Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Component/s: prqa-plugin
-
Labels:
-
Environment:Jenkins 2.102+
-
Similar Issues:
Description
During the code inspections for JEP-200 I have discovered that the plugin is most likely affected by this security hardening in the Jenkins core.
- Plugin uses PRQAComplianceStatus in MasterToSlaveCallable operations
- This class comes from an external library without a "Jenkins-ClassFilter-Whitelisted" manifest entry
- In Jenkins 2.102+ such classes will be blacklisted unless a workaround is applied
You can find more guidelines for plugin developers in this blogpost: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers. Please let us know if you need any additional info or reviews regarding this issue.
Attachments
Issue Links
- is duplicated by
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Environment | Jenkins 2.102+ |
| Assignee | Praqma Support [ praqma ] | Igor Kostenko [ igorkostenko ] |
I also dropped the default assignee of the component. Please let me know whom to set the new lead of the component in JIRA
| Remote Link | This issue links to "Page (Jenkins Wiki)" [ 19818 ] |
| Remote Link | This issue links to "Page (Jenkins Wiki)" [ 19818 ] |
The plugin and the library are being maintained by the tool vendor. The plugin has no real tests. Although I have a license for PRQA, it would take a while to setup the test projects, etc.
So far me and Jesse Glick are not going to spend time on fixing this plugin unless there is a community feedback.
Igor Kostenko Marcos Bento Please let us know if you need any advice.
| Labels | jep-200 | JEP-200 |
Igor Kostenko
made changes -
| Assignee | Igor Kostenko [ igorkostenko ] | Marcos Bento [ marcos_bento ] |
I have raised the question to the tool vendor 10 days ago. JEP-200 maintainers are not going to work on it so far
| Link |
This issue relates to |
| Summary | PRQA Plugin is likely affected by JEP-200 in Jenkins 2.102+ | PRQA Plugin is affected by JEP-200 in Jenkins 2.102+ |
| Link |
This issue is duplicated by |
Oleg Nenashev,
So,We cant able to work PRQA in jenkins?
Thanks,
Priyanga
Priyanga G Please see https://jenkins.io/blog/2018/03/15/jep-200-lts/ . This blogpost offers troubleshooting guidelines and some workaround options. You won't be able to use this plugin with Jenkins 2.102+ if you do not construct workaround class filter settings.
We were unable to get a response from the plugin maintainers even after reaching out to PRQA directly. If you suffer from this issue, please submit a support ticket to PRQA.
Oleg Nenashev,
Thank you for reply sir.
I am using Jenkins 2.111 version.If I downgrade the Jenkins version.It will work??
Yes, it will
Thank you sir.
| Priority | Minor [ 4 ] | Blocker [ 1 ] |
Marcos Bento
made changes -
| Status | Open [ 1 ] | In Progress [ 3 ] |
Marcos Bento
made changes -
| Status | In Progress [ 3 ] | In Review [ 10005 ] |
Marcos Bento
made changes -
| Resolution | Fixed [ 1 ] | |
| Status | In Review [ 10005 ] | Resolved [ 5 ] |
This issue is fixed in PRQA Jenkins plugin 3.0.1.
Marcos Bento
added a comment - This issue is fixed in PRQA Jenkins plugin 3.0.1. Marcos Bento there is no source code in https://github.com/jenkinsci/prqa-plugin . Could you please push it?
The source code has been pushed.
Marcos Bento
added a comment - The source code has been pushed. thanks!
I have got information from Ewelina Wilkosz that the plugin is no longer maintained by Praqma.
CC Igor Kostenko and Marcos Bento who are listed in Repository permission updater