Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49070

java.math.BigDecimal in JRE might be dangerous (JEP in 2.103)

      Received this stacktrace for a build on a Linux slave after upgrade to v 2.103  (didn't install 2.102, so not sure if it was present there):

      java.lang.UnsupportedOperationException: Refusing to marshal java.math.BigDecimal for security reasons; see https://jenkins.io/redirect/class-filter/
       at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:51)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTValue#value for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTValue$1
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.MapConverter.marshal(MapConverter.java:79)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTNamedArgumentList#arguments for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTNamedArgumentList
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStep#args for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStep
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTBranch#steps for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTBranch
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStage#branches for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStage
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStages#stages for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStages
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.actions.ExecutionModelAction#stagesList for class org.jenkinsci.plugins.pipeline.modeldefinition.actions.ExecutionModelAction
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class org.jenkinsci.plugins.workflow.job.WorkflowRun
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
       at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
       at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
       at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
       at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
       at hudson.XmlFile.write(XmlFile.java:194)
      Caused: java.io.IOException
       at hudson.XmlFile.write(XmlFile.java:201)
       at hudson.model.Run.save(Run.java:1923)
       at hudson.BulkChange.commit(BulkChange.java:98)
       at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution.notifyListeners(CpsFlowExecution.java:1229)
       at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$3.run(CpsThreadGroup.java:408)
       at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$1.run(CpsVmExecutorService.java:35)
       at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
       at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
       at java.lang.Thread.run(Thread.java:748)  

      Jenkins master information:

      os.name = Linux
      os.version = 3.16.0-5-amd64
      java.runtime.name = OpenJDK Runtime Environment
      java.runtime.version = 1.8.0_131-8u131-b11-1~bpo8+1-b11
      pipeline-model-definition = version 1.2.6

      Jenkins build slave information:

      os.name = Linux
      os.version = 3.16.0-5-amd64
      java.runtime.name = Java(TM) SE Runtime Environment
      java.runtime.version = 1.8.0_121-b13

          [JENKINS-49070] java.math.BigDecimal in JRE might be dangerous (JEP in 2.103)

          Oleg Nenashev added a comment -

          Yey, I was sure that BigSomething types will blow up somewhere

          Oleg Nenashev added a comment - Yey, I was sure that BigSomething types will blow up somewhere

          Oleg Nenashev added a comment -

          pjaytycy could you please provide your Pipeline script? I'd guess the issue is not related to the Pipeline Model Definition plugin itself, but it comes from another plugin or local variable which we need to triage

          Oleg Nenashev added a comment - pjaytycy could you please provide your Pipeline script? I'd guess the issue is not related to the Pipeline Model Definition plugin itself, but it comes from another plugin or local variable which we need to triage

          Pipeline script (slightly edited to remove private info):

          pipeline {
              agent { label 'python2 && linux' }
          
              stages {
                  stage('Test') {
                      steps {
                          sh 'python -m <path_to_module_to_test>'
                      }
                  }
                  stage('Collect'){
                      steps {
                          junit healthScaleFactor: 5.0, testResults: '<test_output_dir>/*.xml'
                          step([$class: 'CoberturaPublisher', coberturaReportFile: 'coverage.xml'])
                      }
                  }
              }
              
              post {
                  always {
                      step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: '<my_email>', sendToIndividuals: true])
                  }
              }
          }

          Pieter-Jan Busschaert added a comment - Pipeline script (slightly edited to remove private info): pipeline { agent { label 'python2 && linux' } stages { stage( 'Test' ) { steps { sh 'python -m <path_to_module_to_test>' } } stage( 'Collect' ){ steps { junit healthScaleFactor: 5.0, testResults: '<test_output_dir>/*.xml' step([$class: 'CoberturaPublisher' , coberturaReportFile: 'coverage.xml' ]) } } } post { always { step([$class: 'Mailer' , notifyEveryUnstableBuild: true , recipients: '<my_email>' , sendToIndividuals: true ]) } } }

