Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34996

Sec-170-related: Release plugin needs to declare parameters

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Injecting arbitrary parameters is now forbidden, so the plugin should declare them to the jobs.
      See https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

      Major impacts:

      Undeclared vars are not present anymore

      Release Plugin was listed on the page: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 and no issue was yet created for this.

        Attachments

          Issue Links

            Activity

            Hide
            mattg987 Matthew Griffin added a comment -

            This renders this plugin entirely unusable, unfortunately. Even simple variable substitution in an Execute Shell is not possible, as the variables are now undefined.

            Show
            mattg987 Matthew Griffin added a comment - This renders this plugin entirely unusable, unfortunately. Even simple variable substitution in an Execute Shell is not possible, as the variables are now undefined.
            Hide
            johnny_shields Johnny Shields added a comment -

            I think this merits an advisory in the documentation, "Jenkins 2.3+ requires GHPRB plugin version X.Y.Z or later"

            Show
            johnny_shields Johnny Shields added a comment - I think this merits an advisory in the documentation, "Jenkins 2.3+ requires GHPRB plugin version X.Y.Z or later"
            Hide
            templeton Michael Templeton added a comment -

            Plugin is currently useless. Can't even do basic variable substitution in shell.

            Show
            templeton Michael Templeton added a comment - Plugin is currently useless. Can't even do basic variable substitution in shell.
            Show
            amuniz Antonio Muñiz added a comment - Proposed fix: https://github.com/jenkinsci/release-plugin/pull/17
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Antonio Muñiz
            Path:
            pom.xml
            src/main/java/hudson/plugins/release/ReleaseWrapper.java
            src/main/java/hudson/plugins/release/SafeParametersAction.java
            src/main/resources/hudson/plugins/release/ReleaseWrapper/ReleaseAction/index.jelly
            src/test/java/hudson/plugins/release/TestReleasePluginParameters.java
            http://jenkins-ci.org/commit/release-plugin/98f1c2f8fbd10c5a2a029c466a00c94a48f3063f
            Log:
            JENKINS-34996 Acknoledge SECURITY-170

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Antonio Muñiz Path: pom.xml src/main/java/hudson/plugins/release/ReleaseWrapper.java src/main/java/hudson/plugins/release/SafeParametersAction.java src/main/resources/hudson/plugins/release/ReleaseWrapper/ReleaseAction/index.jelly src/test/java/hudson/plugins/release/TestReleasePluginParameters.java http://jenkins-ci.org/commit/release-plugin/98f1c2f8fbd10c5a2a029c466a00c94a48f3063f Log: JENKINS-34996 Acknoledge SECURITY-170
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            pom.xml
            src/main/java/hudson/plugins/release/ReleaseWrapper.java
            src/main/java/hudson/plugins/release/SafeParametersAction.java
            src/main/java/hudson/plugins/release/dashboard/RecentReleasesPortlet.java
            src/main/resources/hudson/plugins/release/ReleaseWrapper/ReleaseAction/index.jelly
            src/main/resources/hudson/plugins/release/ReleaseWrapper/ReleaseBuildBadgeAction/badge.jelly
            src/main/resources/hudson/plugins/release/ReleaseWrapper/config.jelly
            src/main/resources/hudson/plugins/release/dashboard/RecentReleasesPortlet/config.jelly
            src/main/resources/hudson/plugins/release/dashboard/RecentReleasesPortlet/main.jelly
            src/main/resources/hudson/plugins/release/dashboard/RecentReleasesPortlet/portlet.jelly
            src/main/resources/hudson/plugins/release/promotion/ReleasePromotionCondition/Badge/index.jelly
            src/main/resources/hudson/plugins/release/promotion/ReleasePromotionCondition/config.jelly
            src/main/resources/hudson/plugins/release/promotion/ReleasePromotionCondition/index.jelly
            src/main/resources/index.jelly
            src/test/java/hudson/plugins/release/TestReleasePluginJob.java
            src/test/java/hudson/plugins/release/TestReleasePluginMatrixJob.java
            src/test/java/hudson/plugins/release/TestReleasePluginParameters.java
            http://jenkins-ci.org/commit/release-plugin/ab68ac9ce267e658ff1662253a3726a7d040a509
            Log:
            Merge pull request #17 from amuniz/JENKINS-34996

            JENKINS-34996 Release parameters visibility

            Compare: https://github.com/jenkinsci/release-plugin/compare/3a0e033135cb...ab68ac9ce267

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml src/main/java/hudson/plugins/release/ReleaseWrapper.java src/main/java/hudson/plugins/release/SafeParametersAction.java src/main/java/hudson/plugins/release/dashboard/RecentReleasesPortlet.java src/main/resources/hudson/plugins/release/ReleaseWrapper/ReleaseAction/index.jelly src/main/resources/hudson/plugins/release/ReleaseWrapper/ReleaseBuildBadgeAction/badge.jelly src/main/resources/hudson/plugins/release/ReleaseWrapper/config.jelly src/main/resources/hudson/plugins/release/dashboard/RecentReleasesPortlet/config.jelly src/main/resources/hudson/plugins/release/dashboard/RecentReleasesPortlet/main.jelly src/main/resources/hudson/plugins/release/dashboard/RecentReleasesPortlet/portlet.jelly src/main/resources/hudson/plugins/release/promotion/ReleasePromotionCondition/Badge/index.jelly src/main/resources/hudson/plugins/release/promotion/ReleasePromotionCondition/config.jelly src/main/resources/hudson/plugins/release/promotion/ReleasePromotionCondition/index.jelly src/main/resources/index.jelly src/test/java/hudson/plugins/release/TestReleasePluginJob.java src/test/java/hudson/plugins/release/TestReleasePluginMatrixJob.java src/test/java/hudson/plugins/release/TestReleasePluginParameters.java http://jenkins-ci.org/commit/release-plugin/ab68ac9ce267e658ff1662253a3726a7d040a509 Log: Merge pull request #17 from amuniz/ JENKINS-34996 JENKINS-34996 Release parameters visibility Compare: https://github.com/jenkinsci/release-plugin/compare/3a0e033135cb...ab68ac9ce267
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Released it in 2.6

            Show
            oleg_nenashev Oleg Nenashev added a comment - Released it in 2.6

              People

              • Assignee:
                amuniz Antonio Muñiz
                Reporter:
                jmf10024 Justin Fiore
              • Votes:
                7 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: