[JENKINS-47736] JEP-200: Switch Remoting/XStream blacklist to a whitelist - Jenkins JIRA

XML

Word

Printable

Details

Type: Epic
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Fixed
Component/s: core, jenkins-test-harness, remoting
Labels:
- JEP-200
- classloader
- remoting
- security
- xstream

Epic Name:
JEP-200: Switch Remoting/XStream blacklist to a whitelist
Similar Issues:

Show

Description

Currently Remoting and XStream2 share a blacklist of classes thought to be dangerous to deserialize, due to historically reported remote code execution attacks. We should instead switch to a whitelist, plus some categorical exemptions.

Attachments

Issue Links

is blocked by

JENKINS-53613 Plugin affected by JEP-200

Open

JENKINS-53638 Maven Plugin Affected by JEP-200

Open

is related to

JENKINS-49699 Doktor plugin affected by JEP-200

Open

JENKINS-49237 CPPNCSS Plugin fails with "WARNING: java.util.Calendar in JRE might be dangerous,"

Resolved

JENKINS-48963 UnsupportedOperationException: Refusing to marshal com.sonymobile.tools.gerrit.gerritevents.watchdog.WatchTimeExceptionData for security reasons

Resolved

JENKINS-49089 UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons

Resolved

JENKINS-41751 Groovy PowerAssertions don't show a useful message when being CPS transformed

Resolved

JENKINS-49016 Android-lint plugin affected by JEP in 2.102

Resolved

JENKINS-49176 SimpleDateFormat is not whitelisted - JEP-200

Resolved

JENKINS-49573 Matrix Configuration Parameter Plugin is affected by JEP-200

Closed

JENKINS-50566 Google Compute Engine Plugin JEP-200 Class rejected

Closed

JENKINS-50460 Builds marked as failed - Dr Memory plugin (JEP-200)

Closed

JENKINS-49175 Job DSL Plugin violates whitelist

Closed

relates to

JENKINS-48734 JEP-200 - Make PCT usable for testing plugin compatibility with unreleased Jenkins Cores

Resolved

JENKINS-43875 Cleanup following SECURITY-429

Resolved

JENKINS-57796 Checkmarx affected by JEP-200

Open

JENKINS-49025 SecurityException: Rejected: java.lang.String$CaseInsensitiveComparator

Resolved

JENKINS-49130 Sonar Quality Gates run fails after upgrade to Jenkins 2.102/2.103

Resolved

JENKINS-48965 Refusing to marshal java.util.Collections$SynchronizedRandomAccessList for security reasons

Resolved

JENKINS-49586 JDepend plugin classes not in JEP-200 whitelist

Resolved

JENKINS-51331 AuditTrail plugin incompatible with JEP-200

Resolved

JENKINS-47158 Warnings about workflow/*-parallel-synthetic.xml serializing WorkflowRun objects

Closed

links to

CloudBees Internal OSS-2508

cloudbees-folder PR 116

copyartifact PR 97

core PR 3120

credentials PR 96

crx-content-package-deployer PR 8

dependency-check PR 20

dockerhub-notification PR 16

git-client PR 290

jenkins-test-harness PR 81

JEP 200

job-dsl PR 1092

kubernetes-pipeline PR 66

lib-jenkins-maven-embedder PR 15

monitoring PR 6

nexus-platform PR 16

parameterized-trigger PR 118

pipeline-build-step PR 17

priority-sorter PR 42

project-description-setter PR 2

Wiki Page with the list of affected plugins

workflow-cps PR 190

workflow-support PR 50

xtrigger-lib PR 9

(8 is related to, 9 relates to, 28 links to)

Activity

Ascending order - Click to sort in descending order

Jesse Glick created issue - 2017-10-30 18:02

Jesse Glick made changes - 2017-10-30 18:14

Field	Original Value	New Value
Status	Open [ 1 ]	In Progress [ 3 ]

Jesse Glick made changes - 2017-10-30 18:14

Remote Link

This issue links to "remoting PR 208 (Web Link)" [ 17952 ]

Jesse Glick made changes - 2017-10-30 18:17

Remote Link

This issue links to "jenkins-test-harness PR 81 (Web Link)" [ 17953 ]

Jesse Glick made changes - 2017-10-30 18:24

Remote Link

This issue links to "core PR 3120 (Web Link)" [ 17954 ]

Jesse Glick made changes - 2017-10-30 18:29

Remote Link

This issue links to "dockerhub-notification PR 16 (Web Link)" [ 17955 ]

Hide

Permalink

Jesse Glick added a comment - 2017-10-30 22:05

I filed a JEP which should be referred to for all details.

Show

Jesse Glick added a comment - 2017-10-30 22:05 I filed a JEP which should be referred to for all details.

Jesse Glick made changes - 2017-10-30 22:05

Remote Link

This issue links to "Draft JEP (Web Link)" [ 17956 ]

Jesse Glick made changes - 2017-10-30 22:05

Status

In Progress [ 3 ]

In Review [ 10005 ]

Hide

Permalink

SCM/JIRA link daemon added a comment - 2017-10-31 23:42

Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/registry/notification/webhook/dockerregistry/DockerRegistryWebHookPayload.java
http://jenkins-ci.org/commit/dockerhub-notification-plugin/162947aa5d4267fbb25ea8528c4fcdf2186eb31e
Log:
~~JENKINS-47736~~ Unnecessary serialization of a JSONObject.

Show

Hide

Permalink

SCM/JIRA link daemon added a comment - 2017-10-31 23:42

Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/registry/notification/webhook/dockerregistry/DockerRegistryWebHookPayload.java
http://jenkins-ci.org/commit/dockerhub-notification-plugin/9641b4f4d9d416119f9bc803a132994a9278340d
Log:
Merge pull request #16 from jglick/whitelist-~~JENKINS-47736~~

~~JENKINS-47736~~ Unnecessary serialization of a JSONObject

Compare: https://github.com/jenkinsci/dockerhub-notification-plugin/compare/59320217be7a...9641b4f4d9d4

Show

SCM/JIRA link daemon added a comment - 2017-10-31 23:42 Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/registry/notification/webhook/dockerregistry/DockerRegistryWebHookPayload.java http://jenkins-ci.org/commit/dockerhub-notification-plugin/9641b4f4d9d416119f9bc803a132994a9278340d Log: Merge pull request #16 from jglick/whitelist- JENKINS-47736 JENKINS-47736 Unnecessary serialization of a JSONObject Compare: https://github.com/jenkinsci/dockerhub-notification-plugin/compare/59320217be7a...9641b4f4d9d4

Hide

Permalink

SCM/JIRA link daemon added a comment - 2017-11-01 21:25

Code changed in jenkins
User: Jesse Glick
Path:
jep/200/README.adoc
http://jenkins-ci.org/commit/jep/feb7c55886d3ccf494537e1f35780b4166e699e1
Log:
DRAFT: JEP-200: Switch Remoting/XStream blacklist to a whitelist (#23)

~~JENKINS-47736~~ Draft JEP.

Changes from proofreading.

Some notes on testing, as newly required in #24.

Noting RemoteClassLoader rule.

Formatting for links

Replace plus with backtick

Assign JEP Number: 200

Show

SCM/JIRA link daemon added a comment - 2017-11-01 21:25 Code changed in jenkins User: Jesse Glick Path: jep/200/README.adoc http://jenkins-ci.org/commit/jep/feb7c55886d3ccf494537e1f35780b4166e699e1 Log: DRAFT: JEP-200: Switch Remoting/XStream blacklist to a whitelist (#23) JENKINS-47736 Draft JEP. Changes from proofreading. Some notes on testing, as newly required in #24. Noting RemoteClassLoader rule. Formatting for links Replace plus with backtick Assign JEP Number: 200

Jesse Glick made changes - 2017-11-02 16:07

Remote Link

This issue links to "Draft JEP (Web Link)" [ 17956 ]

Jesse Glick made changes - 2017-11-02 16:07

Remote Link

This issue links to "JEP 200 (Web Link)" [ 17981 ]

Jesse Glick made changes - 2017-11-17 02:27

Remote Link

This issue links to "JEP 200 (Web Link)" [ 17981 ]

Jesse Glick made changes - 2017-11-17 02:27

Remote Link

This issue links to "JEP 200 (Web Link)" [ 18104 ]

Hide

Permalink

SCM/JIRA link daemon added a comment - 2017-11-28 13:38

Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java
http://jenkins-ci.org/commit/jenkins-test-harness/3d9ebde50cf9dfcb297588f57d50905f8f94accc
Log:
~~JENKINS-47736~~ Do not even try to persist an Authentication.

Show

SCM/JIRA link daemon added a comment - 2017-11-28 13:38 Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java http://jenkins-ci.org/commit/jenkins-test-harness/3d9ebde50cf9dfcb297588f57d50905f8f94accc Log: JENKINS-47736 Do not even try to persist an Authentication.

Hide

Permalink

SCM/JIRA link daemon added a comment - 2017-11-28 13:38

Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java
http://jenkins-ci.org/commit/jenkins-test-harness/0639913590297601158e9aca395c3461005357df
Log:
Merge pull request #81 from jglick/whitelist-~~JENKINS-47736~~

~~JENKINS-47736~~ Do not even try to persist an Authentication

Compare: https://github.com/jenkinsci/jenkins-test-harness/compare/52ef2fe2a457...063991359029

Show

SCM/JIRA link daemon added a comment - 2017-11-28 13:38 Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java http://jenkins-ci.org/commit/jenkins-test-harness/0639913590297601158e9aca395c3461005357df Log: Merge pull request #81 from jglick/whitelist- JENKINS-47736 JENKINS-47736 Do not even try to persist an Authentication Compare: https://github.com/jenkinsci/jenkins-test-harness/compare/52ef2fe2a457...063991359029

Jesse Glick made changes - 2017-11-30 23:50

Remote Link

This issue links to "cloudbees-folder PR 116 (Web Link)" [ 18228 ]

James Dumay made changes - 2017-12-01 00:43

Remote Link

This issue links to "CloudBees Internal OSS-2508 (Web Link)" [ 18268 ]

Jesse Glick made changes - 2017-12-01 01:33

Remote Link

This issue links to "credentials PR 96 (Web Link)" [ 18295 ]

Jesse Glick made changes - 2017-12-01 01:39

Remote Link

This issue links to "parameterized-trigger PR 118 (Web Link)" [ 18296 ]

Jesse Glick made changes - 2017-12-01 01:46

Remote Link

This issue links to "workflow-cps PR 190 (Web Link)" [ 18297 ]

Jesse Glick made changes - 2017-12-01 01:49

Remote Link

This issue links to "pipeline-build-step PR 17 (Web Link)" [ 18298 ]

Jesse Glick made changes - 2017-12-06 03:08

Remote Link

This issue links to "copyartifact PR 97 (Web Link)" [ 19279 ]

Hide

Permalink

SCM/JIRA link daemon added a comment - 2017-12-07 22:17

Code changed in jenkins
User: Jesse Glick
Path:
src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
http://jenkins-ci.org/commit/copyartifact-plugin/e225ab7c034eb424a59372d55ac020aca8fe762f
Log:
Avoid a warning under ~~JENKINS-47736~~.

Show

SCM/JIRA link daemon added a comment - 2017-12-07 22:17 Code changed in jenkins User: Jesse Glick Path: src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java http://jenkins-ci.org/commit/copyartifact-plugin/e225ab7c034eb424a59372d55ac020aca8fe762f Log: Avoid a warning under JENKINS-47736 .

Jesse Glick made changes - 2017-12-08 14:08

Link

This issue relates to ~~JENKINS-47158~~ [ ~~JENKINS-47158~~ ]

Jesse Glick made changes - 2017-12-22 16:34

Remote Link

This issue links to "workflow-support PR 50 (Web Link)" [ 19532 ]

Jesse Glick made changes - 2017-12-22 16:35

Remote Link

This issue links to "git-client PR 290 (Web Link)" [ 19533 ]

Jesse Glick made changes - 2017-12-22 16:35

Remote Link

This issue links to "job-dsl PR 1092 (Web Link)" [ 19534 ]

Jesse Glick made changes - 2017-12-22 16:35

Remote Link

This issue links to "lib-jenkins-maven-embedder PR 15 (Web Link)" [ 19535 ]

Oleg Nenashev made changes - 2018-01-05 10:40

Link

This issue relates to ~~JENKINS-48734~~ [ ~~JENKINS-48734~~ ]

Hide

Permalink

Oleg Nenashev added a comment - 2018-01-05 10:41

I am going to convert it to EPIC so that we can track other action items separately

Show

Oleg Nenashev added a comment - 2018-01-05 10:41 I am going to convert it to EPIC so that we can track other action items separately

Oleg Nenashev made changes - 2018-01-05 10:41

Issue Type

New Feature [ 2 ]

Epic [ 10001 ]

Oleg Nenashev made changes - 2018-01-05 10:42

Epic Name		JEP-200: Switch Remoting/XStream blacklist to a whitelist
Labels	classloader remoting security xstream	classloader jep-200 remoting security xstream
Summary	Switch Remoting/XStream blacklist to a whitelist	JEP-200: Switch Remoting/XStream blacklist to a whitelist

Oleg Nenashev made changes - 2018-01-05 11:34

Epic Child

~~INFRA-1461~~ [ 187594 ]

Oleg Nenashev made changes - 2018-01-05 11:35

Remote Link

This issue links to "Wiki Page with the list of affected plugins (Web Link)" [ 19727 ]

Oleg Nenashev made changes - 2018-01-05 11:44

Epic Child

~~JENKINS-48814~~ [ 187595 ]

Hide

Permalink

SCM/JIRA link daemon added a comment - 2018-01-05 17:16

Code changed in jenkins
User: Oleg Nenashev
Path:
pom.xml
http://jenkins-ci.org/commit/lib-jenkins-maven-embedder/fdf0ac0ce2fac2d706ddca98b06cd825cbdfe319
Log:
Merge pull request #15 from jglick/Jenkins-ClassFilter-Whitelisted

~~JENKINS-47736~~ Jenkins-ClassFilter-Whitelisted

Show

SCM/JIRA link daemon added a comment - 2018-01-05 17:16 Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/lib-jenkins-maven-embedder/fdf0ac0ce2fac2d706ddca98b06cd825cbdfe319 Log: Merge pull request #15 from jglick/Jenkins-ClassFilter-Whitelisted JENKINS-47736 Jenkins-ClassFilter-Whitelisted

Hide

Permalink

SCM/JIRA link daemon added a comment - 2018-01-09 16:09

Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/hudson/remoting/ClassFilter.java
src/test/java/hudson/remoting/ClassFilterTest.java
http://jenkins-ci.org/commit/remoting/1fda115f080dc3fc1063ca3496f49bb2853f380e
Log:
~~JENKINS-47736~~ Introduced ClassFilter.setDefault (#208)

~~JENKINS-47736~~ Introduced ClassFilter.setDefault.

Review comments from @oleg-nenashev.

~~JENKINS-47736~~ - Add some annotations, mostly to kick-off CI

Show

SCM/JIRA link daemon added a comment - 2018-01-09 16:09 Code changed in jenkins User: Jesse Glick Path: src/main/java/hudson/remoting/ClassFilter.java src/test/java/hudson/remoting/ClassFilterTest.java http://jenkins-ci.org/commit/remoting/1fda115f080dc3fc1063ca3496f49bb2853f380e Log: JENKINS-47736 Introduced ClassFilter.setDefault (#208) JENKINS-47736 Introduced ClassFilter.setDefault. Review comments from @oleg-nenashev. JENKINS-47736 - Add some annotations, mostly to kick-off CI

Jesse Glick made changes - 2018-01-09 20:40

Remote Link

This issue links to "xtrigger-lib PR 9 (Web Link)" [ 19750 ]

Jesse Glick made changes - 2018-01-11 15:11

Remote Link

This issue links to "monitoring PR 6 (Web Link)" [ 19764 ]

Jesse Glick made changes - 2018-01-11 22:53

Remote Link

This issue links to "ruby-runtime PR 5 (Web Link)" [ 19769 ]

Jesse Glick made changes - 2018-01-11 23:10

Remote Link

This issue links to "priority-sorter PR 42 (Web Link)" [ 19770 ]

Jesse Glick made changes - 2018-01-11 23:38

Remote Link

This issue links to "project-description-setter PR 2 (Web Link)" [ 19771 ]

Jesse Glick made changes - 2018-01-12 00:00

Remote Link

This issue links to "publish-over PR 8 (Web Link)" [ 19773 ]

Jesse Glick made changes - 2018-01-12 14:15

Remote Link

This issue links to "dependency-check PR 20 (Web Link)" [ 19776 ]

Jesse Glick made changes - 2018-01-12 16:46

Remote Link

This issue links to "saltstack PR 116 (Web Link)" [ 19778 ]

Jesse Glick made changes - 2018-01-12 19:30

Remote Link

This issue links to "nexus-platform PR 16 (Web Link)" [ 19781 ]

Jesse Glick made changes - 2018-01-12 21:22

Remote Link

This issue links to "kubernetes-pipeline PR 66 (Web Link)" [ 19782 ]

Jesse Glick made changes - 2018-01-12 21:41

Remote Link

This issue links to "crx-content-package-deployer PR 8 (Web Link)" [ 19783 ]

Hide

Permalink

SCM/JIRA link daemon added a comment - 2018-01-12 22:41

Code changed in jenkins
User: Jesse Glick
Path:
core/src/main/java/hudson/util/XStream2.java
core/src/main/java/jenkins/model/Jenkins.java
core/src/main/java/jenkins/security/ClassFilterImpl.java
core/src/main/java/jenkins/security/CustomClassFilter.java
core/src/main/resources/jenkins/security/whitelisted-classes.txt
pom.xml
test/pom.xml
test/src/test/groovy/hudson/cli/BuildCommandTest.groovy
test/src/test/java/hudson/cli/BuildCommand2Test.java
test/src/test/java/hudson/util/XStream2Security383Test.java
test/src/test/java/jenkins/install/InstallUtilTest.java
test/src/test/java/jenkins/install/SetupWizardTest.java
test/src/test/java/jenkins/security/ClassFilterImplTest.java
test/src/test/java/jenkins/security/CustomClassFilterTest.java
test/src/test/java/jenkins/security/Security218CliTest.java
test/src/test/java/jenkins/security/Security218Test.java
test/src/test/resources/plugins/custom-class-filter.jpi
http://jenkins-ci.org/commit/jenkins/903b4461d37170ccda49ce6637adf7cf4a261b93
Log:
~~JENKINS-47736~~ Switch Remoting/XStream blacklist to a whitelist.

Show

SCM/JIRA link daemon added a comment - 2018-01-12 22:41 Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/util/XStream2.java core/src/main/java/jenkins/model/Jenkins.java core/src/main/java/jenkins/security/ClassFilterImpl.java core/src/main/java/jenkins/security/CustomClassFilter.java core/src/main/resources/jenkins/security/whitelisted-classes.txt pom.xml test/pom.xml test/src/test/groovy/hudson/cli/BuildCommandTest.groovy test/src/test/java/hudson/cli/BuildCommand2Test.java test/src/test/java/hudson/util/XStream2Security383Test.java test/src/test/java/jenkins/install/InstallUtilTest.java test/src/test/java/jenkins/install/SetupWizardTest.java test/src/test/java/jenkins/security/ClassFilterImplTest.java test/src/test/java/jenkins/security/CustomClassFilterTest.java test/src/test/java/jenkins/security/Security218CliTest.java test/src/test/java/jenkins/security/Security218Test.java test/src/test/resources/plugins/custom-class-filter.jpi http://jenkins-ci.org/commit/jenkins/903b4461d37170ccda49ce6637adf7cf4a261b93 Log: JENKINS-47736 Switch Remoting/XStream blacklist to a whitelist.

Hide

Permalink

SCM/JIRA link daemon added a comment - 2018-01-12 22:41

Code changed in jenkins
User: Oleg Nenashev
Path:
pom.xml
http://jenkins-ci.org/commit/jenkins/29362a5b7b94ddfe0ead38c423c54c81bfced53d
Log:
~~JENKINS-47736~~ - Use the new snapshot: remoting-3.16-20171228.162243-1

Show

SCM/JIRA link daemon added a comment - 2018-01-12 22:41 Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/29362a5b7b94ddfe0ead38c423c54c81bfced53d Log: JENKINS-47736 - Use the new snapshot: remoting-3.16-20171228.162243-1

Hide

Permalink

SCM/JIRA link daemon added a comment - 2018-01-12 22:41

Code changed in jenkins
User: Oleg Nenashev
Path:
pom.xml
http://jenkins-ci.org/commit/jenkins/88e756de6fe6c3333658e6d4be6aad2323a63e09
Log:
~~JENKINS-47736~~ - Use the released version of Remoting 3.16

Show

SCM/JIRA link daemon added a comment - 2018-01-12 22:41 Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/88e756de6fe6c3333658e6d4be6aad2323a63e09 Log: JENKINS-47736 - Use the released version of Remoting 3.16

Hide

Permalink

SCM/JIRA link daemon added a comment - 2018-01-12 22:41

Code changed in jenkins
User: Jesse Glick
Path:
core/src/main/java/hudson/PluginManager.java
core/src/main/java/hudson/util/XStream2.java
core/src/main/java/jenkins/MasterToSlaveFileCallable.java
core/src/main/java/jenkins/SlaveToMasterFileCallable.java
core/src/main/java/jenkins/model/Jenkins.java
core/src/main/java/jenkins/security/ClassFilterImpl.java
core/src/main/java/jenkins/security/CustomClassFilter.java
core/src/main/java/jenkins/security/MasterToSlaveCallable.java
core/src/main/java/jenkins/security/SlaveToMasterCallable.java
core/src/main/resources/jenkins/security/whitelisted-classes.txt
pom.xml
test/src/test/java/hudson/util/XStream2Security383Test.java
test/src/test/java/jenkins/install/InstallUtilTest.java
test/src/test/java/jenkins/install/SetupWizardTest.java
test/src/test/java/jenkins/security/ClassFilterImplTest.java
test/src/test/java/jenkins/security/CustomClassFilterTest.java
test/src/test/java/jenkins/security/Security218CliTest.java
test/src/test/java/jenkins/security/Security218Test.java
test/src/test/resources/plugins/custom-class-filter.jpi
http://jenkins-ci.org/commit/jenkins/cb4903c20e788f015f6210a965a2759009ff24f2
Log:
[JEP-200] ~~JENKINS-47736~~ Merged #3120: ClassFilterImpl

Show

SCM/JIRA link daemon added a comment - 2018-01-12 22:41 Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/hudson/util/XStream2.java core/src/main/java/jenkins/MasterToSlaveFileCallable.java core/src/main/java/jenkins/SlaveToMasterFileCallable.java core/src/main/java/jenkins/model/Jenkins.java core/src/main/java/jenkins/security/ClassFilterImpl.java core/src/main/java/jenkins/security/CustomClassFilter.java core/src/main/java/jenkins/security/MasterToSlaveCallable.java core/src/main/java/jenkins/security/SlaveToMasterCallable.java core/src/main/resources/jenkins/security/whitelisted-classes.txt pom.xml test/src/test/java/hudson/util/XStream2Security383Test.java test/src/test/java/jenkins/install/InstallUtilTest.java test/src/test/java/jenkins/install/SetupWizardTest.java test/src/test/java/jenkins/security/ClassFilterImplTest.java test/src/test/java/jenkins/security/CustomClassFilterTest.java test/src/test/java/jenkins/security/Security218CliTest.java test/src/test/java/jenkins/security/Security218Test.java test/src/test/resources/plugins/custom-class-filter.jpi http://jenkins-ci.org/commit/jenkins/cb4903c20e788f015f6210a965a2759009ff24f2 Log: [JEP-200] JENKINS-47736 Merged #3120: ClassFilterImpl

Hide

Permalink

Jesse Glick added a comment - 2018-01-12 22:42

Merged toward 2.102.

Show

Jesse Glick added a comment - 2018-01-12 22:42 Merged toward 2.102.

Jesse Glick made changes - 2018-01-12 22:42

Resolution		Fixed [ 1 ]
Status	In Review [ 10005 ]	Resolved [ 5 ]

Remi Van Goethem made changes - 2018-01-15 07:42

Epic Child

~~JENKINS-48932~~ [ 187737 ]

Marc des Garets made changes - 2018-01-16 14:23

Link

This issue is related to ~~JENKINS-48963~~ [ ~~JENKINS-48963~~ ]

Norbert Pfistner made changes - 2018-01-16 14:31

Link

This issue relates to ~~JENKINS-48965~~ [ ~~JENKINS-48965~~ ]

Remi Van Goethem made changes - 2018-01-17 07:05

Epic Child

~~JENKINS-48984~~ [ 187800 ]

Nicholas Tones made changes - 2018-01-17 10:35

Epic Child

~~JENKINS-48991~~ [ 187807 ]

Walter den Besten made changes - 2018-01-18 11:10

Epic Child

~~JENKINS-49016~~ [ 187835 ]

Walter den Besten made changes - 2018-01-18 11:11

Link

This issue is related to ~~JENKINS-49016~~ [ ~~JENKINS-49016~~ ]

Jesse Glick made changes - 2018-01-18 14:19

Epic Child

~~JENKINS-48984~~ [ 187800 ]

Jesse Glick made changes - 2018-01-18 15:26

Labels

classloader jep-200 remoting security xstream

JEP-200 classloader remoting security xstream

Tom Fanning made changes - 2018-01-18 15:31

Epic Child

~~JENKINS-49025~~ [ 187845 ]

Tom Fanning made changes - 2018-01-18 15:32

Link

This issue is related to ~~JENKINS-49025~~ [ ~~JENKINS-49025~~ ]

Tom Fanning made changes - 2018-01-18 15:33

Link

This issue relates to ~~JENKINS-49025~~ [ ~~JENKINS-49025~~ ]

Tom Fanning made changes - 2018-01-18 15:33

Link

This issue is related to ~~JENKINS-49025~~ [ ~~JENKINS-49025~~ ]

Pieter-Jan Busschaert made changes - 2018-01-22 09:05

Epic Child

~~JENKINS-49070~~ [ 187896 ]

Marco Rothe made changes - 2018-01-23 08:03

Epic Child

~~JENKINS-49089~~ [ 187922 ]

Marco Rothe made changes - 2018-01-23 08:04

Link

This issue is related to ~~JENKINS-49085~~ [ ~~JENKINS-49085~~ ]

Marco Rothe made changes - 2018-01-23 08:07

Link

This issue is related to ~~JENKINS-49085~~ [ ~~JENKINS-49085~~ ]

Marco Rothe made changes - 2018-01-23 08:08

Link

This issue is related to ~~JENKINS-49089~~ [ ~~JENKINS-49089~~ ]

Martin Kjellqvist made changes - 2018-01-24 11:04

Link

This issue relates to ~~JENKINS-49130~~ [ ~~JENKINS-49130~~ ]

Emil Wypych made changes - 2018-01-25 19:56

Link

This issue is related to ~~JENKINS-49175~~ [ ~~JENKINS-49175~~ ]

Emil Wypych made changes - 2018-01-25 20:04

Link

This issue is related to ~~JENKINS-49176~~ [ ~~JENKINS-49176~~ ]

Konrad Grochowski made changes - 2018-01-29 20:21

Link

This issue is related to ~~JENKINS-49237~~ [ ~~JENKINS-49237~~ ]

wesley Brown made changes - 2018-01-30 22:46

Epic Child

~~JENKINS-49282~~ [ 188140 ]

Stan Corbin made changes - 2018-02-05 15:30

Epic Child

~~JENKINS-49377~~ [ 188249 ]

David Gangel made changes - 2018-02-15 07:46

Link

This issue is related to ~~JENKINS-49573~~ [ ~~JENKINS-49573~~ ]

Reinhold Füreder made changes - 2018-02-15 12:41

Link

This issue is related to ~~JENKINS-41751~~ [ ~~JENKINS-41751~~ ]

Chuck Burgess made changes - 2018-02-15 17:41

Link

This issue relates to ~~JENKINS-49586~~ [ ~~JENKINS-49586~~ ]

Oleg Nenashev made changes - 2018-02-19 10:12

Link

This issue relates to ~~JENKINS-43875~~ [ ~~JENKINS-43875~~ ]

Laurent Dufour made changes - 2018-02-22 16:52

Link

This issue is related to JENKINS-49699 [ JENKINS-49699 ]

Björn Becker made changes - 2018-02-23 11:42

Epic Child

~~JENKINS-49715~~ [ 188654 ]

Michael Parker made changes - 2018-03-14 18:06

Epic Child

~~JENKINS-50175~~ [ 189194 ]

Piotr Bogdanski made changes - 2018-03-28 14:06

Link

This issue is blocked by ~~JENKINS-50460~~ [ ~~JENKINS-50460~~ ]

Piotr Bogdanski made changes - 2018-03-28 14:10

Link

This issue is blocked by ~~JENKINS-50460~~ [ ~~JENKINS-50460~~ ]

Piotr Bogdanski made changes - 2018-03-28 14:11

Link

This issue is related to ~~JENKINS-50460~~ [ ~~JENKINS-50460~~ ]

Emil Wypych made changes - 2018-04-04 09:24

Link

This issue is related to ~~JENKINS-50566~~ [ ~~JENKINS-50566~~ ]

angel liang made changes - 2018-04-12 08:37

Link

This issue is blocking SECURITY-800 [ SECURITY-800 ]

angel liang made changes - 2018-04-13 06:49

Epic Child

~~JENKINS-50781~~ [ 189887 ]

Bernhard Berbuir made changes - 2018-05-15 10:56

Link

This issue relates to ~~JENKINS-51331~~ [ ~~JENKINS-51331~~ ]

Narla Swathi made changes - 2018-05-31 13:05

Epic Child

~~JENKINS-51634~~ [ 191047 ]

Ricardo Amendolia made changes - 2018-06-04 15:40

Epic Child

~~JENKINS-51691~~ [ 191130 ]

sakshi sood made changes - 2018-09-13 14:25

Link

This issue is blocked by ~~JENKINS-53456~~ [ ~~JENKINS-53456~~ ]

sakshi sood made changes - 2018-09-17 12:33

Epic Child

JENKINS-53613 [ 194097 ]

Jesse Glick made changes - 2018-09-17 14:12

Link

This issue is blocked by ~~JENKINS-53456~~ [ ~~JENKINS-53456~~ ]

sakshi sood made changes - 2018-09-18 08:44

Link

This issue is blocked by JENKINS-53613 [ JENKINS-53613 ]

sakshi sood made changes - 2018-09-18 09:24

Link

This issue is blocked by JENKINS-53638 [ JENKINS-53638 ]

Alexander Komarov made changes - 2019-06-10 15:20

Link

This issue relates to JENKINS-57796 [ JENKINS-57796 ]

Jason Gross made changes - 2020-06-04 16:09

Epic Child

JENKINS-62571 [ 206594 ]

People

Assignee:: Jesse Glick

Reporter:: Jesse Glick

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017-10-30 18:02

Updated:: 2020-06-04 16:09

Resolved:: 2018-01-12 22:42