[JIRA] (JENKINS-59203) Upgrading Jenkins to 2.176.3 breaks service hooks integration with Visualstudio.com

[even.juberg@gmail.com (JIRA)]

Even Juberg created an issue

Jenkins / JENKINS-59203 Upgrading Jenkins to 2.176.3 breaks service hooks integration with Visualstudio.com Issue Type: Bug Assignee: Unassigned Components: core Created: 2019-09-03 12:00 Environment: Jenins 2.176.3, TFS, Strict Crumb Issuer Priority: Minor Reporter: Even Juberg This issue was introduced when upgrading from Jenkins version 2.176.2 to 2.176.3. I believe this is related to the change referred https://jenkins.io/security/advisory/2019-08-28/, under CSRF protection [...]. Our development team is using visualstudio.com and have up til now used service hooks there, to trigger builds in jenkins. When upgrading to the latest version of jenkins these service hooks fail, referring to an invalid crumb. I have tried installing and using the "strict crumb issuer" plugin, but that does not seem to work at all with the service hooks from VS. Disabling CSRF seem to "fix the problem", but that is obviously not an option. Please advice. Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[dbeck@cloudbees.com (JIRA)]

Daniel Beck closed an issue as Not A Defect

Unfortunate, but intentional (sort of). Clients should use an API token, and not set a CSRF token.

Jenkins / JENKINS-59203 Upgrading Jenkins to 2.176.3 breaks service hooks integration with Visualstudio.com

Change By: Daniel Beck Status: Open Closed Resolution: Not A Defect

Add Comment