如何在Jenkins中禁用注入环境变量的可视化 [英] How to Disable the visualization of Injected Environment variables in Jenkins
本文介绍了如何在Jenkins中禁用注入环境变量的可视化的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Jenkins SECURITY-248指出,我应该禁用全局配置中注入环境变量的可视化."我在配置中找不到此设置.任何帮助将不胜感激.
Jenkins SECURITY-248 states that I should "Disable the visualization of Injected Environment variables in the global configuration." I cannot find this setting in the Configuration. Any help will be appreciated.
推荐答案
您可以执行以下操作以确保正确解决此安全问题:
You can do the following to make sure to address this security issue correctly:
- 通过执行以下命令来检查是否有受此安全问题影响的文件:
sudo find . -name "injectedEnvVars.txt"
- 通过执行以下命令来递归删除所有文件:
sudo find . -name "injectedEnvVars.txt" -delete
- 重新执行步骤1,以确保没有剩余文件.
- 从
Environment Injector Plugin
下的Configure Global Security
转到Do not show injected variables
,转到Jenkins实例. - 在
Hidden security warnings
下的Configure Global Security
中,单击Security Warnings
,然后取消选中Environment Injector Plugin: Exposure of sensitive build variables stored by EnvInject 1.90 and earlier
.这样可以确保隐藏该错误消息,使其不再出现.
- Check to see if you have any files affected by this security issue by executing this command:
sudo find . -name "injectedEnvVars.txt"
- Delete all the files recursively by executing the following command:
sudo find . -name "injectedEnvVars.txt" -delete
- Re-execute step #1 to make sure there are no files left.
- Go to the Jenkins instance, from
Configure Global Security
underEnvironment Injector Plugin
checkDo not show injected variables
. - From
Configure Global Security
underHidden security warnings
, click onSecurity Warnings
and then uncheckEnvironment Injector Plugin: Exposure of sensitive build variables stored by EnvInject 1.90 and earlier
. This will make sure to hide that error message so it doesn’t appear again.
参考: https://jenkins.io/security/advisory/2018-02-26/#SECURITY-248
这篇关于如何在Jenkins中禁用注入环境变量的可视化的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文