Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34871

After upgrading to Jenkins 2.3 we are unable to trigger parametrized build (SECURITY-170 / CVE-2016-3721)


    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Labels:
    • Environment:
      win server host
      Jenkins version 2.3
      Parameterized Trigger plugin version 2.30
    • Similar Issues:


      After upgrading to Jenkins 2.3 we are not able to pass a custom parameter specified in a property file. It looks like there is a security feature in this versions (https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11) that disables simply passing build parameters.

      This makes no sense to me since in my configuration (attached picture - config.jpg) I explicitly specify that I need to trigger the build with predefined properties.
      Maybe I am missing something?

      I tried to get the suggested solution working on slave level (passed java -Dhudson.model.ParametersAction.safeParameters=myParam) to slave start-up but this does not work. It looks like this needs to be passed when we start the master but this is no workaround. We simply have a lot of parameters and we cannot pass them to master at start-up.
      Again - maybe I am missing something in this workaround?


          Issue Links



              • Assignee:
                vassilena Vassilena Treneva
                vassilena Vassilena Treneva
              • Votes:
                16 Vote for this issue
                29 Start watching this issue


                • Created: