-
Bug
-
Resolution: Unresolved
-
Minor
-
None
Since Release 2.5 and implementation of SECURITY-2008 - CVE-2020-2290 we can't use the '+' character in our single select list.
For example:
We have a "Active Choises Parameter" with Choice Type "Single Select" to choose a version. Our versions have the format "<version>+build.<counter>".
The "+" character will be escaped to "+".
Is it possible, that this is a bug?
I reproduced the issue, but only when the "Groovy Sandbox" option is enabled for the script. Let me take a look what's going on.