Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47736

JEP-200: Switch Remoting/XStream blacklist to a whitelist

    XMLWordPrintable

    Details

    • Epic Name:
      JEP-200: Switch Remoting/XStream blacklist to a whitelist
    • Similar Issues:

      Description

      Currently Remoting and XStream2 share a blacklist of classes thought to be dangerous to deserialize, due to historically reported remote code execution attacks. We should instead switch to a whitelist, plus some categorical exemptions.

        Attachments

          Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-53613 Plugin affected by JEP-200

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-53638 Maven Plugin Affected by JEP-200

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49699 Doktor plugin affected by JEP-200

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49237 CPPNCSS Plugin fails with "WARNING: java.util.Calendar in JRE might be dangerous,"

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48963 UnsupportedOperationException: Refusing to marshal com.sonymobile.tools.gerrit.gerritevents.watchdog.WatchTimeExceptionData for security reasons

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49089 UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-41751 Groovy PowerAssertions don't show a useful message when being CPS transformed

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49016 Android-lint plugin affected by JEP in 2.102

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49176 SimpleDateFormat is not whitelisted - JEP-200

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49573 Matrix Configuration Parameter Plugin is affected by JEP-200

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-50566 Google Compute Engine Plugin JEP-200 Class rejected

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-50460 Builds marked as failed - Dr Memory plugin (JEP-200)

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49175 Job DSL Plugin violates whitelist

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. JENKINS-48734 JEP-200 - Make PCT usable for testing plugin compatibility with unreleased Jenkins Cores

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-43875 Cleanup following SECURITY-429

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-57796 Checkmarx affected by JEP-200

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49025 SecurityException: Rejected: java.lang.String$CaseInsensitiveComparator

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49130 Sonar Quality Gates run fails after upgrade to Jenkins 2.102/2.103

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48965 Refusing to marshal java.util.Collections$SynchronizedRandomAccessList for security reasons

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49586 JDepend plugin classes not in JEP-200 whitelist

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-51331 AuditTrail plugin incompatible with JEP-200

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-47158 Warnings about workflow/*-parallel-synthetic.xml serializing WorkflowRun objects

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          links to

          Web Link CloudBees Internal OSS-2508

          Web Link cloudbees-folder PR 116

          Web Link copyartifact PR 97

          Web Link core PR 3120

          Web Link credentials PR 96

          Web Link crx-content-package-deployer PR 8

          Web Link dependency-check PR 20

          Web Link dockerhub-notification PR 16

          Web Link git-client PR 290

          Web Link jenkins-test-harness PR 81

          Web Link JEP 200

          Web Link job-dsl PR 1092

          Web Link kubernetes-pipeline PR 66

          Web Link lib-jenkins-maven-embedder PR 15

          Web Link monitoring PR 6

          Web Link nexus-platform PR 16

          Web Link parameterized-trigger PR 118

          Web Link pipeline-build-step PR 17

          Web Link priority-sorter PR 42

          Web Link project-description-setter PR 2

          Web Link publish-over PR 8

          Web Link remoting PR 208

          Web Link ruby-runtime PR 5

          Web Link saltstack PR 116

          Web Link Wiki Page with the list of affected plugins

          Web Link workflow-cps PR 190

          Web Link workflow-support PR 50

          Web Link xtrigger-lib PR 9

            Activity

            Ascending order - Click to sort in descending order
            jglick Jesse Glick created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "remoting PR 208 (Web Link)" [ 17952 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "jenkins-test-harness PR 81 (Web Link)" [ 17953 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "core PR 3120 (Web Link)" [ 17954 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "dockerhub-notification PR 16 (Web Link)" [ 17955 ]
            Hide
            Permalink
            jglick Jesse Glick added a comment -

            I filed a JEP which should be referred to for all details.

            Show
            jglick Jesse Glick added a comment - I filed a JEP which should be referred to for all details.
            jglick Jesse Glick made changes -
            Remote Link This issue links to "Draft JEP (Web Link)" [ 17956 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/registry/notification/webhook/dockerregistry/DockerRegistryWebHookPayload.java
            http://jenkins-ci.org/commit/dockerhub-notification-plugin/162947aa5d4267fbb25ea8528c4fcdf2186eb31e
            Log:
            JENKINS-47736 Unnecessary serialization of a JSONObject.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/registry/notification/webhook/dockerregistry/DockerRegistryWebHookPayload.java http://jenkins-ci.org/commit/dockerhub-notification-plugin/162947aa5d4267fbb25ea8528c4fcdf2186eb31e Log: JENKINS-47736 Unnecessary serialization of a JSONObject.
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/registry/notification/webhook/dockerregistry/DockerRegistryWebHookPayload.java
            http://jenkins-ci.org/commit/dockerhub-notification-plugin/9641b4f4d9d416119f9bc803a132994a9278340d
            Log:
            Merge pull request #16 from jglick/whitelist-JENKINS-47736

            JENKINS-47736 Unnecessary serialization of a JSONObject

            Compare: https://github.com/jenkinsci/dockerhub-notification-plugin/compare/59320217be7a...9641b4f4d9d4

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/registry/notification/webhook/dockerregistry/DockerRegistryWebHookPayload.java http://jenkins-ci.org/commit/dockerhub-notification-plugin/9641b4f4d9d416119f9bc803a132994a9278340d Log: Merge pull request #16 from jglick/whitelist- JENKINS-47736 JENKINS-47736 Unnecessary serialization of a JSONObject Compare: https://github.com/jenkinsci/dockerhub-notification-plugin/compare/59320217be7a...9641b4f4d9d4
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            jep/200/README.adoc
            http://jenkins-ci.org/commit/jep/feb7c55886d3ccf494537e1f35780b4166e699e1
            Log:
            DRAFT: JEP-200: Switch Remoting/XStream blacklist to a whitelist (#23)

            • Changes from proofreading.
            • Some notes on testing, as newly required in #24.
            • Noting RemoteClassLoader rule.
            • Formatting for links
            • Replace plus with backtick
            • Assign JEP Number: 200
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: jep/200/README.adoc http://jenkins-ci.org/commit/jep/feb7c55886d3ccf494537e1f35780b4166e699e1 Log: DRAFT: JEP-200: Switch Remoting/XStream blacklist to a whitelist (#23) JENKINS-47736 Draft JEP. Changes from proofreading. Some notes on testing, as newly required in #24. Noting RemoteClassLoader rule. Formatting for links Replace plus with backtick Assign JEP Number: 200
            jglick Jesse Glick made changes -
            Remote Link This issue links to "Draft JEP (Web Link)" [ 17956 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "JEP 200 (Web Link)" [ 17981 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "JEP 200 (Web Link)" [ 17981 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "JEP 200 (Web Link)" [ 18104 ]
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java
            http://jenkins-ci.org/commit/jenkins-test-harness/3d9ebde50cf9dfcb297588f57d50905f8f94accc
            Log:
            JENKINS-47736 Do not even try to persist an Authentication.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java http://jenkins-ci.org/commit/jenkins-test-harness/3d9ebde50cf9dfcb297588f57d50905f8f94accc Log: JENKINS-47736 Do not even try to persist an Authentication.
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java
            http://jenkins-ci.org/commit/jenkins-test-harness/0639913590297601158e9aca395c3461005357df
            Log:
            Merge pull request #81 from jglick/whitelist-JENKINS-47736

            JENKINS-47736 Do not even try to persist an Authentication

            Compare: https://github.com/jenkinsci/jenkins-test-harness/compare/52ef2fe2a457...063991359029

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jvnet/hudson/test/MockQueueItemAuthenticator.java http://jenkins-ci.org/commit/jenkins-test-harness/0639913590297601158e9aca395c3461005357df Log: Merge pull request #81 from jglick/whitelist- JENKINS-47736 JENKINS-47736 Do not even try to persist an Authentication Compare: https://github.com/jenkinsci/jenkins-test-harness/compare/52ef2fe2a457...063991359029
            jglick Jesse Glick made changes -
            Remote Link This issue links to "cloudbees-folder PR 116 (Web Link)" [ 18228 ]
            jamesdumay James Dumay made changes -
            Remote Link This issue links to "CloudBees Internal OSS-2508 (Web Link)" [ 18268 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "credentials PR 96 (Web Link)" [ 18295 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "parameterized-trigger PR 118 (Web Link)" [ 18296 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "workflow-cps PR 190 (Web Link)" [ 18297 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "pipeline-build-step PR 17 (Web Link)" [ 18298 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "copyartifact PR 97 (Web Link)" [ 19279 ]
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
            http://jenkins-ci.org/commit/copyartifact-plugin/e225ab7c034eb424a59372d55ac020aca8fe762f
            Log:
            Avoid a warning under JENKINS-47736.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java http://jenkins-ci.org/commit/copyartifact-plugin/e225ab7c034eb424a59372d55ac020aca8fe762f Log: Avoid a warning under JENKINS-47736 .
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-47158 [ JENKINS-47158 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "workflow-support PR 50 (Web Link)" [ 19532 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "git-client PR 290 (Web Link)" [ 19533 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "job-dsl PR 1092 (Web Link)" [ 19534 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "lib-jenkins-maven-embedder PR 15 (Web Link)" [ 19535 ]
            oleg_nenashev Oleg Nenashev made changes -
            Link This issue relates to JENKINS-48734 [ JENKINS-48734 ]
            Hide
            Permalink
            oleg_nenashev Oleg Nenashev added a comment -

            I am going to convert it to EPIC so that we can track other action items separately

            Show
            oleg_nenashev Oleg Nenashev added a comment - I am going to convert it to EPIC so that we can track other action items separately
            oleg_nenashev Oleg Nenashev made changes -
            Issue Type New Feature [ 2 ] Epic [ 10001 ]
            oleg_nenashev Oleg Nenashev made changes -
            Epic Name JEP-200: Switch Remoting/XStream blacklist to a whitelist
            Labels classloader remoting security xstream classloader jep-200 remoting security xstream
            Summary Switch Remoting/XStream blacklist to a whitelist JEP-200: Switch Remoting/XStream blacklist to a whitelist
            oleg_nenashev Oleg Nenashev made changes -
            Epic Child INFRA-1461 [ 187594 ]
            oleg_nenashev Oleg Nenashev made changes -
            Remote Link This issue links to "Wiki Page with the list of affected plugins (Web Link)" [ 19727 ]
            oleg_nenashev Oleg Nenashev made changes -
            Epic Child JENKINS-48814 [ 187595 ]
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            pom.xml
            http://jenkins-ci.org/commit/lib-jenkins-maven-embedder/fdf0ac0ce2fac2d706ddca98b06cd825cbdfe319
            Log:
            Merge pull request #15 from jglick/Jenkins-ClassFilter-Whitelisted

            JENKINS-47736 Jenkins-ClassFilter-Whitelisted

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/lib-jenkins-maven-embedder/fdf0ac0ce2fac2d706ddca98b06cd825cbdfe319 Log: Merge pull request #15 from jglick/Jenkins-ClassFilter-Whitelisted JENKINS-47736 Jenkins-ClassFilter-Whitelisted
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/hudson/remoting/ClassFilter.java
            src/test/java/hudson/remoting/ClassFilterTest.java
            http://jenkins-ci.org/commit/remoting/1fda115f080dc3fc1063ca3496f49bb2853f380e
            Log:
            JENKINS-47736 Introduced ClassFilter.setDefault (#208)

            • Review comments from @oleg-nenashev.
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/hudson/remoting/ClassFilter.java src/test/java/hudson/remoting/ClassFilterTest.java http://jenkins-ci.org/commit/remoting/1fda115f080dc3fc1063ca3496f49bb2853f380e Log: JENKINS-47736 Introduced ClassFilter.setDefault (#208) JENKINS-47736 Introduced ClassFilter.setDefault. Review comments from @oleg-nenashev. JENKINS-47736 - Add some annotations, mostly to kick-off CI
            jglick Jesse Glick made changes -
            Remote Link This issue links to "xtrigger-lib PR 9 (Web Link)" [ 19750 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "monitoring PR 6 (Web Link)" [ 19764 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "ruby-runtime PR 5 (Web Link)" [ 19769 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "priority-sorter PR 42 (Web Link)" [ 19770 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "project-description-setter PR 2 (Web Link)" [ 19771 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "publish-over PR 8 (Web Link)" [ 19773 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "dependency-check PR 20 (Web Link)" [ 19776 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "saltstack PR 116 (Web Link)" [ 19778 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "nexus-platform PR 16 (Web Link)" [ 19781 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "kubernetes-pipeline PR 66 (Web Link)" [ 19782 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "crx-content-package-deployer PR 8 (Web Link)" [ 19783 ]
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/hudson/util/XStream2.java
            core/src/main/java/jenkins/model/Jenkins.java
            core/src/main/java/jenkins/security/ClassFilterImpl.java
            core/src/main/java/jenkins/security/CustomClassFilter.java
            core/src/main/resources/jenkins/security/whitelisted-classes.txt
            pom.xml
            test/pom.xml
            test/src/test/groovy/hudson/cli/BuildCommandTest.groovy
            test/src/test/java/hudson/cli/BuildCommand2Test.java
            test/src/test/java/hudson/util/XStream2Security383Test.java
            test/src/test/java/jenkins/install/InstallUtilTest.java
            test/src/test/java/jenkins/install/SetupWizardTest.java
            test/src/test/java/jenkins/security/ClassFilterImplTest.java
            test/src/test/java/jenkins/security/CustomClassFilterTest.java
            test/src/test/java/jenkins/security/Security218CliTest.java
            test/src/test/java/jenkins/security/Security218Test.java
            test/src/test/resources/plugins/custom-class-filter.jpi
            http://jenkins-ci.org/commit/jenkins/903b4461d37170ccda49ce6637adf7cf4a261b93
            Log:
            JENKINS-47736 Switch Remoting/XStream blacklist to a whitelist.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/util/XStream2.java core/src/main/java/jenkins/model/Jenkins.java core/src/main/java/jenkins/security/ClassFilterImpl.java core/src/main/java/jenkins/security/CustomClassFilter.java core/src/main/resources/jenkins/security/whitelisted-classes.txt pom.xml test/pom.xml test/src/test/groovy/hudson/cli/BuildCommandTest.groovy test/src/test/java/hudson/cli/BuildCommand2Test.java test/src/test/java/hudson/util/XStream2Security383Test.java test/src/test/java/jenkins/install/InstallUtilTest.java test/src/test/java/jenkins/install/SetupWizardTest.java test/src/test/java/jenkins/security/ClassFilterImplTest.java test/src/test/java/jenkins/security/CustomClassFilterTest.java test/src/test/java/jenkins/security/Security218CliTest.java test/src/test/java/jenkins/security/Security218Test.java test/src/test/resources/plugins/custom-class-filter.jpi http://jenkins-ci.org/commit/jenkins/903b4461d37170ccda49ce6637adf7cf4a261b93 Log: JENKINS-47736 Switch Remoting/XStream blacklist to a whitelist.
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            pom.xml
            http://jenkins-ci.org/commit/jenkins/29362a5b7b94ddfe0ead38c423c54c81bfced53d
            Log:
            JENKINS-47736 - Use the new snapshot: remoting-3.16-20171228.162243-1

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/29362a5b7b94ddfe0ead38c423c54c81bfced53d Log: JENKINS-47736 - Use the new snapshot: remoting-3.16-20171228.162243-1
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            pom.xml
            http://jenkins-ci.org/commit/jenkins/88e756de6fe6c3333658e6d4be6aad2323a63e09
            Log:
            JENKINS-47736 - Use the released version of Remoting 3.16

