Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34996

Sec-170-related: Release plugin needs to declare parameters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • release-plugin
    • 1.651.2+ and Jenkins 2.3+

      Injecting arbitrary parameters is now forbidden, so the plugin should declare them to the jobs.
      See https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

      Major impacts:

      Undeclared vars are not present anymore

      Release Plugin was listed on the page: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 and no issue was yet created for this.

          [JENKINS-34996] Sec-170-related: Release plugin needs to declare parameters

          Justin Fiore created issue -
          Antonio Muñiz made changes -
          Assignee Original: Peter Hayes [ petehayes ] New: Antonio Muñiz [ amuniz ]
          Antonio Muñiz made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Matthew Griffin made changes -
          Priority Original: Major [ 3 ] New: Blocker [ 1 ]
          Antonio Muñiz made changes -
          Remote Link New: This issue links to "PR (Web Link)" [ 14363 ]
          Oleg Nenashev made changes -
          Link New: This issue is related to JENKINS-35257 [ JENKINS-35257 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 171202 ] New: JNJira + In-Review [ 185747 ]
          Ryan Campbell made changes -
          Comment [ PR has been updated to respond to comments. Pending re-reviews. ]
          Oleg Nenashev made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

            amuniz Antonio Muñiz
            jmf10024 Justin Fiore
            Votes:
            7 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: