Xlr-jenkins-plugin issue with latest Jenkins with CSRF enabled


There are 2 frequently existing issues Jenkins 2.176.3

Common customer raised issues
Issue 1:
Executed a release using XLR. First Jenkins's job in one phase was successful. After some time, we restarted the complete phase but when the same Jenkins job was executed it did not do anything but rather just returned back with the same build number (which was executed before some time). We were expecting that the new build should be created. But the task was being shown as a success based on earlier executed Jenkins build.

We are using Jenkins ver. 2.190.1 and XL Release Version 8.5.4 .When I try to trigger Jenkins build task from XL Release I am getting 403 errors if CSRF is enabled in Jenkins. Whereas if I remove CSRF in Jenkins it works fine.

As of xl-release Jenkins plugin 9.5.x plugin doesn’t fully support CSRF capability
There have been few changes made by Jenkins recently (from 2.176.3) to handle the security where sessionID needs to be shared for every call being made from xlr-jenkins-plugin otherwise it will keep point at the last JOB.

Till the time we don’t have an updated plugin there is two way to deal with this problem:

1. Disable CSRF
If CSRF is mandatory then we need to use the option 2
2. Assuming CSRF is enabled. Create API Token and use that token as a password for the xl-release Jenkins build job. It will authenticate every job trigger you will make and give you the correct build number.