Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34871

After upgrading to Jenkins 2.3 we are unable to trigger parametrized build (SECURITY-170 / CVE-2016-3721)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • win server host
      Jenkins version 2.3
      Parameterized Trigger plugin version 2.30

      After upgrading to Jenkins 2.3 we are not able to pass a custom parameter specified in a property file. It looks like there is a security feature in this versions (https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11) that disables simply passing build parameters.

      This makes no sense to me since in my configuration (attached picture - config.jpg) I explicitly specify that I need to trigger the build with predefined properties.
      Maybe I am missing something?

      I tried to get the suggested solution working on slave level (passed java -Dhudson.model.ParametersAction.safeParameters=myParam) to slave start-up but this does not work. It looks like this needs to be passed when we start the master but this is no workaround. We simply have a lot of parameters and we cannot pass them to master at start-up.
      Again - maybe I am missing something in this workaround?

        1. config.jpg
          91 kB
          Vassilena Treneva

            vassilena Vassilena Treneva
            vassilena Vassilena Treneva
            Votes:
            16 Vote for this issue
            Watchers:
            29 Start watching this issue

              Created:
              Updated: