Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34996

Sec-170-related: Release plugin needs to declare parameters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • release-plugin
    • 1.651.2+ and Jenkins 2.3+

    Description

      Injecting arbitrary parameters is now forbidden, so the plugin should declare them to the jobs.
      See https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

      Major impacts:

      Undeclared vars are not present anymore

      Release Plugin was listed on the page: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 and no issue was yet created for this.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-35257 Release plugin ignores release parameters in Jenkins 2.7

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved
          links to

          Web Link PR

          Activity

            People

              amuniz Antonio Muñiz
              jmf10024 Justin Fiore
              Votes:
              7 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: