-
Bug
-
Resolution: Fixed
-
Minor
-
GitHub-Branch-Source-Plugin 2.4.1, 2.3.5+
CB Jenkins 2.138.x
Version 2.3.5 of the GitHub-Branch-Source Plugin introduced a bug that is causing an error to be displayed when trying to add GitHub Enterprise Servers within `Manage Jenkins-> Configure System -> GitHub Enterprise Servers` "This URL Requires POST" as the new security patch in 2.3.5 is background checking valid URLs. This error displays whether the `API endpoint` field is blank or has a valid endpoint specified.
Downgrading to version 2.3.4 of the GitHub-Branch-Source Plugin no longer displays the error.
Picture is attached showing the error.
- duplicates
-
-
- Closed
-
- links to
[JENKINS-54051] GitHub-Branch-Source plugin 2.3.5 Security Update causing error in adding GitHub Enterprise Servers
ba_magna FYI the workaround is to "just ignore it" :-/
These form-validation errors (should) have no functional impact on how the plugin works once configured - they only affect the cosmetic appearance of the configuration UI. As long as you enter in the correct configuration information, you can ignore the error. All that's missing is the dynamic form validation functionality - the rest of the plugin should work just fine.
If you need the assistance that the form-validation code provides then you could downgrade the plugin, work out what configuration you need, and then upgrade again. You could even install Jenkins in a VM with an earlier version of the plugin purely to experiment with configuration options before putting in the "known correct" values into your main Jenkins server(s), which would allow you to keep the insecure versions out of your main Jenkins server(s).
TL;DR: It's ugly as hell (and should've been fixed as part of the security changes that caused it), but it's not serious.
edit#2 The changes are now merged, so you could download the bleeding-edge plugin built by the Jenkins CI build https://ci.jenkins.io/job/Plugins/job/github-branch-source-plugin/job/master/lastSuccessfulBuild/artifact/target/ by downloading the .hpi file and then using the "advanced" section of the Jenkins plugin page to upload that. That should keep you going until the next version is officially released.
pjdarton
added a comment - - edited ba_magna FYI the workaround is to "just ignore it" :-/
These form-validation errors (should) have no functional impact on how the plugin works once configured - they only affect the cosmetic appearance of the configuration UI. As long as you enter in the correct configuration information, you can ignore the error. All that's missing is the dynamic form validation functionality - the rest of the plugin should work just fine.
If you need the assistance that the form-validation code provides then you could downgrade the plugin, work out what configuration you need, and then upgrade again. You could even install Jenkins in a VM with an earlier version of the plugin purely to experiment with configuration options before putting in the "known correct" values into your main Jenkins server(s), which would allow you to keep the insecure versions out of your main Jenkins server(s).
TL;DR: It's ugly as hell (and should've been fixed as part of the security changes that caused it), but it's not serious.
edit#2 The changes are now merged, so you could download the bleeding-edge plugin built by the Jenkins CI build https://ci.jenkins.io/job/Plugins/job/github-branch-source-plugin/job/master/lastSuccessfulBuild/artifact/target/ by downloading the .hpi file and then using the "advanced" section of the Jenkins plugin page to upload that. That should keep you going until the next version is officially released. Issue was with the checkMethod="post" being in the wrong field of a config jelly file
pjdarton Thank you very much for this information! 
I will keep doing this 
Hi,
is there a workaround available for this issue?
At the mentioned URL there was proposed to downgrade the versions of git, github and git-branch plugin. Is it fixing the issue?
Best regards
Bosse