          Oleg Nenashev added a comment -

          Will try to reproduce it. Maybe "5.0" gets converted in a weird way.
          pjaytycy would iy be possible to get a full build log? It would allow to discover the step where the serialization fails

          Oleg Nenashev added a comment - Will try to reproduce it. Maybe "5.0" gets converted in a weird way. pjaytycy would iy be possible to get a full build log? It would allow to discover the step where the serialization fails

          build log:

          Started by an SCM change
          Lightweight checkout support not available, falling back to full checkout.
          Checking out svn <svn_repo_url> into /var/lib/jenkins/jobs/<job_name>/workspace@script to read Jenkinsfile
          Updating <svn_repo_url> at revision '2018-01-22T09:37:09.544 +0100'
          Using sole credentials <username>/****** in realm <svn_realm>
          At revision 2672
          
          No changes for <svn_repo_url> since the previous build
          [Pipeline] End of Pipeline 
          java.lang.UnsupportedOperationException: Refusing to marshal java.math.BigDecimal for security reasons; see https://jenkins.io/redirect/class-filter/
          at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
          ...

          Pieter-Jan Busschaert added a comment - build log: Started by an SCM change Lightweight checkout support not available, falling back to full checkout. Checking out svn <svn_repo_url> into / var /lib/jenkins/jobs/<job_name>/workspace@script to read Jenkinsfile Updating <svn_repo_url> at revision '2018-01-22T09:37:09.544 +0100' Using sole credentials <username>/****** in realm <svn_realm> At revision 2672 No changes for <svn_repo_url> since the previous build [Pipeline] End of Pipeline java.lang.UnsupportedOperationException: Refusing to marshal java.math.BigDecimal for security reasons; see https: //jenkins.io/redirect/ class- filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530) ...

          I can confirm changing the "junit healtScaleFactor" from 5.0 to 5 in the Jenkinsfile solved the issue.

           

          Note: the pipeline syntax generator in Jenkins generates "5.0" even if I enter "5" in the parameter field.

          Pieter-Jan Busschaert added a comment - I can confirm changing the "junit healtScaleFactor" from 5.0 to 5 in the Jenkinsfile solved the issue.   Note: the pipeline syntax generator in Jenkins generates "5.0" even if I enter "5" in the parameter field.

          Oleg Nenashev added a comment -

          Let's fix it on the core side. Likely somebody should fix Snippet Generator as well, but this is a minor issue

          Oleg Nenashev added a comment - Let's fix it on the core side. Likely somebody should fix Snippet Generator as well, but this is a minor issue

          Oleg Nenashev added a comment -

          Oleg Nenashev added a comment - Created https://github.com/jenkinsci/jenkins/pull/3251 to the core

          Jesse Glick added a comment -

          This has nothing to do with Snippetizer, which would bind Float or Double. Whatever ModelASTValue.value is supposed to be (just typed as Object), that is what is causing problems. Likely a flaw in Declarative somewhere abayer.

          Jesse Glick added a comment - This has nothing to do with Snippetizer , which would bind Float or Double . Whatever ModelASTValue.value is supposed to be (just typed as Object ), that is what is causing problems. Likely a flaw in Declarative somewhere abayer .

          Jesse Glick added a comment -

          So the first PR to be created should be in pipeline-model-definition-plugin/pipeline-model-api I suppose.

          Jesse Glick added a comment - So the first PR to be created should be in pipeline-model-definition-plugin/pipeline-model-api I suppose.

          Andrew Bayer added a comment -

          ModelASTValue.value can be a boolean, a number, or a string, in practice. The string may actually represent a GString, but it's not an instance of a GString.

          Andrew Bayer added a comment - ModelASTValue.value can be a boolean, a number, or a string, in practice. The string may actually represent a GString, but it's not an instance of a GString.

          Andrew Bayer added a comment -

          Got a PR up at https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/239 to prevent Declarative from storing BigDecimal or BigInteger in its AST model at all - Groovy parses 0.1 as a BigDecimal, so we will now convert that before we store it, while we'll throw a validation error for use of an integer constant bigger than Long.MAX_VALUE.

