CloudBees CI invalid CSRF DefaultCrumbIssuer configuration elements in 2.555.X or newer

Issue

In the April 15, 2026 release of CloudBees CI, the deprecated CSRF proxy compatibility settings were removed. This currently breaks Configuration as Code (CasC) configuration where the excludeClientIPFromCrumb is set under the crumb issuer field.

  crumbIssuer:
    standard:
      excludeClientIPFromCrumb: false▼

Instances with the above configuration fail to start with an error message similar to below.

2026-04-23 20:40:34.333+0000 [id=46] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
io.jenkins.plugins.casc.UnknownAttributesException: standard: Invalid configuration elements for type: class hudson.security.csrf.DefaultCrumbIssuer : excludeClientIPFromCrumb.
[LF]> Available attributes :▼

Environment

Resolution

To resolve this issue, update the Crumb Issuer configuration in Configuration as Code bundles as shown below.

Old configuration

  crumbIssuer:
    standard:
      excludeClientIPFromCrumb: false▼

Expected Configuration

  crumbIssuer: "standard"▼

Tested product/plugin versions

CloudBees CI on modern cloud platforms - managed controller 2.555.1.36485

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.