Branch: refs/heads/master
Home: https://github.com/jenkinsci/stash-pullrequest-builder-plugin
Commit: 2f1711b8b43862750e96dec670e526bacea43335
https://github.com/jenkinsci/stash-pullrequest-builder-plugin/commit/2f1711b8b43862750e96dec670e526bacea43335
Author: Pavel Roskin <plros...@gmail.com>
Date: 2019-06-03 (Mon, 03 Jun 2019)
Changed paths:
M README.md
M
src/main/java/stashpullrequestbuilder/stashpullrequestbuilder/StashBuildTrigger.java
A
src/test/java/stashpullrequestbuilder/stashpullrequestbuilder/StashBuildTriggerTest.java
Log Message:
-----------
Don't accept any new parameter names from pull request comments
Parameters extracted from Stash comments are only allowed to override the
default values of the parameters defined for the job.
Accepting arbitrary parameters from Stash comments can be exploited by a
user who can post comments but not administer the Jenkins job.
Pass only one copy of the parameter to the job. Remove null parameters
only after the values from the Stash comments have been applied.
Suppress a FindBugs warning about this.job being null. That cannot
happen, but FindBugs cannot figure it out.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/stash-pullrequest-builder-plugin/push/refs/heads/master/a38b1d-2f1711%40github.com.
For more options, visit https://groups.google.com/d/optout.
