Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48946

Core Whitelist does not include all standard types in java.util.Collections

    XMLWordPrintable

Details

    Description

      Caused JENKINS-48932, and will likely cause failures in other plugins.

      Generally whitelisting of private classes in Java is a way to nowhere, we cannot guarantee that all Java implementation have the same private classes if they are not strongly specified.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48932 Build-failure-analyzer afected by JEP-200 in Jenkins 2.102

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48956 JEP-200: Config file provide plugin: java.util.Collections$EmptyMap

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link https://github.com/jenkinsci/jenkins/pull/3234

          Activity

            Ascending order - Click to sort in descending order
            oleg_nenashev Oleg Nenashev added a comment -

            https://github.com/jenkinsci/jenkins/pull/3234

            oleg_nenashev Oleg Nenashev added a comment - https://github.com/jenkinsci/jenkins/pull/3234
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            core/src/main/resources/jenkins/security/whitelisted-classes.txt
            http://jenkins-ci.org/commit/jenkins/ad8fecfbd39652f0127aec070d91eb7f381bb0d8
            Log:
            JENKINS-48946 - Add all private classes of java.util.Collections (OpenJDK) to the whitelist.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/resources/jenkins/security/whitelisted-classes.txt http://jenkins-ci.org/commit/jenkins/ad8fecfbd39652f0127aec070d91eb7f381bb0d8 Log: JENKINS-48946 - Add all private classes of java.util.Collections (OpenJDK) to the whitelist.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            core/pom.xml
            core/src/test/java/jenkins/security/ClassFilterImplSanityTest.java
            test/src/test/java/jenkins/security/ClassFilterImplTest.java
            http://jenkins-ci.org/commit/jenkins/260a2576f2e8e141706b4b65a67fb052dccd8b8d
            Log:
            JENKINS-48946 - Move whitelist ordering test to core to fail fast

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/pom.xml core/src/test/java/jenkins/security/ClassFilterImplSanityTest.java test/src/test/java/jenkins/security/ClassFilterImplTest.java http://jenkins-ci.org/commit/jenkins/260a2576f2e8e141706b4b65a67fb052dccd8b8d Log: JENKINS-48946 - Move whitelist ordering test to core to fail fast
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            core/src/main/resources/jenkins/security/whitelisted-classes.txt
            http://jenkins-ci.org/commit/jenkins/e0a1e3b5c825893d1337716345a39563a95c24db
            Log:
            JENKINS-48946 - Fix ordering of the entries in whitelist

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/resources/jenkins/security/whitelisted-classes.txt http://jenkins-ci.org/commit/jenkins/e0a1e3b5c825893d1337716345a39563a95c24db Log: JENKINS-48946 - Fix ordering of the entries in whitelist
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            core/pom.xml
            core/src/main/resources/jenkins/security/whitelisted-classes.txt
            core/src/test/java/jenkins/security/ClassFilterImplSanityTest.java
            test/src/test/java/jenkins/security/ClassFilterImplTest.java
            http://jenkins-ci.org/commit/jenkins/e42886c922ef38c37071e6091f2e554d59c5a4ce
            Log:
            Merge pull request #3234 from oleg-nenashev/bug/JENKINS-48946

            JENKINS-48946 - Whitelist Java inner classes with reported regressions

            Compare: https://github.com/jenkinsci/jenkins/compare/d50004fa4e1f...e42886c922ef

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/pom.xml core/src/main/resources/jenkins/security/whitelisted-classes.txt core/src/test/java/jenkins/security/ClassFilterImplSanityTest.java test/src/test/java/jenkins/security/ClassFilterImplTest.java http://jenkins-ci.org/commit/jenkins/e42886c922ef38c37071e6091f2e554d59c5a4ce Log: Merge pull request #3234 from oleg-nenashev/bug/ JENKINS-48946 JENKINS-48946 - Whitelist Java inner classes with reported regressions Compare: https://github.com/jenkinsci/jenkins/compare/d50004fa4e1f...e42886c922ef
            oleg_nenashev Oleg Nenashev added a comment -

            Fixed and released in 2.103

            oleg_nenashev Oleg Nenashev added a comment - Fixed and released in 2.103

            People

              oleg_nenashev Oleg Nenashev
              oleg_nenashev Oleg Nenashev
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: