[JENKINS-48614] Optional dependencies of bundled and detached plugins are not upgraded if an outdated version is installed

Type: Bug
Resolution: Unresolved
Priority: Minor
Component/s: core
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

It appears that optional dependencies are never upgraded when loading detached and bundled plugins, even if the installed version is older than a version requested by one of the bundled plugins. Discovered by danielbeck while investigating ~~JENKINS-48604~~, see https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554680 for the initial comment, and commit eb77e5f for an untested fix.

I don't have an actual example of this in the wild, but here is the idea of how to reproduce:

Assume a plugin artifactA with two releases: 1.0 and 2.0
Assume a plugin artifactB, with a single release 1.0, which has an optional dependency on artifactA:2.0
Create a fresh Jenkins installation and install a plugin artifactA:1.0.
Upgrade Jenkins using a jenkins.war which has artifactB:1.0 bundled in /WEB-INF/plugins.
Expected Result: artifactA should be automatically updated to 2.0.
Actual Result: artifactA is still 1.0.

relates to

JENKINS-48604 Jenkins 2.96 downgrades script-security plugin on core update

Resolved

JENKINS-48615 Dependency resolution for detached and bundled plugins should always use the most recent version out of all versions requested

Open

links to

PR 3202

Devin Nusbaum created issue - 2017-12-18 21:58

Devin Nusbaum made changes - 2017-12-18 21:58

Link

New: This issue relates to ~~JENKINS-48604~~ [ ~~JENKINS-48604~~ ]

Devin Nusbaum made changes - 2017-12-18 21:59

Description

Original: Discovered by [~danielbeck] while investigating ~~JENKINS-48604~~, see https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554680 for the initial comment, and [commit eb77e5f|https://github.com/jenkinsci/jenkins/commit/eb77e5f20d150c272755435201120dfd8317e180] for the

I don't have an actual example of this in the wild, but here is the idea of how to reproduce:

# Assume a plugin {{artifactA}} with two releases: 1.0 and 2.0
# Assume a plugin {{artifactB}}, with a single release 1.0, which has an optional dependency on {{artifactA:2.0}}
# Create a fresh Jenkins installation and install a plugin {{artifactA:1.0}}.
# Upgrade Jenkins using a {{jenkins.war}} which has {{artifactB:1.0}} bundled in {{/WEB-INF/plugins}}.
# Expected Result: {{artifactA}} should be automatically updated to 2.0.
# Actual Result: {{artifactA}} is still 1.0.

New: Discovered by [~danielbeck] while investigating ~~JENKINS-48604~~, see [https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554680] for the initial comment, and [commit eb77e5f|https://github.com/jenkinsci/jenkins/commit/eb77e5f20d150c272755435201120dfd8317e180] for an untested fix.

I don't have an actual example of this in the wild, but here is the idea of how to reproduce:
# Assume a plugin {{artifactA}} with two releases: 1.0 and 2.0
# Assume a plugin {{artifactB}}, with a single release 1.0, which has an optional dependency on {{artifactA:2.0}}
# Create a fresh Jenkins installation and install a plugin {{artifactA:1.0}}.
# Upgrade Jenkins using a {{jenkins.war}} which has {{artifactB:1.0}} bundled in {{/WEB-INF/plugins}}.
# Expected Result: {{artifactA}} should be automatically updated to 2.0.
# Actual Result: {{artifactA}} is still 1.0.

Devin Nusbaum made changes - 2017-12-18 22:06

Link

New: This issue relates to JENKINS-48615 [ JENKINS-48615 ]

Devin Nusbaum made changes - 2017-12-18 22:10

Description

Original: Discovered by [~danielbeck] while investigating ~~JENKINS-48604~~, see [https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554680] for the initial comment, and [commit eb77e5f|https://github.com/jenkinsci/jenkins/commit/eb77e5f20d150c272755435201120dfd8317e180] for an untested fix.

I don't have an actual example of this in the wild, but here is the idea of how to reproduce:
# Assume a plugin {{artifactA}} with two releases: 1.0 and 2.0
# Assume a plugin {{artifactB}}, with a single release 1.0, which has an optional dependency on {{artifactA:2.0}}
# Create a fresh Jenkins installation and install a plugin {{artifactA:1.0}}.
# Upgrade Jenkins using a {{jenkins.war}} which has {{artifactB:1.0}} bundled in {{/WEB-INF/plugins}}.
# Expected Result: {{artifactA}} should be automatically updated to 2.0.
# Actual Result: {{artifactA}} is still 1.0.

New: It appears that optional dependencies are never upgraded when loading detached and bundled plugins, even if the installed version is older than a version requested by one of the bundled plugins. Discovered by [~danielbeck] while investigating ~~JENKINS-48604~~, see [https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554680] for the initial comment, and [commit eb77e5f|https://github.com/jenkinsci/jenkins/commit/eb77e5f20d150c272755435201120dfd8317e180] for an untested fix.

I don't have an actual example of this in the wild, but here is the idea of how to reproduce:
# Assume a plugin {{artifactA}} with two releases: 1.0 and 2.0
# Assume a plugin {{artifactB}}, with a single release 1.0, which has an optional dependency on {{artifactA:2.0}}
# Create a fresh Jenkins installation and install a plugin {{artifactA:1.0}}.
# Upgrade Jenkins using a {{jenkins.war}} which has {{artifactB:1.0}} bundled in {{/WEB-INF/plugins}}.
# Expected Result: {{artifactA}} should be automatically updated to 2.0.
# Actual Result: {{artifactA}} is still 1.0.

Devin Nusbaum made changes - 2017-12-19 20:33

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Devin Nusbaum made changes - 2017-12-19 20:34

Remote Link

New: This issue links to "PR 3202 (Web Link)" [ 19502 ]

Devin Nusbaum made changes - 2018-07-19 17:09

Status

Original: In Progress [ 3 ]

New: Open [ 1 ]

Assignee:: Devin Nusbaum

Reporter:: Devin Nusbaum

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017-12-18 21:58

Updated:: 2018-07-19 17:09

Jenkins

Details

Description

Attachments

Issue Links

Activity

People

Dates