Well, that was fun bug reproduced, I believe I know why that's happening. Not so complicated to fix... but no fast way to fix it. Here's the issue analysis (grab a coffee to read it).
- Downloaded jenkins.war (2.32.3.war)
- mkdir /tmp/123
- JENKINS_HOME=/tmp/123 java -jar jenkins.war
- Entered secret into form and submitted
- Installed suggested plugins (boy that takes a while)
- Created temp user
- Installed (without restart) active-choices-plugin 1.5.3
- Installed (without restart) job-dsl-plugin
- Manually stopped Jenkins, and started it again with same command #3
- Log in with user, all looking good
- Created Freestyle job JENKINS-42655 (see attached config.xml)
- Executed job, and found new job JENKINS-42655-1
- Never opened the job configuration, clicked on the "Generated Items link to JENKINS-42655-1" to open in a new tab
- Clicked on Build with Parameters
- Looked at logs, and noticed the security-script-plugin exceptions
- Went to "Manage Jenkins" / "In-process Script Approval" and approved scripts
- Went back to the JENKINS-42655-1 build with parameters screen, and everything worked as expected
Hummm. Issue more or less reproduced. Let's investigate more.
- Restarted Jenkins again
- Changed the JENKINS-42655 seed job configuration to use a different script
- Copied the config.xml file to another location
- Went to build with parameters, and now it was broken again
- Saved the job manually
- Copied the config.xml file to yet another location
- Went to build with parameters, and now it worked as reported in this issue
Now comes the interesting part. Looking at the diff. Attaching a screen shot so that others can have fun looking at it too. I installed Kompare as it has some cool features such as disabling diff for white spaces, blank lines, etc. The whole file changes as you save it. But if you ignore the number of white spaces... Then you can see that the Job DSL Plug-in is creating a <script> tag, as we used to do before 1.5 I think.
Now we use the script-security-plugin. So we need to wrap that around the script-security-plugin's tags. Will report an issue for job-dsl-plugin, and will probably submit a pull request in the next days too. There's not much left we can change in the plug-in code for that carek, so I'm afraid you will have to:
- keep saving the job
- perhaps work on the fix for Job DSL if you feel like doing it (as you could probably be faster than me in submitting the PR)
- use an older version of the active-choices-plugin that doesn't use security-script-plugin, though you could be bitten by other old bugs
- write some script to replace the <script> tag and wrap it by the secureScript (doing what the pull request will do automatically later)
Sorry for not being able to quickly provide any workaround, nor to cut a quick bugfix release.