Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35261

SCM username/password env variables don't work with SECURITY-170

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • m2release-plugin
    • Jenkins LTS 1.651.2, Oracle JDK 8u92, Windows Server 2008R2

      For a Maven job a have SCM username and password environment variables configured. This work with Jenkins LTS v1.651.1 but with v1.651.2 it doesn't. The environment variables don't seem to be set. I suspect that SECURITY-170 fix is the reason for this behavior.
      The plugin needs to be updated to work with this change.

          [JENKINS-35261] SCM username/password env variables don't work with SECURITY-170

          Anders Hammar added a comment -

          Anders Hammar added a comment - More info here: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

          James Nord added a comment - - edited

          Just need to update the call to new ParametersAction(Parameters) to new ParametersAction(java.util.List, java.util.Collection) on M2ReleaseAction:267

          James Nord added a comment - - edited Just need to update the call to new ParametersAction(Parameters) to new ParametersAction(java.util.List, java.util.Collection) on M2ReleaseAction:267

          James Nord added a comment - - edited

          if the build passes then this fix should work on 1.652.3 (when it is released, but would require a manual install) or 2.7+
          But I currently have no environment in which to test it.

          James Nord added a comment - - edited if the build passes then this fix should work on 1.652.3 (when it is released, but would require a manual install) or 2.7+ But I currently have no environment in which to test it.

          James Nord added a comment -

          rsandell pointed me to the fact that EnvironmentContributingAction is probably the better approach and does not require a large bump in the core. (which is currently problematic for some reason as the Injected test is failing...

          James Nord added a comment - rsandell pointed me to the fact that EnvironmentContributingAction is probably the better approach and does not require a large bump in the core. (which is currently problematic for some reason as the Injected test is failing...

          EnvironmentContributor you meant? And extend ParametersAction adding the safe parameters (overriding getParameters() and getParameter(String)).

          Antonio Muñiz added a comment - EnvironmentContributor you meant? And extend ParametersAction adding the safe parameters (overriding getParameters() and getParameter(String) ).

          James Nord added a comment -

          No I did mean EnvironmentContributingAction.

          Override a core action would seem to be madness

          Anyway - updating core and using the new APIs did not work - something in the test hardness / hpi plugin / Jenkins / build is very broken.

          James Nord added a comment - No I did mean EnvironmentContributingAction . Override a core action would seem to be madness Anyway - updating core and using the new APIs did not work - something in the test hardness / hpi plugin / Jenkins / build is very broken.

          Override a core action would seem to be madness

          Yeah, a bit But this is a special "under control" case.

          Antonio Muñiz added a comment - Override a core action would seem to be madness Yeah, a bit But this is a special "under control" case.

          This also affects the releaseVersion and developmentVersion environment variables.

          Nicolai Ehemann added a comment - This also affects the releaseVersion and developmentVersion environment variables.

            Unassigned Unassigned
            ahammar Anders Hammar
            Votes:
            4 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: