-
Bug
-
Resolution: Fixed
-
Minor
-
None
1. Go to Manage Jenkins > Users
2. Configure an existing user
3. Update the password with a short value (less than 14 characters)
4. You don’t get a validation message → You should get the validation
Click on the Save button → The password is updated
NOTE: Another way of updating the password with a non-compliant value:
1. Log in
2. Go to User > Configure through the top menu
3. Update the password with a short value (less than 14 characters)
4. You don’t get a validation message → You should get the validation
5. Click on the Save button → The password is updated
Acceptance criteria
Fix the error
- is related to
-
JENKINS-74918 Missing a potential FIPS validation
-
- Open
-
- links to
[JENKINS-74858] Missing password length validation for users in jenkins own database (In FIPS mode)
Issue Type | Original: Task [ 3 ] | New: Bug [ 1 ] |
Description |
Original:
1. Go to Manage Jenkins > Security and make sure the Security Realm is “Jenkins' own
user database” 2. Go to Manage Jenkins > Users 3. Click on Create User 4. Add a new user with a short password (less than 14 characters) 5. You don’t get the validation until you don’t click the button → Validations should happen when losing the focus. Once it is created it is possible to update to a non-compliant password 1. Go to Manage Jenkins > Users 2. Configure an existing user 3. Update the password with a short value (less than 14 characters) 4. You don’t get a validation message → You should get the validation Click on the Save button → The password is updated {*}NOTE{*}: Another way of updating the password with a non-compliant value: 1. Log in 2. Go to User > Configure through the top menu 3. Update the password with a short value (less than 14 characters) 4. You don’t get a validation message → You should get the validation 5. Click on the Save button → The password is updated *Acceptance criteria* Fix the error Make sure beescloud documentation is updated Note: ticket created as bug but it could be a task if we don’t want to add any release notes |
New:
1. Go to Manage Jenkins > Users
2. Configure an existing user 3. Update the password with a short value (less than 14 characters) 4. You don’t get a validation message → You should get the validation Click on the Save button → The password is updated {*}NOTE{*}: Another way of updating the password with a non-compliant value: 1. Log in 2. Go to User > Configure through the top menu 3. Update the password with a short value (less than 14 characters) 4. You don’t get a validation message → You should get the validation 5. Click on the Save button → The password is updated *Acceptance criteria* Fix the error Make sure beescloud documentation is updated Note: ticket created as bug but it could be a task if we don’t want to add any release notes |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Assignee | New: Tejas [ tejas_drolia ] |
Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Link | New: This issue is related to JENKINS-74918 [ JENKINS-74918 ] |
Remote Link | New: This issue links to "OSS PR (Web Link)" [ 30254 ] |
Updated the description (Removed "adding validations when user loses focus" which was initially part of ticket description)
To provide more context: