Jenkins 1.651.2 introduced a security fix that strip parameters that are not explicitly defined in jobs. The Jenkins Gearman plugin requires that functionality to inject build parameters, thus we have disabled that security feature by passing to Jenkins: -Dhudson.model.ParametersAction.keepUndefinedParameters=true
We would need the Gearman plugin to autowhitelist parameters it injects as per James E. Blair (OpenStack) on http://lists.openstack.org/pipermail/openstack-infra/2016-May/004285.html
Yes, we assume the parameters passed in via gearman are safe, as they are provided either by zuul directly, or indirectly by custom functions in zuul's configuration managed by the zuul system administrator. So this was a feature in Jenkins on which we relied. I think it makes the most sense for the gearman plugin to be updated to autowhitelist them if that is possible. Is someone interested in working on that?
In the mean time, assuming that your system is entirely driven by Zuul+gearman and you do not have jobs that are triggered by other plugins where this behavior might not be desirable, I think the command line option you mentioned should be safe.
-Jim
Then upgrade the Gearman plugin and figure out other parameters we might need to whitelist.
Once done, we can revert a6770d165e46b55e3ca719a6fd4be71d64691af0
Full context in T133737