Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46482

Parameter Mapping is not working due to SECURITY-170

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Critical
    • Resolution: Fixed
    • jira-trigger-plugin
    • None
    • Jenkins 1.651.2+
      Jenkins 2.3+
      jira-trigger-plugin 0.4.2

    Description

      See Jenkins security update:

      One of the fixes may well break some of your use cases in Jenkins, at least until plugins have been adapted: SECURITY-170. This change removes parameters that are not defined on a job from the build environment.

       

      Attachments

        Activity

          ceilfors Wisen Tanasa added a comment -

          michaelpporter Thanks for letting me know, I have reopened the ticket.

          ceilfors Wisen Tanasa added a comment - michaelpporter Thanks for letting me know, I have reopened the ticket.

          Code changed in jenkins
          User: Wisen Tanasa
          Path:
          src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsRunner.groovy
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy
          http://jenkins-ci.org/commit/jira-trigger-plugin/4cf64c12f9fcbe00d54d5fcb7f8dfe9926e35f57
          Log:
          JENKINS-46482 Use ParametersAction instead of EnvironmentContributingAction.

          Apparently EnvironmentContributingAction is not working in a pipeline job and the fix requires Jenkins core 2.76+. See JENKINS-29537.

          Compare: https://github.com/jenkinsci/jira-trigger-plugin/compare/f83ef699de31...4cf64c12f9fc

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wisen Tanasa Path: src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsRunner.groovy src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy http://jenkins-ci.org/commit/jira-trigger-plugin/4cf64c12f9fcbe00d54d5fcb7f8dfe9926e35f57 Log: JENKINS-46482 Use ParametersAction instead of EnvironmentContributingAction. Apparently EnvironmentContributingAction is not working in a pipeline job and the fix requires Jenkins core 2.76+. See JENKINS-29537 . Compare: https://github.com/jenkinsci/jira-trigger-plugin/compare/f83ef699de31...4cf64c12f9fc
          ceilfors Wisen Tanasa added a comment -

          Fixed to pipeline job released under 0.5.1.

          CC: michaelpporter

          ceilfors Wisen Tanasa added a comment - Fixed to pipeline job released under 0.5.1. CC: michaelpporter

          0.5.1 is working for me.

          michaelpporter Michael Porter added a comment - 0.5.1 is working for me.
          ceilfors Wisen Tanasa added a comment -

          michaelpporter Thanks for your confirmation. You should not need the System property workaround that was needed by SECURITY-170 anymore if you are forced to use it by jira-trigger-plugin e.g. hudson.model.ParametersAction.keepUndefinedParameters or hudson.model.ParametersAction.safeParameters

          ceilfors Wisen Tanasa added a comment - michaelpporter Thanks for your confirmation. You should not need the System property workaround that was needed by SECURITY-170 anymore if you are forced to use it by jira-trigger-plugin e.g.  hudson.model.ParametersAction.keepUndefinedParameters  or  hudson.model.ParametersAction.safeParameters

          People

            ceilfors Wisen Tanasa
            ceilfors Wisen Tanasa
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: