-
Bug
-
Resolution: Fixed
-
Blocker
The fix for SECURITY-170 as described in this blog post means that Jenkins core filters out any parameters used that were not defined in the job: https://jenkins.io/blog/2016/05/11/security-update/
Since Stash Pullrequest builder defines lots of parameters at runtime, and then later tries to access them, a bunch of functionality in the plugin fails. See an example resulting failure at https://github.com/nemccarthy/stash-pullrequest-builder-plugin/issues/84
Presumably this plugin should define its own Action class to store this information, rather than relying on these parameters to be exported into the environment during a build.
This similar to issue seen in GHPRB plugin.
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Closed
-
[JENKINS-34847] Missing parameters
Dieter S
added a comment - danielbarcay The workaround is described within the linkes blogpost. You choose between the java opt
-Dhudson.model.ParametersAction.keepUndefinedParameters=true
and
-Dhudson.model.ParametersAction.safeParameters=pullRequestId,pullRequestTitle,sourceBranch,targetBranch,sourceRepositoryOwner,
sourceRepositoryName,destinationRepositoryOwner,destinationRepositoryName,
sourceCommitHash,destinationCommitHash
But the blog post states also that this workaround will only work for a certain amount of time.
Dieter S
added a comment - danielbarcay The workaround is described within the linkes blogpost. You choose between the java opt
-Dhudson.model.ParametersAction.keepUndefinedParameters=true
and
-Dhudson.model.ParametersAction.safeParameters=pullRequestId,pullRequestTitle,sourceBranch,targetBranch,sourceRepositoryOwner,
sourceRepositoryName,destinationRepositoryOwner,destinationRepositoryName,
sourceCommitHash,destinationCommitHash
But the blog post states also that this workaround will only work for a certain amount of time. 
Daniel Barcay
added a comment - Thanks Dieter... I'll give this a shot. Code changed in jenkins
User: Nathan
Path:
src/main/java/stashpullrequestbuilder/stashpullrequestbuilder/StashAditionalParameterEnvironmentContributor.java
src/main/java/stashpullrequestbuilder/stashpullrequestbuilder/StashBuildTrigger.java
http://jenkins-ci.org/commit/stash-pullrequest-builder-plugin/059d562ead697f75c5c8ac90f4d0857531fd4802
Log:
Merge pull request #19 from mrooney/master
expose missing environment variables for JENKINS-34847
Compare: https://github.com/jenkinsci/stash-pullrequest-builder-plugin/compare/20d36fb5e6ab...059d562ead69
This bug caught my team when attempting an upgrade to Jenkins. I had to rollback. Definitely a blocker bug, and needs to be addressed ASAP, since I can't find a workaround.