Since my update to Jenkins version 2.176.1, I get some warnings in logs about 'Skipped parameter', which relates to SECURITY-170.
The log says :
"WARNING: Skipped parameter `artifactVersion` as it is undefined on `JOB-XX`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters=true` to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach or `-Dhudson.model.ParametersAction.keepUndefinedParameters=false` to no longer show this message." but the problem is that this job is defining such parameter. (see attachment)
I don't want to set `-Dhudson.model.ParametersAction.keepUndefinedParameters=true` only to evict some logs.
I could see this issue twice :
- one time with a pipeline job : this job defines the parameter and the scripted pipeline is retrieved on SCM. This pipeline uses this parameter.
- another time with a freestyle job : this job also defines the parameter and the build task is nothing more than executing a shell script on a remote SSH. This script uses the parameter.
In these both cases I need the parameter and, one more time, it is clearly defined.
Why are my logs spammed with such lines ?
The message is maybe missleading because my jobs are very simple and I can't see what's wrong.
Is that because these jobs are launched from another job (which, of course, set the parameter) ?
Is that because of the old builds ? I see somewhere a guy talking about old builds AND SECURITY-170.
I think the log could be improved.