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/jenkins/88e756de6fe6c3333658e6d4be6aad2323a63e09 Log: JENKINS-47736 - Use the released version of Remoting 3.16
            Hide
            Permalink
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/hudson/PluginManager.java
            core/src/main/java/hudson/util/XStream2.java
            core/src/main/java/jenkins/MasterToSlaveFileCallable.java
            core/src/main/java/jenkins/SlaveToMasterFileCallable.java
            core/src/main/java/jenkins/model/Jenkins.java
            core/src/main/java/jenkins/security/ClassFilterImpl.java
            core/src/main/java/jenkins/security/CustomClassFilter.java
            core/src/main/java/jenkins/security/MasterToSlaveCallable.java
            core/src/main/java/jenkins/security/SlaveToMasterCallable.java
            core/src/main/resources/jenkins/security/whitelisted-classes.txt
            pom.xml
            test/src/test/java/hudson/util/XStream2Security383Test.java
            test/src/test/java/jenkins/install/InstallUtilTest.java
            test/src/test/java/jenkins/install/SetupWizardTest.java
            test/src/test/java/jenkins/security/ClassFilterImplTest.java
            test/src/test/java/jenkins/security/CustomClassFilterTest.java
            test/src/test/java/jenkins/security/Security218CliTest.java
            test/src/test/java/jenkins/security/Security218Test.java
            test/src/test/resources/plugins/custom-class-filter.jpi
            http://jenkins-ci.org/commit/jenkins/cb4903c20e788f015f6210a965a2759009ff24f2
            Log:
            [JEP-200] JENKINS-47736 Merged #3120: ClassFilterImpl

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/hudson/util/XStream2.java core/src/main/java/jenkins/MasterToSlaveFileCallable.java core/src/main/java/jenkins/SlaveToMasterFileCallable.java core/src/main/java/jenkins/model/Jenkins.java core/src/main/java/jenkins/security/ClassFilterImpl.java core/src/main/java/jenkins/security/CustomClassFilter.java core/src/main/java/jenkins/security/MasterToSlaveCallable.java core/src/main/java/jenkins/security/SlaveToMasterCallable.java core/src/main/resources/jenkins/security/whitelisted-classes.txt pom.xml test/src/test/java/hudson/util/XStream2Security383Test.java test/src/test/java/jenkins/install/InstallUtilTest.java test/src/test/java/jenkins/install/SetupWizardTest.java test/src/test/java/jenkins/security/ClassFilterImplTest.java test/src/test/java/jenkins/security/CustomClassFilterTest.java test/src/test/java/jenkins/security/Security218CliTest.java test/src/test/java/jenkins/security/Security218Test.java test/src/test/resources/plugins/custom-class-filter.jpi http://jenkins-ci.org/commit/jenkins/cb4903c20e788f015f6210a965a2759009ff24f2 Log: [JEP-200] JENKINS-47736 Merged #3120: ClassFilterImpl
            Hide
            Permalink
            jglick Jesse Glick added a comment -

            Merged toward 2.102.

            Show
            jglick Jesse Glick added a comment - Merged toward 2.102.
            jglick Jesse Glick made changes -
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]
            rvangoethem Remi Van Goethem made changes -
            Epic Child JENKINS-48932 [ 187737 ]
            ttux Marc des Garets made changes -
            Link This issue is related to JENKINS-48963 [ JENKINS-48963 ]
            npfistner Norbert Pfistner made changes -
            Link This issue relates to JENKINS-48965 [ JENKINS-48965 ]
            rvangoethem Remi Van Goethem made changes -
            Epic Child JENKINS-48984 [ 187800 ]
            ntones Nicholas Tones made changes -
            Epic Child JENKINS-48991 [ 187807 ]
            walterngti Walter den Besten made changes -
            Epic Child JENKINS-49016 [ 187835 ]
            walterngti Walter den Besten made changes -
            Link This issue is related to JENKINS-49016 [ JENKINS-49016 ]
            jglick Jesse Glick made changes -
            Epic Child JENKINS-48984 [ 187800 ]
            jglick Jesse Glick made changes -
            Labels classloader jep-200 remoting security xstream JEP-200 classloader remoting security xstream
            tomfanning Tom Fanning made changes -
            Epic Child JENKINS-49025 [ 187845 ]
            tomfanning Tom Fanning made changes -
            Link This issue is related to JENKINS-49025 [ JENKINS-49025 ]
            tomfanning Tom Fanning made changes -
            Link This issue relates to JENKINS-49025 [ JENKINS-49025 ]
            tomfanning Tom Fanning made changes -
            Link This issue is related to JENKINS-49025 [ JENKINS-49025 ]
            pjaytycy Pieter-Jan Busschaert made changes -
            Epic Child JENKINS-49070 [ 187896 ]
            marco_rothe Marco Rothe made changes -
            Epic Child JENKINS-49089 [ 187922 ]
            marco_rothe Marco Rothe made changes -
            Link This issue is related to JENKINS-49085 [ JENKINS-49085 ]
            marco_rothe Marco Rothe made changes -
            Link This issue is related to JENKINS-49085 [ JENKINS-49085 ]
            marco_rothe Marco Rothe made changes -
            Link This issue is related to JENKINS-49089 [ JENKINS-49089 ]
            makj05 Martin Kjellqvist made changes -
            Link This issue relates to JENKINS-49130 [ JENKINS-49130 ]
            ewypych Emil Wypych made changes -
            Link This issue is related to JENKINS-49175 [ JENKINS-49175 ]
            ewypych Emil Wypych made changes -
            Link This issue is related to JENKINS-49176 [ JENKINS-49176 ]
            hcorg Konrad Grochowski made changes -
            Link This issue is related to JENKINS-49237 [ JENKINS-49237 ]
            wesley_b wesley Brown made changes -
            Epic Child JENKINS-49282 [ 188140 ]
            stancorbin Stan Corbin made changes -
            Epic Child JENKINS-49377 [ 188249 ]
            gangeld David Gangel made changes -
            Link This issue is related to JENKINS-49573 [ JENKINS-49573 ]
            reinholdfuereder Reinhold Füreder made changes -
            Link This issue is related to JENKINS-41751 [ JENKINS-41751 ]
            thenazg Chuck Burgess made changes -
            Link This issue relates to JENKINS-49586 [ JENKINS-49586 ]
            oleg_nenashev Oleg Nenashev made changes -
            Link This issue relates to JENKINS-43875 [ JENKINS-43875 ]
            laurent_dufour Laurent Dufour made changes -
            Link This issue is related to JENKINS-49699 [ JENKINS-49699 ]
            becke22 Björn Becker made changes -
            Epic Child JENKINS-49715 [ 188654 ]
            look4parker Michael Parker made changes -
            Epic Child JENKINS-50175 [ 189194 ]
            pinek Piotr Bogdanski made changes -
            Link This issue is blocked by JENKINS-50460 [ JENKINS-50460 ]
            pinek Piotr Bogdanski made changes -
            Link This issue is blocked by JENKINS-50460 [ JENKINS-50460 ]
            pinek Piotr Bogdanski made changes -
            Link This issue is related to JENKINS-50460 [ JENKINS-50460 ]
            ewypych Emil Wypych made changes -
            Link This issue is related to JENKINS-50566 [ JENKINS-50566 ]
            angelliang angel liang made changes -
            Link This issue is blocking SECURITY-800 [ SECURITY-800 ]
            angelliang angel liang made changes -
            Epic Child JENKINS-50781 [ 189887 ]
            bernhardb Bernhard Berbuir made changes -
            Link This issue relates to JENKINS-51331 [ JENKINS-51331 ]
            narlaswathi Narla Swathi made changes -
            Epic Child JENKINS-51634 [ 191047 ]
            exidon Ricardo Amendolia made changes -
            Epic Child JENKINS-51691 [ 191130 ]
            sakshisood sakshi sood made changes -
            Link This issue is blocked by JENKINS-53456 [ JENKINS-53456 ]
            sakshisood sakshi sood made changes -
            Epic Child JENKINS-53613 [ 194097 ]
            jglick Jesse Glick made changes -
            Link This issue is blocked by JENKINS-53456 [ JENKINS-53456 ]
            sakshisood sakshi sood made changes -
            Link This issue is blocked by JENKINS-53613 [ JENKINS-53613 ]
            sakshisood sakshi sood made changes -
            Link This issue is blocked by JENKINS-53638 [ JENKINS-53638 ]
            akom Alexander Komarov made changes -
            Link This issue relates to JENKINS-57796 [ JENKINS-57796 ]
            jasongross Jason Gross made changes -
            Epic Child JENKINS-62571 [ 206594 ]

              People

              Assignee:
              jglick Jesse Glick
              Reporter:
              jglick Jesse Glick
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: