Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34871

After upgrading to Jenkins 2.3 we are unable to trigger parametrized build using prop file (maybe due to SECURITY-170 / CVE-2016-3721?)

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      win server host
      Jenkins version 2.3
      Parameterized Trigger plugin version 2.30
    • Similar Issues:

      Description

      After upgrading to Jenkins 2.3 we are not able to pass a custom parameter specified in a property file. It looks like there is a security feature in this versions (https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11) that disables simply passing build parameters.

      This makes no sense to me since in my configuration (attached picture - config.jpg) I explicitly specify that I need to trigger the build with predefined properties.
      Maybe I am missing something?

      I tried to get the suggested solution working on slave level (passed java -Dhudson.model.ParametersAction.safeParameters=myParam) to slave start-up but this does not work. It looks like this needs to be passed when we start the master but this is no workaround. We simply have a lot of parameters and we cannot pass them to master at start-up.
      Again - maybe I am missing something in this workaround?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vassilena Vassilena Treneva
                Reporter:
                vassilena Vassilena Treneva
              • Votes:
                16 Vote for this issue
                Watchers:
                27 Start watching this issue

                Dates

                • Created:
                  Updated: