-
Improvement
-
Resolution: Fixed
-
Major
As a security fix, hudson.model.Api no longer permits the jsonp parameter, or xpath with a primitive result set. This is the safest policy but in certain cases it is useful to whitelist particular requesters known to be harmless. The INSECURE system property should be deprecated or deleted and an extension point introduced so various policies can be added by plugins: whitelists based on host name, requests with no Referer, etc.
- is related to
-
JENKINS-17005 hudson.model.Api.INSECURE as checkbox setting
-
- Closed
-
[JENKINS-16936] Extension point for secure users of Api
Link | New: This issue is blocking SECURITY-47 [ SECURITY-47 ] |
Assignee | New: Ryan Campbell [ recampbell ] |
Labels | Original: security | New: 1.480.4-candidate security |
Link |
New:
This issue is related to |
Labels | Original: 1.480.4-candidate security | New: lts-candidate security |
Assignee | Original: Ryan Campbell [ recampbell ] | New: Jesse Glick [ jglick ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Will this be implemented via the gui interface?