from:"headlikeak...@gmail.com \(JIRA\)"

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

2018-10-17 Thread headlikeak...@gmail.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Yura Kovalenko updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-54124  
 
 
  Raw HTML when Stapler Security Hardening enabled   
 

  
 
 
 
 

 
Change By: 
 Yura Kovalenko  
 

  
 
 
 
 

 
 After upgrading to 2.138.2 all links in columns are shown in raw HTML.   -  Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted [here|https://jenkins.io/doc/upgrade-guide/2.138/#security-hardening-to-prevent-xss-vulnerabilities] doesn't help. -Setting org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps.  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

2018-10-17 Thread headlikeak...@gmail.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Yura Kovalenko commented on  JENKINS-54124  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: Raw HTML when Stapler Security Hardening enabled   
 

  
 
 
 
 

 
 Daniel Beck thanks, was my bad - needed to full-restart Jenkins with "service jenkins restart"  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

2018-10-17 Thread headlikeak...@gmail.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Yura Kovalenko updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-54124  
 
 
  Raw HTML when Stapler Security Hardening enabled   
 

  
 
 
 
 

 
Change By: 
 Yura Kovalenko  
 

  
 
 
 
 

 
 After upgrading to 2.138.2 all links in columns are shown in raw HTML.  As   Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as  noted [here|https://jenkins.io/doc/upgrade-guide/2.138/#security-hardening-to-prevent-xss-vulnerabilities] , setting the system property org  doesn't help . kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps.  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

2018-10-17 Thread headlikeak...@gmail.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Yura Kovalenko updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-54124  
 
 
  Raw HTML when Stapler Security Hardening enabled   
 

  
 
 
 
 

 
Change By: 
 Yura Kovalenko  
 

  
 
 
 
 

 
 After upgrading to 2.138.2 all  the  links in columns are shown in raw HTML. As noted [here|https://jenkins.io/doc/upgrade-guide/2.138/#security-hardening-to-prevent-xss-vulnerabilities], setting the system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps.  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

2018-10-17 Thread headlikeak...@gmail.com (JIRA)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Yura Kovalenko created an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-54124  
 
 
  Raw HTML when Stapler Security Hardening enabled   
 

  
 
 
 
 

 
Issue Type: 
  Bug  
 
 
Assignee: 
 Unassigned  
 
 
Components: 
 upstream-downstream-view-plugin  
 
 
Created: 
 2018-10-17 11:13  
 
 
Environment: 
 Jenkins 2.138.2  
 
 
Priority: 
  Minor  
 
 
Reporter: 
 Yura Kovalenko  
 

  
 
 
 
 

 
 After upgrading to 2.138.2 all the links in columns are shown in raw HTML. As noted here, setting the system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps.  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

[JIRA] (JENKINS-54124) Raw HTML when Stapler Security Hardening enabled

5 matches

Site Navigation

Mail list logo

Footer information