Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35920

Build parameter not passed on for Maven Repository Artifact

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      We are using parametrized Builds.
      Since short (not sure exactly when), the Build-Paramters from the Maven Repository Artifact do not get passed on.
      Other Parameter types (e.G.: "text") do work.

      Might be related to JENKINS-34996 (Sec-170-related)

        Attachments

          Activity

          christophlinder Christoph Linder created issue -
          Hide
          christophlinder Christoph Linder added a comment -

          Using the system-properties mentioned here is (for us) a viable temporary workaround for this problem
          https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

          Show
          christophlinder Christoph Linder added a comment - Using the system-properties mentioned here is (for us) a viable temporary workaround for this problem https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
          Hide
          danielbeck Daniel Beck added a comment -

          What plugin is affected, and what does your job configuration look like? Could you provide complete steps to reproduce from scratch?

          Show
          danielbeck Daniel Beck added a comment - What plugin is affected, and what does your job configuration look like? Could you provide complete steps to reproduce from scratch?
          Hide
          christophlinder Christoph Linder added a comment -

          Affected plugin: Repository Connector Plugin (https://wiki.jenkins-ci.org/display/JENKINS/Repository+Connector+Plugin)

          Steps to reproduce:

          • Configure the plugin (i.e.: setup the maven repo)
          • Create new job (freestyle)
          • Select "This project is parameterized"
          • Add "Maven Repository Artifact" and setup something suitable (i.E.: property "FOO", group "org.apache.commons", artifact "commons-lang3"
          • Add Build Step -> Execute shell
            On a Linux-Jenkins:
            echo found: $FOO
            On a Windows-Jenkins:
            echo found: %FOO%

          Start the build with the parameter.
          Expected result:
          somewhere in the build log, the chosen parameter value shoud appear, e.g.:
          "found RELEASE"

          Actual result (value missing):
          "found"

          Show
          christophlinder Christoph Linder added a comment - Affected plugin: Repository Connector Plugin ( https://wiki.jenkins-ci.org/display/JENKINS/Repository+Connector+Plugin ) Steps to reproduce: Configure the plugin (i.e.: setup the maven repo) Create new job (freestyle) Select "This project is parameterized" Add "Maven Repository Artifact" and setup something suitable (i.E.: property "FOO", group "org.apache.commons", artifact "commons-lang3" Add Build Step -> Execute shell On a Linux-Jenkins: echo found: $FOO On a Windows-Jenkins: echo found: %FOO% Start the build with the parameter. Expected result: somewhere in the build log, the chosen parameter value shoud appear, e.g.: "found RELEASE" Actual result (value missing): "found"
          rtyler R. Tyler Croy made changes -
          Field Original Value New Value
          Workflow JNJira [ 172540 ] JNJira + In-Review [ 184686 ]
          Hide
          mohit_dharamshi Mohit Dharamshi added a comment - - edited

          This PR solves the issue and has already been merged: https://github.com/jenkinsci/repository-connector-plugin/pull/19

          It seems the developer(s) are not actively involved with managing the plugin.

          If feasible, download the source, build it (mvn package) and use the plugin.

          The workaround may help but has these issues:

          1 - Keep undefined parameters to true brings back the security risk.

          2 - Set safe parameters. However each developer will then have to provide the parameter names to the Jenkins admin making it a tedious task for the admin.

          Show
          mohit_dharamshi Mohit Dharamshi added a comment - - edited This PR solves the issue and has already been merged:  https://github.com/jenkinsci/repository-connector-plugin/pull/19 It seems the developer(s) are not actively involved with managing the plugin. If feasible, download the source, build it (mvn package) and use the plugin. The workaround may help but has these issues: 1 - Keep undefined parameters to true brings back the security risk. 2 - Set safe parameters. However each developer will then have to provide the parameter names to the Jenkins admin making it a tedious task for the admin.

            People

            • Assignee:
              Unassigned
              Reporter:
              christophlinder Christoph Linder
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: