Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32433

folders should have a depth limit for rest api calls

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Cloudbees Jenkins 14.11

      When users are using the rest api interface with a folder, the depth limit allows very large amounts of data to be returned, which can overload Jenkins.

      There is no way to stop this in Jenkins, only by using apache in front of Jenkins and blocking patterns and query strings is this possible.

      CB published an article on how to use tree to limit this

      https://www.cloudbees.com/blog/taming-jenkins-json-api-depth-and-tree

          [JENKINS-32433] folders should have a depth limit for rest api calls

          Jesse Glick added a comment -

          I would interpret this as a more general request for a way to block any Api.doJson/Xml call if tree were omitted.

          Jesse Glick added a comment - I would interpret this as a more general request for a way to block any Api.doJson/Xml call if tree were omitted.

            jglick Jesse Glick
            mjbros Mike Brosnan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: