Jenkins 1.651.2 now strips build parameters that are not explicitly defined by a job https://jenkins.io/blog/2016/05/11/security-update/ . The Gearman plugin should thus white list them dynamically so they do not got stripped.

I have at least confirmed the special OFFLINE_NODE_WHEN_COMPLETE parameter is not impacted and the Gearman plugin properly set the slave offline even when Jenkins strips it out later on. Extensive details are available at https://phabricator.wikimedia.org/T133737#2290669

A use case is Zuul triggering jobs passing its context as ZUUL_* build parameters which can then be reused as environment variables. Without them, it is pretty much useless unless one comes through the trouble of white listing all ZUUL parameters + whatever user parameters that might be injected.

I have poked the OpenStack infrastructure list about it http://lists.openstack.org/pipermail/openstack-infra/2016-May/004284.html to which James E. Blair recommended on http://lists.openstack.org/pipermail/openstack-infra/2016-May/004285.html to:

> In the mean time, assuming that your system is entirely driven by Zuul+gearman and you do not have jobs that are triggered by other plugins where this behavior might not be desirable, I think the command line option you mentioned should be safe.

The workaround is for Jenkins 1.651.2+ is to pass the Java system parameter -Dhudson.model.ParametersAction.keepUndefinedParameters=true . Which is not secure.