See also : https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
On Fri, Dec 30, 2016 at 3:27 PM, Baptiste Mathus <[email protected]> wrote: > Hi, > > Did you try the global > -Dhudson.model.ParametersAction.keepUndefinedParameters=true > switch? > > If so, my guess would be maybe the more specific switch is not much used > (For instance, I only knew about this one and didn't know about > hudson.model.ParametersAction.safeParameters) in the field and has some > non-revealed bugs?. > > At least, if the global one works, it will narrow down the scope of > research here, so IMO worth trying. > > Cheers > > 2016-12-28 11:57 GMT+01:00 Asaf Mesika <[email protected]>: > >> Hi, >> >> I have the following line appears many times in the log of Jenkins: >> >> Dec 28, 2016 10:51:59 AM hudson.model.ParametersAction filter >> WARNING: Skipped parameter `BRANCH_NAME` as it is undefined on >> `build-gaia-full`. Set `-Dhudson.model.ParametersAction.keepU >> ndefinedParameters`=true to allow undefined parameters to be injected as >> environment variables or `-Dhudson.model.Parameters >> Action.safeParameters=[comma-separated list]` to whitelist specific >> parameter names, even though it represents a security br >> each >> >> >> I tried setting the parameters as you can see here: >> >> jenkins 10980 1 0 10:43 ? 00:00:00 /usr/bin/daemon >> --name=jenkins >> --inherit --env=JENKINS_HOME=/var/lib/jenkins --output=/var/log/jenkins/ >> jenkins.log --pidfile=/var/run/jenkins/jenkins.pid -- /usr/bin/java - >> Djava.awt.headless=true -Dfile.encoding=UTF-8 -Dhudson.model. >> ParametersAction.safeParameters=GAIA_BRANCH,BRANCH_NAME, >> EXTRA_GRADLE_SWITCHES -jar /usr/share/jenkins/jenkins.war --webroot=/var/ >> cache/jenkins/war --httpPort=8080 --ajp13Port=-1 >> jenkins 10982 10980 17 10:43 ? 00:02:08 /usr/bin/java -Djava.awt. >> headless=true -Dfile.encoding=UTF-8 -Dhudson.model.ParametersAction. >> safeParameters=GAIA_BRANCH,BRANCH_NAME,EXTRA_GRADLE_SWITCHES -jar /usr/ >> share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort= >> 8080 --ajp13Port=-1 >> >> But it didn't help. >> >> I also added the parameter BRANCH_NAME to this job, using the DSL: >> >> parameters { >> stringParam('BRANCH_NAME') >> } >> >> >> This didn't help! Which is the weirdest thing ever than. >> >> >> Any chance you guys seen it and solved it? >> >> >> Thanks! >> >> Asaf Mesika >> Logz.io >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/jenkinsci-users/e8f8e2c1-3b9d-4cde-922d-75a98258ea43% >> 40googlegroups.com >> <https://groups.google.com/d/msgid/jenkinsci-users/e8f8e2c1-3b9d-4cde-922d-75a98258ea43%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/CANWgJS4z53AGMLSz9C_nFVqM1%3DpMWPQPkf%3D% > 3Du3to7frSEVp4rw%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS4z53AGMLSz9C_nFVqM1%3DpMWPQPkf%3D%3Du3to7frSEVp4rw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- ----- Arnaud Héritier http://aheritier.net Mail/GTalk: aheritier AT gmail DOT com Twitter/Skype : aheritier -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAFNCU-_M%2BfNDfQuqNZSeNPOngvGJoOo1L9mdTFWQDa9T7tW-bw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
