Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34996

Sec-170-related: Release plugin needs to declare parameters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • release-plugin
    • 1.651.2+ and Jenkins 2.3+

      Injecting arbitrary parameters is now forbidden, so the plugin should declare them to the jobs.
      See https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

      Major impacts:

      Undeclared vars are not present anymore

      Release Plugin was listed on the page: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 and no issue was yet created for this.

            amuniz Antonio Muñiz
            jmf10024 Justin Fiore
            Votes:
            7 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: