Yes the Reverse Proxy warning shows up. We disabled as a False Positive. CSRF has always been on. We do not have a reverse proxy but we are behind an F5 LTM and also use the SAML plugin to enable PIV authentication to the F5 APM module - not sure if any of that is in play here. Checking on timing of upgrades... Jenkins was upgraded first on 3/26 Tomcat was upgraded on 3/28 This is our Infrastructure Dev environment (not used by developers). Our prod environment is currently running Jenkins 2.222.1 and Tomcat 9.0.30 with no issues. We can make changes and save them. Prod also has same F5 LTM and SAML/PIV setup. I am scheduled to upgrade prod to 9.0.31 this weekend but I think I need to wait until this is resolved. I am going to revert to Tomcat 9.0.30 if for no other reason than to rule it out Also getting a random webpage error pop-up uploaded above |