Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: core, promoted-builds-plugin
Labels:
- issue-exported-to-github
- security-170
Environment:

Hide
* Operating system: CentOS 7.2.1511 with latest updates applied using "yum update" as of 2016-05-13.
* Java runtime version: 1.7.0_101-mockbuild_2016_04_21_13_43-b00
* Jenkins version: 1.651.2
* Promoted Builds Plugin version: 2.26

Show
* Operating system: CentOS 7.2.1511 with latest updates applied using "yum update" as of 2016-05-13. * Java runtime version: 1.7.0_101-mockbuild_2016_04_21_13_43-b00 * Jenkins version: 1.651.2 * Promoted Builds Plugin version: 2.26

The security issue related to arbitrary build parameters (described in the link https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11) was addressed by Jenkins 1.651.2. Unfortunately, this security fix caused freestyle jobs containing build parameters to break if they include promoted builds that attempt to access the build parameters defined at the job level.

Downgrading to Jenkins 1.651.1 allowed the affected jobs to function again.

links to

CloudBees Internal OSS-955

Assignee:: Oleg Nenashev
Reporter:: Hidden Maverick

Created:: 2016-05-13 23:02
Updated:: 2025-11-25 13:20
Resolved:: 2016-05-25 11:17
Archived:: 2025-11-25 13:20

Details

Description

Attachments

Issue Links

Activity

People

Dates