Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Critical
-
Resolution: Fixed
-
Component/s: delivery-pipeline-plugin
-
Environment:Jenkins 2.3
delivery-pipeline plugin 0.9.9
SECURITY-170 / CVE-2016-3721
-
Similar Issues:
Description
After upgrading to Jenkins 2.2
delivery-pipeline plugin 0.9.9
The environment variable PIPELINE_VERSION doesn't get created and stored for the initial job. This is due to SECURITY-170 / CVE-2016-3721. Please see https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11.
Original behaviour can be restored for testing purposes by setting hudson.model.ParametersAction.keepUndefinedParameters=true
Attachments
Issue Links
- is related to
-
-
- Open
-
Activity
Proposed solution: https://github.com/Diabol/delivery-pipeline-plugin/pull/182
Tommy Tynjä
added a comment - Proposed solution: https://github.com/Diabol/delivery-pipeline-plugin/pull/182 Merged to master: 1911068eac3f45dfb757b01e29c4a3384c83c068
https://github.com/Diabol/delivery-pipeline-plugin/pull/182
Will be part of next release.
Tommy Tynjä
added a comment - Merged to master: 1911068eac3f45dfb757b01e29c4a3384c83c068
https://github.com/Diabol/delivery-pipeline-plugin/pull/182
Will be part of next release. I'm on Jenkins 2.19 and Delivery Pipeline 0.9.12 and I still have to add -Dhudson.model.ParametersAction.safeParameters=PIPELINE_VERSION for it to work.
Mattias Jiderhamn
added a comment - I'm on Jenkins 2.19 and Delivery Pipeline 0.9.12 and I still have to add -Dhudson.model.ParametersAction.safeParameters=PIPELINE_VERSION for it to work. Mattias Jiderhamn Can you possibly create a new ticket with a reproducing test case / description? Thanks!
Tommy Tynjä
added a comment - Mattias Jiderhamn Can you possibly create a new ticket with a reproducing test case / description? Thanks! 
This issue is also mentioned on: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170