The impact matrix alone was worth taking a look at.
🔗 https://www.horizon3.ai/cve-2024-23897-assessing-the-impact-of-the-jenkins-arbitrary-file-leak-vulnerability/

simontsui, to jenkins

Jenkins RCE CVE-2024-23897 (9.8 critical, proofs of concept publicly available) allegedly being exploited in the wild, reported 3 days ago by a graduate student researcher* of Sky Computing Lab, UC Berkeley.

beandev, to jenkins German
@beandev@social.tchncs.de avatar

Automatisierungstool : Codeschmuggel durch Sicherheitslücke möglich

https://www.heise.de/news/Jenkins-Codeschmuggel-in-Automatisierungsloesung-moeglich-9608626.html

> Sicherheitslücken in der Open-Source-Automatisierungssoftware Jenkins erlauben Angreifern, Schadcode einzuschmuggeln. Updates helfen dem ab.

Happy updating 😬

aeveltstra, to jenkins
@aeveltstra@mastodon.social avatar

Arbitrary file execution vulnerability in :

https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263

aev, to jenkins

Arbitrary file execution vulnerability in :

https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263

governa, to jenkins
@governa@fosstodon.org avatar

Critical Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! ⚠️

https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.html

mttaggart, to jenkins

Good morning! Have a fairly gnarly RCE in :

Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.

www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314

SonarResearch, to jenkins

🔍Uncovering critical vulnerabilities in Jenkins, which could lead to RCE (CVE-2024-23898, CVE-2024-23897):

Check out our latest blog post for the technical details on how attackers could potentially gain unauthenticated RCE on

https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins-240125-p1&utm_term=ww_en_all_x

vwbusguy, to jenkins
@vwbusguy@mastodon.online avatar

The learning curve of and is significant, but so very worth it.

leanpub, to jenkins
@leanpub@mastodon.social avatar

How to build an Oracle database application by Gert-Jan Paulissen is on sale on Leanpub! Its suggested price is $27.99; get it for $19.59 with this coupon: https://leanpub.com/sh/uuKoyblb

vwbusguy, to jenkins
@vwbusguy@mastodon.online avatar

There's nothing quite like teaching someone half your age to use and , which seem like such ancient and arcane magic to them, but you remember when they were new and what life was like before them.

leanpub, to jenkins
@leanpub@mastodon.social avatar

How to build an Oracle database application by Gert-Jan Paulissen is on sale on Leanpub! Its suggested price is $27.99; get it for $19.59 with this coupon: https://leanpub.com/sh/rBYONRrH

leanpub, to jenkins
@leanpub@mastodon.social avatar

How to build an Oracle database application by Gert-Jan Paulissen is on sale on Leanpub! Its suggested price is $27.99; get it for $19.59 with this coupon: https://leanpub.com/sh/DbJSxmOA

krinkle, to jenkins
@krinkle@fosstodon.org avatar

CI Dream

> In this world, CI as a SaaS feels like accidental complexity of midlayer mistake variety.

https://matklad.github.io/2023/12/24/ci-dream.html

leanpub, to jenkins
@leanpub@mastodon.social avatar

How to build an Oracle database application by Gert-Jan Paulissen is on sale on Leanpub! Its suggested price is $27.99; get it for $19.59 with this coupon: https://leanpub.com/sh/Kii5Fsc1

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • everett
  • Youngstown
  • ngwrru68w68
  • slotface
  • ethstaker
  • rosin
  • thenastyranch
  • kavyap
  • khanakhh
  • megavids
  • mdbf
  • tester
  • tacticalgear
  • Durango
  • osvaldo12
  • anitta
  • cubers
  • modclub
  • Leos
  • cisconetworking
  • provamag3
  • normalnudes
  • lostlight
  • All magazines
    •