-
Bug
-
Resolution: Not A Defect
-
Minor
-
None
-
Jenins 2.176.3, TFS, Strict Crumb Issuer
This issue was introduced when upgrading from Jenkins version 2.176.2 to 2.176.3. I believe this is related to the change referred https://jenkins.io/security/advisory/2019-08-28/, under CSRF protection [...].
Our development team is using visualstudio.com and have up til now used service hooks there, to trigger builds in jenkins. When upgrading to the latest version of jenkins these service hooks fail, referring to an invalid crumb.
I have tried installing and using the "strict crumb issuer" plugin, but that does not seem to work at all with the service hooks from VS. Disabling CSRF seem to "fix the problem", but that is obviously not an option.
Please advice.