We documented this issue and a workaround at https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+the+SECURITY-901+fix
> On 17. Jan 2019, at 16:32, [email protected] wrote: > > I just upgraded Jenkins from 2.159 to 2.160, and then found that I could not > log on to the web interface. > > Clicking "login" prompted me for my credentials as expected, and then > returned me to the Jenkins web page, but not logged in. > Clearing cookies and cache, and using a different browser, did not fix the > problem. > Our Jenkins is using the CAS plugin for user authentication. > > I _was_ able to successfully authenticate to Jenkins using the > jenkins-cli.jar with an API token that I have previously set up. > > Has anyone else seen this? I presume that if logons were generally broken in > that release, someone would have reported it by now. > > I immediately rolled back to 2.159, and logon then started working. > > Matthew > > > -- > This e-mail and any attachments may contain confidential, copyright and or > privileged material, and are for the use of the intended addressee only. If > you are not the intended addressee or an authorised recipient of the > addressee please notify us of receipt by returning the e-mail and do not use, > copy, retain, distribute or disclose the information in or attached to the > e-mail. > Any opinions expressed within this e-mail are those of the individual and not > necessarily of Diamond Light Source Ltd. > Diamond Light Source Ltd. cannot guarantee that this e-mail or any > attachments are free from viruses and we cannot accept liability for any > damage which you may sustain as a result of software viruses which may be > transmitted in or with the message. > Diamond Light Source Limited (company no. 4375679). Registered in England and > Wales with its registered office at Diamond House, Harwell Science and > Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/47b4e75b07734e298b5de5d91a07b124%40Diamond.ac.uk. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/56982394-0924-43CF-88E1-8B9ECAFD0A04%40beckweb.net. For more options, visit https://groups.google.com/d/optout.
