-
Bug
-
Resolution: Fixed
-
Critical
Since MyUserIdCause.user is not transient, the entire User object is serialized to a build record as per $JENKINS_HOME/users/*/config.xml, including dangerous things like a customized API token and credentials.
And the class is not static, so it serializes a reference to the BuildPipelineView mentioning it.
Example:
<?xml version='1.0' encoding='UTF-8'?> <build> <actions> ... <hudson.model.CauseAction> <causes> <au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView_-MyUserIdCause plugin="build-pipeline-plugin@1.3.3"> <userId>person@somewhere.com</userId> <user> <fullName>Some Person</fullName> <properties> <jenkins.security.ApiTokenProperty> <apiToken>OOPS!</apiToken> </jenkins.security.ApiTokenProperty> <com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty plugin="credentials@1.9.3"> <domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash"> <entry> ... </entry> </domainCredentialsMap> </com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty> <hudson.model.MyViewsProperty> <views> ... </views> </hudson.model.MyViewsProperty> <hudson.plugins.openid.OpenIdUserProperty plugin="openid@2.3"> <identifiers> <string>OOPS!</string> </identifiers> </hudson.plugins.openid.OpenIdUserProperty> ... </properties> </user> <outer-class reference="../user/properties/hudson.model.MyViewsProperty/views/au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView[10]"/> </au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView_-MyUserIdCause> </causes> </hudson.model.CauseAction> ... </actions> ... </build>
A Cause must be a static class with a small serial form. In this case you need only a String userId field; use User.get to retrieve the live object on demand.
(Or just use the standard UserIdCause. It is not clear why you felt the need to subclass that.)
- is related to
-
-
- Open
-