-
Bug
-
Resolution: Unresolved
-
Major
-
Jenkins LTS 1.651.2, Oracle JDK 8u92, Windows Server 2008R2
For a Maven job a have SCM username and password environment variables configured. This work with Jenkins LTS v1.651.1 but with v1.651.2 it doesn't. The environment variables don't seem to be set. I suspect that SECURITY-170 fix is the reason for this behavior.
The plugin needs to be updated to work with this change.
- is duplicated by
-
-
- Closed
-
- links to
[JENKINS-35261] SCM username/password env variables don't work with SECURITY-170
| Labels | New: security-170 |
Just need to update the call to new ParametersAction(Parameters) to new ParametersAction(java.util.List, java.util.Collection) on M2ReleaseAction:267
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Remote Link | New: This issue links to "PR 29 (Web Link)" [ 14356 ] |
if the build passes then this fix should work on 1.652.3 (when it is released, but would require a manual install) or 2.7+
But I currently have no environment in which to test it.
| Status | Original: In Progress [ 3 ] | New: Open [ 1 ] |
rsandell pointed me to the fact that EnvironmentContributingAction is probably the better approach and does not require a large bump in the core. (which is currently problematic for some reason as the Injected test is failing...
EnvironmentContributor you meant? And extend ParametersAction adding the safe parameters (overriding getParameters() and getParameter(String)).
More info here: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11