•  
      request #14054 Jenkins CSRF token is considered as invalid since Jenkins LTS 2.176.2
    Infos
    #14054
    Thomas Gerbet (tgerbet)
    2019-10-18 15:20
    2019-10-17 15:30
    15250
    Details
    Jenkins CSRF token is considered as invalid since Jenkins LTS 2.176.2
    Some changes introduced in Jenkins 2.176.2 and 2.176.3 breaks the features triggering a Jenkins job from Tuleap. Jenkins instances with the CSRF protection enabled (and that have not set hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID to true) are impacted.

    All requests from Tuleap are rejected with:
    HTTP Status code 403 No valid crumb was included in the request


    See https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626 for more information
    Continuous Integration
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2019-10-18
    Attachments
    Empty
    References

    Follow-ups