-
New Feature
-
Resolution: Fixed
-
Major
-
None
In several cases Jenkins users may expose passwords as a plain text in "Injected variables" action (e.g. password reassigning for a non-sensitive variable). It may make sense to completely prohibit the exposure of environment variables via:
- Permissions
- Global Settings
- Per-project settings
- is duplicated by
-
JENKINS-24287 EnvInject exposes password hashes
-
- Resolved
-
- is related to
-
-
- Resolved
-
[JENKINS-29867] Add options, which allow disabling the Injected variables listings
Code changed in jenkins
User: Oleg Nenashev
Path:
src/main/java/org/jenkinsci/lib/envinject/EnvInjectAction.java
http://jenkins-ci.org/commit/envinject-lib/fa6e1a0a39ab3356a090c253a61379138d821e64
Log:
JENKINS-29867 - Expose owner runs in the action
This change exposes owner builds in order to allow security checks in EnvInject plugin.
Code changed in jenkins
User: Oleg Nenashev
Path:
src/main/java/org/jenkinsci/lib/envinject/EnvInjectAction.java
http://jenkins-ci.org/commit/envinject-lib/9ffb2877e3e483b8ce165fad2821144c6e7b928a
Log:
Merge pull request #6 from oleg-nenashev/JENKINS-29867-hide-envvars
JENKINS-29867 - Expose owner runs in the action
Compare: https://github.com/jenkinsci/envinject-lib/compare/caf1a25b8890...9ffb2877e3e4
Code changed in jenkins
User: Oleg Nenashev
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectAction.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPlugin.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectVarList.java
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/config.jelly
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/config.properties
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/help-enablePermissions.html
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/help-hideInjectedVars.html
src/main/resources/org/jenkinsci/plugins/envinject/Messages.properties
src/test/java/org/jenkinsci/plugins/envinject/EnvInjectPluginActionTest.java
src/test/java/org/jenkinsci/plugins/envinject/EnvInjectPluginConfigurationTest.java
http://jenkins-ci.org/commit/envinject-plugin/40a2c53c4d98e1e12fc084312d8db9ecf5d2fc14
Log:
JENKINS-29867 - Permissions engine + global option for disabling the Injected vars
Code changed in jenkins
User: Oleg Nenashev
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectAction.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPlugin.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration.java
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectVarList.java
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/config.jelly
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/config.properties
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/help-enablePermissions.html
src/main/resources/org/jenkinsci/plugins/envinject/EnvInjectPluginConfiguration/help-hideInjectedVars.html
src/main/resources/org/jenkinsci/plugins/envinject/Messages.properties
src/test/java/org/jenkinsci/plugins/envinject/EnvInjectPluginActionTest.java
src/test/java/org/jenkinsci/plugins/envinject/EnvInjectPluginConfigurationTest.java
http://jenkins-ci.org/commit/envinject-plugin/cff077fc1df0d5c6131951129b1936b10e526bc5
Log:
Merge pull request #57 from oleg-nenashev/JENKINS-29867-hide-envvars
JENKINS-29867 - Permissions engine + global option for disabling the Injected vars
Compare: https://github.com/jenkinsci/envinject-plugin/compare/8ba504042472...cff077fc1df0
Created PRs: