Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34805

Delivery Pipeline plugin doesn't create the environment variable PIPELINE_VERSION since upgrade

      After upgrading to Jenkins 2.2
      delivery-pipeline plugin 0.9.9

      The environment variable PIPELINE_VERSION doesn't get created and stored for the initial job. This is due to SECURITY-170 / CVE-2016-3721. Please see https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11.

      Original behaviour can be restored for testing purposes by setting hudson.model.ParametersAction.keepUndefinedParameters=true

          [JENKINS-34805] Delivery Pipeline plugin doesn't create the environment variable PIPELINE_VERSION since upgrade

          grant jew added a comment -

          downgraded to 2.0 and the PIPELINE_VERSION gets created and forwarded to downstream jobs.

          grant jew added a comment - downgraded to 2.0 and the PIPELINE_VERSION gets created and forwarded to downstream jobs.

          Ian Bamforth added a comment - - edited

          Now also released in 1.651.2.

          Ian Bamforth added a comment - - edited Now also released in 1.651.2.

          We need fix for this ASAP.
          Workaround :- Use plugin Formatted Version Number to create PIPELINE_VERSION environment variable this should fix the issue for time being

          Jeebitesh Kalantri added a comment - We need fix for this ASAP. Workaround :- Use plugin Formatted Version Number to create PIPELINE_VERSION environment variable this should fix the issue for time being

          Daniel Beck added a comment -

          Probably SECURITY-170 from https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 and the plugin sending parameters that aren't defined on the job. Workaround: Define the parameter on the job.

          Daniel Beck added a comment - Probably SECURITY-170 from https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 and the plugin sending parameters that aren't defined on the job. Workaround: Define the parameter on the job.

          yeap! that is the reason. When the variable is declared in task then it is created, but yet still an issue when the variable is passed to another task.
          Although the variable is declared in the task, still blank until end. In the parameters list there are two variables PIPELINE_VERSION one with the value created in the first task and another one in blank.
          i can't make the workaround works in docker version yet.

          Pablo González added a comment - yeap! that is the reason. When the variable is declared in task then it is created, but yet still an issue when the variable is passed to another task. Although the variable is declared in the task, still blank until end. In the parameters list there are two variables PIPELINE_VERSION one with the value created in the first task and another one in blank. i can't make the workaround works in docker version yet.

          Tommy Tynjä added a comment -

          Tommy Tynjä added a comment - This issue is also mentioned on: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170

          Tommy Tynjä added a comment -

          Tommy Tynjä added a comment - Proposed solution: https://github.com/Diabol/delivery-pipeline-plugin/pull/182

          Tommy Tynjä added a comment -

          Merged to master: 1911068eac3f45dfb757b01e29c4a3384c83c068
          https://github.com/Diabol/delivery-pipeline-plugin/pull/182

          Will be part of next release.

          Tommy Tynjä added a comment - Merged to master: 1911068eac3f45dfb757b01e29c4a3384c83c068 https://github.com/Diabol/delivery-pipeline-plugin/pull/182 Will be part of next release.

          I'm on Jenkins 2.19 and Delivery Pipeline 0.9.12 and I still have to add -Dhudson.model.ParametersAction.safeParameters=PIPELINE_VERSION for it to work.

          Mattias Jiderhamn added a comment - I'm on Jenkins 2.19 and Delivery Pipeline 0.9.12 and I still have to add -Dhudson.model.ParametersAction.safeParameters=PIPELINE_VERSION for it to work.

          Tommy Tynjä added a comment -

          mate Can you possibly create a new ticket with a reproducing test case / description? Thanks!

          Tommy Tynjä added a comment - mate Can you possibly create a new ticket with a reproducing test case / description? Thanks!

            tommysdk Tommy Tynjä
            gjew grant jew
            Votes:
            5 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: