Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48615

Dependency resolution for detached and bundled plugins should always use the most recent version out of all versions requested

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core
    • None

      It appears that dependency resolution for detached and bundled plugins makes no guarantees about which version of a dependency gets installed if different versions are requested. Discovered by while investigating JENKINS-48604, see https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554968.

      I don't have an actual example of this in the wild, but here is the idea of how to reproduce:

      1. Assume a plugin artifactA with two releases: 1.0 and 2.0
      2. Assume a plugin artifactB, with a single release 1.0, which has a dependency on artifactA:1.0
      3. Assume a plugin artifactC, with a single release 1.0, which has a dependency on artifactA:2.0
      4. Create a fresh Jenkins installation.
      5. Upgrade Jenkins using a jenkins.war with artifactB:1.0 and artifactC:1.0 in /WEB-INF/detached-plugins
      6. Expected Result: artifactA:2.0 should be installed.
      7. Actual Result: The installed version of artifactA depends on which of artifactB and artifactC is processed first, (alphabetical order, hashset iteration order?).

          [JENKINS-48615] Dependency resolution for detached and bundled plugins should always use the most recent version out of all versions requested

          There are no comments yet on this issue.

            Unassigned Unassigned
            dnusbaum Devin Nusbaum
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: