The fix for SECURITY-170 as described in this blog post means that Jenkins core filters out any parameters used that were not defined in the job:
Since GHPRB defines lots of parameters at runtime, and then later tries to access them, a bunch of functionality in the plugin fails.
For example, at the end of a PR build, the plugin tries to read the PR ID so that it can update it on GitHub — but because the ghprbPullId parameter gets filtered out, the plugin fails to determine the PR ID.
Presumably this plugin should define its own Action class to store this information, rather than relying on these parameters to be exported into the environment during a build.
|Field||Original Value||New Value|
|Remote Link||This issue links to "PR (Web Link)" [ 14315 ]|
|Status||Open [ 1 ]||In Progress [ 3 ]|
|Status||In Progress [ 3 ]||Closed [ 6 ]|
|Resolution||Fixed [ 1 ]|
|Workflow||JNJira [ 170945 ]||JNJira + In-Review [ 210023 ]|