From c8b46000ba92548322c2f897e0fadd8339b4f4ab Mon Sep 17 00:00:00 2001 From: Allan Burdajewicz Date: Thu, 22 Aug 2024 21:30:37 +1000 Subject: [PATCH 1/3] [JENKINS-73422] Document escape hatch for Authenticated user access to Resource URL --- content/doc/book/managing/system-properties.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/content/doc/book/managing/system-properties.adoc b/content/doc/book/managing/system-properties.adoc index 2ca399001a54..bc98c1ccd906 100644 --- a/content/doc/book/managing/system-properties.adoc +++ b/content/doc/book/managing/system-properties.adoc @@ -1931,6 +1931,17 @@ properties: Enable the optional Overall/Manage permission that allows limited access to administrative features suitable for a hosted Jenkins environment. See https://github.com/jenkinsci/jep/tree/master/jep/223[JEP-223]. +- name: jenkins.security.ResourceDomainRootAction.allowAuthenticatedUser + tags: + - security + - escape hatch + def: | + `false` + since: //TODO + description: | + Allow authenticated user access to Resource URLs. + Escape hatch for a security hardening, see link:/security/advisory/2024-01-24/#SECURITY-3314[2024-01-24 security advisory]. + - name: jenkins.security.ResourceDomainRootAction.validForMinutes tags: - tuning From cbe60486791ff209923d99f14d89c37ca3cb950e Mon Sep 17 00:00:00 2001 From: Allan Burdajewicz Date: Mon, 2 Sep 2024 11:24:59 +1000 Subject: [PATCH 2/3] [JENKINS-73422] Add weekly version --- content/doc/book/managing/system-properties.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/doc/book/managing/system-properties.adoc b/content/doc/book/managing/system-properties.adoc index bc98c1ccd906..bdcc4af2764c 100644 --- a/content/doc/book/managing/system-properties.adoc +++ b/content/doc/book/managing/system-properties.adoc @@ -1937,7 +1937,7 @@ properties: - escape hatch def: | `false` - since: //TODO + since: 2.475 description: | Allow authenticated user access to Resource URLs. Escape hatch for a security hardening, see link:/security/advisory/2024-01-24/#SECURITY-3314[2024-01-24 security advisory]. From 0b79a3dd9b2a63927cfc62b1c123475f394ae27c Mon Sep 17 00:00:00 2001 From: Allan Burdajewicz Date: Tue, 3 Sep 2024 09:42:25 +1000 Subject: [PATCH 3/3] [JENKINS-73422] Apply documentation suggestions Co-authored-by: Daniel Beck <1831569+daniel-beck@users.noreply.github.com> --- content/doc/book/managing/system-properties.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/doc/book/managing/system-properties.adoc b/content/doc/book/managing/system-properties.adoc index bdcc4af2764c..1e380904ca83 100644 --- a/content/doc/book/managing/system-properties.adoc +++ b/content/doc/book/managing/system-properties.adoc @@ -1939,8 +1939,8 @@ properties: `false` since: 2.475 description: | - Allow authenticated user access to Resource URLs. - Escape hatch for a security hardening, see link:/security/advisory/2024-01-24/#SECURITY-3314[2024-01-24 security advisory]. + Allow authenticated user access to link:/doc/book/security/user-content/#resource-root-url[Resource URLs]. + Escape hatch for a security improvement related to the link:/security/advisory/2024-01-24/#SECURITY-3314[2024-01-24 security advisory]. - name: jenkins.security.ResourceDomainRootAction.validForMinutes tags: