None yet Steven Calhoun, sorry. The main blocker for me is i) other pending issues and, ii) I know I will need to spend some time investigating the following:
- How can this be safely implemented?
- Has any other plug-ins done it in a way that didn't result in an CVE and being blacklisted by the Jenkins Security team?
- What would we need to tell users besides this new feature? (e.g. limitations, risks, etc)
If anyone has time to do this investigation, then I could simply go with the best approach (if any), and/or confirm with the Jenkins Security team what they think about our decision.
From memory, I had a solution from another plug-in (hmmm, ext-parameter? extended-parameter-choice? Some name like this), but got a message on IRC or in another media from core devs about the risks of this approach. Then, shortly after, we got blacklisted for other security issues, and the plug-in was unavailable for some weeks (can't recall if it completed 1 or 2 months of suspension until we sorted the CVE and released the fix).
Hence my caution in implementing this feature (which I find very useful too for users).