Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24046

Updating a WAR should unpin a plugin which is now older than the bundled plugin

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      If you have some pinned plugins, and start running a new WAR file with different set/versions of bundled plugins, the current behavior of Jenkins is to unconditionally trust your pinned plugins and never use the bundled versions. But this can be very bad, if you have pinned an old version of a plugin and some other bundled plugins depend on a newer version. So Jenkins should prefer a bundled plugin (removing the pin) if it is newer than the pinned version.

          [JENKINS-24046] Updating a WAR should unpin a plugin which is now older than the bundled plugin

          Jesse Glick created issue -
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-21486 [ JENKINS-21486 ]
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-24047 [ JENKINS-24047 ]
          Jesse Glick made changes -
          Link Original: This issue is related to JENKINS-24047 [ JENKINS-24047 ]
          marcio duran made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          marcio duran made changes -
          Status Original: In Progress [ 3 ] New: Open [ 1 ]

          Daniel Beck added a comment -

          Just showing an admin monitor would be less surprising behavior.

          Daniel Beck added a comment - Just showing an admin monitor would be less surprising behavior.

          Jesse Glick added a comment -

          Well, by the time an admin sees that, you are already either running a possibly fatal mismatch of versions, or have rejected the combination (JENKINS-21486) and so have disabled the dependent plugin. Better for Jenkins to try to fix the problem immediately, and perhaps issue a warning later about what it did, than to knowingly run a broken configuration.

          Jesse Glick added a comment - Well, by the time an admin sees that, you are already either running a possibly fatal mismatch of versions, or have rejected the combination ( JENKINS-21486 ) and so have disabled the dependent plugin. Better for Jenkins to try to fix the problem immediately, and perhaps issue a warning later about what it did, than to knowingly run a broken configuration.

          Jesse Glick added a comment -

          The more conservative fix is to just add an administrative monitor when you are in this condition, advising you to upgrade.

          Jesse Glick added a comment - The more conservative fix is to just add an administrative monitor when you are in this condition, advising you to upgrade.
          Kohsuke Kawaguchi made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

            kohsuke Kohsuke Kawaguchi
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: