[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled
Title: Message Title Yura Kovalenko updated an issue Jenkins / JENKINS-54124 Raw HTML when Stapler Security Hardening enabled Change By: Yura Kovalenko After upgrading to 2.138.2 all links in columns are shown in raw HTML. - Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted [here|https://jenkins.io/doc/upgrade-guide/2.138/#security-hardening-to-prevent-xss-vulnerabilities] doesn't help. -Setting org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled
Title: Message Title Yura Kovalenko commented on JENKINS-54124 Re: Raw HTML when Stapler Security Hardening enabled Daniel Beck thanks, was my bad - needed to full-restart Jenkins with "service jenkins restart" Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled
Title: Message Title Yura Kovalenko updated an issue Jenkins / JENKINS-54124 Raw HTML when Stapler Security Hardening enabled Change By: Yura Kovalenko After upgrading to 2.138.2 all links in columns are shown in raw HTML. As Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted [here|https://jenkins.io/doc/upgrade-guide/2.138/#security-hardening-to-prevent-xss-vulnerabilities] , setting the system property org doesn't help . kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled
Title: Message Title Yura Kovalenko updated an issue Jenkins / JENKINS-54124 Raw HTML when Stapler Security Hardening enabled Change By: Yura Kovalenko After upgrading to 2.138.2 all the links in columns are shown in raw HTML. As noted [here|https://jenkins.io/doc/upgrade-guide/2.138/#security-hardening-to-prevent-xss-vulnerabilities], setting the system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled
Title: Message Title Yura Kovalenko created an issue Jenkins / JENKINS-54124 Raw HTML when Stapler Security Hardening enabled Issue Type: Bug Assignee: Unassigned Components: upstream-downstream-view-plugin Created: 2018-10-17 11:13 Environment: Jenkins 2.138.2 Priority: Minor Reporter: Yura Kovalenko After upgrading to 2.138.2 all the links in columns are shown in raw HTML. As noted here, setting the system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps. Add Comment