Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49089

UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • maven-plugin
    • Jenkins 2.102

      Maven Integration plugin 3.0
      Maven Dependency Update Trigger 1.5

      After upgrading jenkins and a maven project is triggert by a upstream maven project dependency the build breaks with the following error:

       

      Parsing POMs
      java.io.IOException: java.lang.RuntimeException: Failed to serialize hudson.maven.MavenModule#dependencies for class hudson.maven.MavenModule
      	at hudson.XmlFile.write(XmlFile.java:201)
      	at hudson.model.AbstractItem.save(AbstractItem.java:483)
      	at hudson.model.Job.save(Job.java:196)
      	at hudson.model.AbstractProject.save(AbstractProject.java:289)
      	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.parsePoms(MavenModuleSetBuild.java:1039)
      	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.doRun(MavenModuleSetBuild.java:691)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
      	at hudson.model.Run.execute(Run.java:1727)
      	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543)
      	at hudson.model.ResourceController.execute(ResourceController.java:97)
      	at hudson.model.Executor.run(Executor.java:429)
      Caused by: java.lang.RuntimeException: Failed to serialize hudson.maven.MavenModule#dependencies for class hudson.maven.MavenModule
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
      	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
      	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
      	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
      	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
      	at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
      	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
      	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
      	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
      	at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
      	at hudson.XmlFile.write(XmlFile.java:194)
      	... 10 more
      Caused by: java.lang.RuntimeException: Failed to serialize hudson.maven.ModuleDependency#parsedVersion for class hudson.maven.ModuleDependency
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
      	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
      	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
      	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
      	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
      	at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
      	at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
      	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      	... 23 more
      Caused by: java.lang.UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons; see https://jenkins.io/redirect/class-filter/
      	at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
      	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      	... 38 more

       

          [JENKINS-49089] UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons

          Jesse Glick added a comment -

          Is there any known way to reproduce this from scratch? Acceptance tests and plugin functional tests do not cover this code path, whatever it is.

          Jesse Glick added a comment - Is there any known way to reproduce this from scratch? Acceptance tests and plugin functional tests do not cover this code path, whatever it is.

          Oleg Nenashev added a comment -

          IIUC creating multiple modules which have other MavenModule jobs as dependencies.
          But I am not 100% sure

          Oleg Nenashev added a comment - IIUC creating multiple modules which have other MavenModule jobs as dependencies. But I am not 100% sure

          Jesse Glick added a comment -

          I think there are functional tests covering that, but cannot recall offhand.

          Jesse Glick added a comment - I think there are functional tests covering that, but cannot recall offhand.

          Jesse Glick added a comment -

          I think I know what is wrong in the code and how it should be fixed, but I want to see if the problem can be reproduced in a test.

          Jesse Glick added a comment - I think I know what is wrong in the code and how it should be fixed, but I want to see if the problem can be reproduced in a test.

          Jesse Glick added a comment -

          marco_rothe you can try this snapshot build (Plugin Manager » Advanced) if you want to leave feedback.

          Jesse Glick added a comment - marco_rothe you can try  this snapshot build  ( Plugin Manager » Advanced ) if you want to leave feedback.

          Marco Rothe added a comment -

          Thank you. I will try the snaphot build. 

          Strange enough, the problem doesn't occur on any build triggered by an upstream snapshot build on our jenkins instance. :-/

          On some builds the downstream project fails, on other they start and complete sucessful.

          Marco Rothe added a comment - Thank you. I will try the snaphot build.  Strange enough, the problem doesn't occur on any build triggered by an upstream snapshot build on our jenkins instance. :-/ On some builds the downstream project fails, on other they start and complete sucessful.

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/main/java/hudson/maven/ModuleDependency.java
          http://jenkins-ci.org/commit/maven-plugin/fb9fab663b3ccbf7155b4590da3979a15e3933a2
          Log:
          JENKINS-49089 Probably fixing error, without yet knowing how to reproduce it.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/hudson/maven/ModuleDependency.java http://jenkins-ci.org/commit/maven-plugin/fb9fab663b3ccbf7155b4590da3979a15e3933a2 Log: JENKINS-49089 Probably fixing error, without yet knowing how to reproduce it.

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          Jenkinsfile
          src/main/java/hudson/maven/ModuleDependency.java
          src/main/java/hudson/maven/SplittableBuildListener.java
          src/test/java/hudson/maven/ModuleDependencyLocator.java
          http://jenkins-ci.org/commit/maven-plugin/ab7e2592e752d2d6a9c31c56a05ae1c2ffdba29c
          Log:
          Merge pull request #112 from jglick/JEP-200-JENKINS-49089

          JENKINS-49089 Whitelist problems

          Compare: https://github.com/jenkinsci/maven-plugin/compare/4c3b42be00ed...ab7e2592e752

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: Jenkinsfile src/main/java/hudson/maven/ModuleDependency.java src/main/java/hudson/maven/SplittableBuildListener.java src/test/java/hudson/maven/ModuleDependencyLocator.java http://jenkins-ci.org/commit/maven-plugin/ab7e2592e752d2d6a9c31c56a05ae1c2ffdba29c Log: Merge pull request #112 from jglick/JEP-200- JENKINS-49089 JENKINS-49089 Whitelist problems Compare: https://github.com/jenkinsci/maven-plugin/compare/4c3b42be00ed...ab7e2592e752

          Marco Rothe added a comment -

          Ok, I tested the snapshot version and the error gone away (on projects where the build fail before).

          So the problem seems to be fixed even it can't be reproduced in a reliable manner ;-(

          Marco Rothe added a comment - Ok, I tested the snapshot version and the error gone away (on projects where the build fail before). So the problem seems to be fixed even it can't be reproduced in a reliable manner ;-(

          Oleg Nenashev added a comment -

          It has been released in 3.1. Let's see whether the current fix is enough

          Oleg Nenashev added a comment - It has been released in 3.1. Let's see whether the current fix is enough

            jglick Jesse Glick
            marco_rothe Marco Rothe
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: