-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 2.102
Maven Integration plugin 3.0
Maven Dependency Update Trigger 1.5
After upgrading jenkins and a maven project is triggert by a upstream maven project dependency the build breaks with the following error:
Parsing POMs java.io.IOException: java.lang.RuntimeException: Failed to serialize hudson.maven.MavenModule#dependencies for class hudson.maven.MavenModule at hudson.XmlFile.write(XmlFile.java:201) at hudson.model.AbstractItem.save(AbstractItem.java:483) at hudson.model.Job.save(Job.java:196) at hudson.model.AbstractProject.save(AbstractProject.java:289) at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.parsePoms(MavenModuleSetBuild.java:1039) at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.doRun(MavenModuleSetBuild.java:691) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) at hudson.model.Run.execute(Run.java:1727) at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:429) Caused by: java.lang.RuntimeException: Failed to serialize hudson.maven.MavenModule#dependencies for class hudson.maven.MavenModule at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015) at com.thoughtworks.xstream.XStream.toXML(XStream.java:988) at hudson.XmlFile.write(XmlFile.java:194) ... 10 more Caused by: java.lang.RuntimeException: Failed to serialize hudson.maven.ModuleDependency#parsedVersion for class hudson.maven.ModuleDependency at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64) at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) ... 23 more Caused by: java.lang.UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons; see https://jenkins.io/redirect/class-filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) ... 38 more
- is related to
-
JENKINS-47736
JEP-200: Switch Remoting/XStream blacklist to a whitelist
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
- links to
- mentioned in
-
Page Failed to load
[JENKINS-49089] UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons
aheritier jglick I am not sure I will have time to review it today. It seems you just need to whitelist dependency model objects, but there are many objects to check. PCT does not help much from what I see
Is there any known way to reproduce this from scratch? Acceptance tests and plugin functional tests do not cover this code path, whatever it is.
IIUC creating multiple modules which have other MavenModule jobs as dependencies.
But I am not 100% sure
I think there are functional tests covering that, but cannot recall offhand.
I think I know what is wrong in the code and how it should be fixed, but I want to see if the problem can be reproduced in a test.
marco_rothe you can try this snapshot build (Plugin Manager » Advanced) if you want to leave feedback.
Marco Rothe
added a comment - Thank you. I will try the snaphot build.
Strange enough, the problem doesn't occur on any build triggered by an upstream snapshot build on our jenkins instance. :-/
On some builds the downstream project fails, on other they start and complete sucessful.
Marco Rothe
added a comment - Thank you. I will try the snaphot build.
Strange enough, the problem doesn't occur on any build triggered by an upstream snapshot build on our jenkins instance. :-/
On some builds the downstream project fails, on other they start and complete sucessful. Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/hudson/maven/ModuleDependency.java
http://jenkins-ci.org/commit/maven-plugin/fb9fab663b3ccbf7155b4590da3979a15e3933a2
Log:
JENKINS-49089 Probably fixing error, without yet knowing how to reproduce it.
Code changed in jenkins
User: Oleg Nenashev
Path:
Jenkinsfile
src/main/java/hudson/maven/ModuleDependency.java
src/main/java/hudson/maven/SplittableBuildListener.java
src/test/java/hudson/maven/ModuleDependencyLocator.java
http://jenkins-ci.org/commit/maven-plugin/ab7e2592e752d2d6a9c31c56a05ae1c2ffdba29c
Log:
Merge pull request #112 from jglick/JEP-200-JENKINS-49089
JENKINS-49089 Whitelist problems
Compare: https://github.com/jenkinsci/maven-plugin/compare/4c3b42be00ed...ab7e2592e752
Marco Rothe
added a comment - Ok, I tested the snapshot version and the error gone away (on projects where the build fail before).
So the problem seems to be fixed even it can't be reproduced in a reliable manner ;-(
Marco Rothe
added a comment - Ok, I tested the snapshot version and the error gone away (on projects where the build fail before).
So the problem seems to be fixed even it can't be reproduced in a reliable manner ;-( It has been released in 3.1. Let's see whether the current fix is enough
Seems to be real, CC aheritier. I have never expected MavenInformation whitelisting to be enough