Our configuration is that users access Jenkins through an Apache2 reverse proxy that provides integrated browser authentication using Kerberos. Our Jenkins server is configured to use the reverse-proxy-auth to read the X-Forwarded-User HTTP header and set that as the Jenkins user identity.

This has ran for over a year without any issues.

Recently I updated to V1.546 of Jenkins. Any attempt to access Jenkins now results in a Null Pointer Exception on a page access, rendering this version of Jenkins totally unusable. I've attached the stack trace as a text file to preserve formatting.

Having a brief look at the code, this is occurring on line 366 of the latest reverse-proxy-auth plugin (V1.3). This is simply calling the HTTPServletRequest.getHeader method to retrieve any user name passed in the HTTP request. This is coded to the API docs which state that if such a header does not exist then NULL will be returned.

In V1.546, the implementation of this getHeader method has now started failing. I suspect this is a bug with the bundled version of the Jetty code rather than being a Jenkins code issue. I'll have a look at the code when I get a chance to trace this back but wanted to raise this in case anyone else experiences a similar issue and hopefully link it to any Jetty related bugs that might be raised.