-
Bug
-
Resolution: Fixed
-
Minor
-
Jenkins 2.102
The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:
WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/ Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1 WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
The mitigation technique worked by adding the class names to the Hudson classfilter:
-Dhudson.remoting.ClassFilter=org.kohsuke.github.*
^ This doesn't actually work, would need to force all of the dependent classes individually here. In my case, the WARNING messages just didn't show up in the log until later than I expected and still resulted in the build.xml throwing the stack traces below when a job using the GHPRB was run.
- is duplicated by
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- is related to
-
-
- Resolved
-
- relates to
-
JENKINS-48954 GitHub API plugin should whitelist Model classes of GitHub API
-
- Resolved
-
-
-
- Resolved
-
- links to
[JENKINS-48950] JEP-200: GHPRB Plugin Fails Whitelist
Jeremy Stewart
added a comment - Jesse,
Thanks for taking charge of this! I tried out your snapshot build but am still receiving the errors below. Do I still need to add these classes to the ClassFilter? The plugin reports as version "1.39.1-SNAPSHOT (private-e3afffc5-win2012-22b740$)" which I think is correct.
INFO: Jenkins is fully up and running Jan 16, 2018 4:15:06 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1 WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/ Jan 16, 2018 4:15:06 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1 WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/ Jan 16, 2018 4:15:06 PM hudson.util.RobustReflectionConverter doUnmarshal WARNING: Cannot convert type org.jenkinsci.plugins.ghprb.GhprbCause to type org.kohsuke.github.GHUser Jan 16, 2018 4:15:06 PM hudson.util.RobustReflectionConverter doUnmarshal WARNING: Cannot convert type org.jenkinsci.plugins.ghprb.GhprbCause to type org.kohsuke.github.GHUser
Jeremy Stewart
added a comment - Jesse,
Thanks for taking charge of this! I tried out your snapshot build but am still receiving the errors below. Do I still need to add these classes to the ClassFilter? The plugin reports as version "1.39.1-SNAPSHOT (private-e3afffc5-win2012-22b740$)" which I think is correct.
INFO: Jenkins is fully up and running
Jan 16, 2018 4:15:06 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/ var /lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https: //jenkins.io/redirect/ class- filter/
Jan 16, 2018 4:15:06 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
WARNING: org.kohsuke.github.GHUser in file:/ var /lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https: //jenkins.io/redirect/ class- filter/
Jan 16, 2018 4:15:06 PM hudson.util.RobustReflectionConverter doUnmarshal
WARNING: Cannot convert type org.jenkinsci.plugins.ghprb.GhprbCause to type org.kohsuke.github.GHUser
Jan 16, 2018 4:15:06 PM hudson.util.RobustReflectionConverter doUnmarshal
WARNING: Cannot convert type org.jenkinsci.plugins.ghprb.GhprbCause to type org.kohsuke.github.GHUser
I was having this error: "failed to serialize hudson.model.Actionable#actions" and the update worked for me
Daniel Barragan
added a comment - - edited I was having this error: "failed to serialize hudson.model.Actionable#actions" and the update worked for me Jeremy Stewart
added a comment - I have to confess we don't have many jobs running with this plugin, but Daniel is right. Just kicked off a build via PR and the errors in the build.xml are gone despite the warnings in the jenkins.log.
Jeremy Stewart
added a comment - I have to confess we don't have many jobs running with this plugin, but Daniel is right. Just kicked off a build via PR and the errors in the build.xml are gone despite the warnings in the jenkins.log. sasquatch85 I suspect those warnings are from loading historical builds, which is not something I attempted to solve. Check whether the Jenkins /manage screen offers a Manage Old Data link. At least that would explain the first two warnings; the second two look strange to me.
Jeremy Stewart
added a comment - Jesse,
Right on the money! Thanks a ton, I never would have guessed that. We did lose some build history for the builds between updating to 2.102 and when I installed your patched plugin but that's not a huge loss.
Jeremy Stewart
added a comment - Jesse,
Right on the money! Thanks a ton, I never would have guessed that. We did lose some build history for the builds between updating to 2.102 and when I installed your patched plugin but that's not a huge loss. I probably know how to fix that (just rename the newly transient variables), but unless a plugin maintainer appears and seems ready to do a release, I am not about to spend time on retesting.
Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java
http://jenkins-ci.org/commit/ghprb-plugin/e3afffc529941bc2674bc98f5cda3fd6944abfe8
Log:
JENKINS-48950 [JEP-200] Stop trying to serialize github-api types.
Code changed in jenkins
User: Sam Gleske
Path:
src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java
http://jenkins-ci.org/commit/ghprb-plugin/e381590a278599f689d3394651f009faf86610cf
Log:
Merge pull request #616 from jglick/JENKINS-48950
JENKINS-48950 [JEP-200] Stop trying to serialize github-api types
Compare: https://github.com/jenkinsci/ghprb-plugin/compare/66084576abfc...e381590a2785
Anyone landing here, if you are interested in trying an experimental fix, you could try the snapshot build from the PR until maintainers respond. Use Plugin Manager » Advanced.