You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Cause#getShortDescription method was defined to return a "one line" short snippet of HTML in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier. To prevent further security vulnerabilities like SECURITY-2499 from having an impact on Jenkins users, the method has been redefined to return plain text in Jenkins 2.315 and LTS 2.303.2, and its output is no longer rendered as HTML on the UI.
It was possible to use HTML in causeString and e.g. add a nice link back to the source of the pull request. With the newer version of Jenkins the HTML is now displayed as plain text.
The question I am asking myself now is: is HTML in causeString intended or not? Because if it is, then it doesn`t work anymore. Otherwise, if it is not intended, the Jenkins security team asks to report it (see the linked web page).
The text was updated successfully, but these errors were encountered:
I'll start with a quote from the Jenkins website.
https://www.jenkins.io/doc/developer/security/xss-prevention/Cause-getShortDescription/
It was possible to use HTML in
causeString
and e.g. add a nice link back to the source of the pull request. With the newer version of Jenkins the HTML is now displayed as plain text.The question I am asking myself now is: is HTML in
causeString
intended or not? Because if it is, then it doesn`t work anymore. Otherwise, if it is not intended, the Jenkins security team asks to report it (see the linked web page).The text was updated successfully, but these errors were encountered: