Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34871

After upgrading to Jenkins 2.3 we are unable to trigger parametrized build (SECURITY-170 / CVE-2016-3721)

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • win server host
      Jenkins version 2.3
      Parameterized Trigger plugin version 2.30

    Description

      After upgrading to Jenkins 2.3 we are not able to pass a custom parameter specified in a property file. It looks like there is a security feature in this versions (https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11) that disables simply passing build parameters.

      This makes no sense to me since in my configuration (attached picture - config.jpg) I explicitly specify that I need to trigger the build with predefined properties.
      Maybe I am missing something?

      I tried to get the suggested solution working on slave level (passed java -Dhudson.model.ParametersAction.safeParameters=myParam) to slave start-up but this does not work. It looks like this needs to be passed when we start the master but this is no workaround. We simply have a lot of parameters and we cannot pass them to master at start-up.
      Again - maybe I am missing something in this workaround?

      Attachments

        Issue Links

          Activity

            bicschneider Claus Schneider added a comment - - edited

            It is also possible to turn the bucket upside-down.. I have played with a patch for the envinject plugin that regex-based retrieve parameters from upstream build. This way B is reading A and not A pushing to B..
            This way parameters just need to be stored in A's environment. You do not need to use parameterized trigger - but any upstream/downstream trigger

            How does this sound?

            bicschneider Claus Schneider added a comment - - edited It is also possible to turn the bucket upside-down.. I have played with a patch for the envinject plugin that regex-based retrieve parameters from upstream build. This way B is reading A and not A pushing to B.. This way parameters just need to be stored in A's environment. You do not need to use parameterized trigger - but any upstream/downstream trigger How does this sound?

            Same when trying to use "Use properties from file"

            bigalbert Albert Shamsiyan added a comment - Same when trying to use "Use properties from file"
            doronshai Doron Shai added a comment -

            When we will have a fix for it?
            When i downgraded to 2.19.4 i still have this problem

            doronshai Doron Shai added a comment - When we will have a fix for it? When i downgraded to 2.19.4 i still have this problem
            brianh Brian Herrera added a comment - - edited

            "The correct way to handle this is to extend your triggered/downstream jobs (every "Job B") to accept additional parameters."
            By enabling in project B the option "This project is parameterized" and adding parameters with the same name as the one passed by the project A.

            Confirming this worked for me.

            brianh Brian Herrera added a comment - - edited "The correct way to handle this is to extend your triggered/downstream jobs (every "Job B") to accept additional parameters." By enabling in project B the option "This project is parameterized" and adding parameters with the same name as the one passed by the project A. Confirming this worked for me.

            After adding "-Dhudson.model.ParametersAction.keepUndefinedParameters=true" to /etc/sysconfig/jenkins file in jenkins-2.46.3-1.1.noarch version. It works. Since it has reported as a security fix. Can we have a permanent fix for this bug?

             

             

            santhosh244 Santhosh Kumar added a comment - After adding "-Dhudson.model.ParametersAction.keepUndefinedParameters=true" to /etc/sysconfig/jenkins file in jenkins-2.46.3-1.1.noarch version. It works. Since it has reported as a security fix. Can we have a permanent fix for this bug?    

            People

              vassilena Vassilena Treneva
              vassilena Vassilena Treneva
              Votes:
              16 Vote for this issue
              Watchers:
              29 Start watching this issue

              Dates

                Created:
                Updated: