| 2019-07-22 20:27:21 |
Pascal Hofmann |
description |
Starting with Jenkins version 2.176.2 CSRF tokens will now also check the web session ID to confirm they were created in the same session. This fix impacts python-jenkins because it obtains a crumb from the crumb issuer API. python-jenkins needs to be updated to retain the session ID for subsequent requests. For further information, see https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626 |
The crumb gets invalid after a call to disable_node / enabled_node. The new crumb from the response should be taken or the crumb should be unset so a new crumb is obtained for all following requests. |
|
