Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48950

JEP-200: GHPRB Plugin Fails Whitelist

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • ghprb-plugin
    • Jenkins 2.102

    Description

      The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:

       

      WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
      Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
      WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

       

      The mitigation technique worked by adding the class names to the Hudson classfilter:

      -Dhudson.remoting.ClassFilter=org.kohsuke.github.*

      ^ This doesn't actually work, would need to force all of the dependent classes individually here. In my case, the WARNING messages just didn't show up in the log until later than I expected and still resulted in the build.xml throwing the stack traces below when a job using the GHPRB was run.

       

      Attachments

        Issue Links

          Activity

            People

              jglick Jesse Glick
              sasquatch85 Jeremy Stewart
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: