Details
-
Type:
Improvement
-
Status: Resolved (View Workflow)
-
Priority:
Critical
-
Resolution: Won't Do
-
Component/s: github-api-plugin
-
Labels:
-
Similar Issues:
Description
In some cases plugin classes are being used for serialization over the channel or storing data on the disk. E.g. JENKINS-48950 and JENKINS-48952. It is probably safe to just allow it for model classes.
Attachments
Issue Links
- relates to
-
JENKINS-48952 java.lang.RuntimeException: Failed to serialize hudson.model.Actionable
-
- Resolved
-
-
JENKINS-48950 JEP-200: GHPRB Plugin Fails Whitelist
-
- Resolved
-
- links to
I do not think that whitelisting of entire library is plausible since there are potentially dangerous classes