          Andrew Bayer added a comment - Got a PR up at https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/239 to prevent Declarative from storing BigDecimal or BigInteger in its AST model at all - Groovy parses 0.1 as a BigDecimal , so we will now convert that before we store it, while we'll throw a validation error for use of an integer constant bigger than Long.MAX_VALUE .

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/resources/jenkins/security/whitelisted-classes.txt
          http://jenkins-ci.org/commit/jenkins/1393f69359145bf14e0da19ae328b51ba9be34bd
          Log:
          JENKINS-49070 - Whitelist BigDecimal and BigInteger

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/resources/jenkins/security/whitelisted-classes.txt http://jenkins-ci.org/commit/jenkins/1393f69359145bf14e0da19ae328b51ba9be34bd Log: JENKINS-49070 - Whitelist BigDecimal and BigInteger

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/resources/jenkins/security/whitelisted-classes.txt
          http://jenkins-ci.org/commit/jenkins/b550c33301dfa66137a980957a97b4c65f431522
          Log:
          Merge pull request #3251 from oleg-nenashev/feature/JENKINS-49070-big-decimal

          JENKINS-49070 - Whitelist BigDecimal and BigInteger

          Compare: https://github.com/jenkinsci/jenkins/compare/31d3573c5869...b550c33301df

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/resources/jenkins/security/whitelisted-classes.txt http://jenkins-ci.org/commit/jenkins/b550c33301dfa66137a980957a97b4c65f431522 Log: Merge pull request #3251 from oleg-nenashev/feature/ JENKINS-49070 -big-decimal JENKINS-49070 - Whitelist BigDecimal and BigInteger Compare: https://github.com/jenkinsci/jenkins/compare/31d3573c5869...b550c33301df

          Thanks for investigating and fixing this issue so fast! Really appreciated.

          Pieter-Jan Busschaert added a comment - Thanks for investigating and fixing this issue so fast! Really appreciated.

          Daniel Beck added a comment -

          Resolved towards 2.104.

          Daniel Beck added a comment - Resolved towards 2.104.

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy
          pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java
          pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy
          pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy
          http://jenkins-ci.org/commit/pipeline-model-definition-plugin/029b1f981eb9e924cb93991ed895682fb179d068
          Log:
          JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy http://jenkins-ci.org/commit/pipeline-model-definition-plugin/029b1f981eb9e924cb93991ed895682fb179d068 Log: JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          Jenkinsfile
          pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy
          pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java
          pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy
          pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy
          http://jenkins-ci.org/commit/pipeline-model-definition-plugin/6fd36ef29323d404945057cb6a94b7234f56e95b
          Log:
          Merge pull request #239 from abayer/jenkins-49070

          JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model

          Compare: https://github.com/jenkinsci/pipeline-model-definition-plugin/compare/7736888a9226...6fd36ef29323

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: Jenkinsfile pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy http://jenkins-ci.org/commit/pipeline-model-definition-plugin/6fd36ef29323d404945057cb6a94b7234f56e95b Log: Merge pull request #239 from abayer/jenkins-49070 JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model Compare: https://github.com/jenkinsci/pipeline-model-definition-plugin/compare/7736888a9226...6fd36ef29323

          Andrew Bayer added a comment -

          And Declarative 1.2.7 (releasing shortly) fixes this from the other side by preventing potential serialization of BigDecimal in the first place by overriding Groovy's behavior of taking any floating-point literal as a BigDecimal (i.e., def foo = 0.1; foo instanceof BigDecimal).

          Andrew Bayer added a comment - And Declarative 1.2.7 (releasing shortly) fixes this from the other side by preventing potential serialization of BigDecimal in the first place by overriding Groovy's behavior of taking any floating-point literal as a BigDecimal (i.e., def foo = 0.1; foo instanceof BigDecimal ).

          Liam Newman added a comment -

          Bulk closing resolved issues.

          Liam Newman added a comment - Bulk closing resolved issues.

            oleg_nenashev Oleg Nenashev
            pjaytycy Pieter-Jan Busschaert
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: