Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #14054 Jenkins CSRF token is considered as invalid since Jenkins LTS 2.176.2
    Actions
    Infos
    #14054
    Thomas Gerbet (tgerbet)
    2019-10-18 15:20
    2019-10-17 15:30
    15253
    Details
    Jenkins CSRF token is considered as invalid since Jenkins LTS 2.176.2
    Some changes introduced in Jenkins 2.176.2 and 2.176.3 breaks the features triggering a Jenkins job from Tuleap. Jenkins instances with the CSRF protection enabled (and that have not set hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID to true) are impacted.

    All requests from Tuleap are rejected with:
    HTTP Status code 403 No valid crumb was included in the request


    See https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626 for more information
    Continuous Integration
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2019-10-18
    Attachments
    Empty
    References
    Referencing request #14054

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/91/16491/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD ab2432759f
    User avatar Yannis ROSSETTO (rossettoy) , 2019-10-18 15:17
    request #14054: Jenkins CSRF token is considered as invalid since Jenkins LTS 2.176.2 b39ecf09a2
    User avatar Thomas Gerbet (tgerbet) , 2019-10-17 17:16
    request #14054: Jenkins CSRF token is considered as invalid since Jenkins LTS 2.176.2 5174fe4395
    User avatar Thomas Gerbet (tgerbet) , 2019-10-17 16:01
    Referenced by request #14054

    Artifact Tracker v5

    rel #13801 11.8

    Other

    gerrit #16491
    gerrit #16492
    Display settings

    Follow-ups