Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49147

JEP-200 location-based whitelisting broken in obsolete versions of Tomcat

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • Jenkins 2.103 running on Debian 8 with OpenJDK 1.8.0_131 and Tomcat8

      I followed my normal procedure in updating our Jenkins builder:

      • Update all Jenkins plugins first.
      • Update jenkins core (using .war file)

      I got the error message about JEP-200 and XStream, so I browsed to the wiki page. It had a note in there about -Dhudson.remoting.ClassFilter=, with a comma-separated list of class names from the log file. I got the list of classes:

      # grep -ri rejecting /var/log/tomcat8/catalina.out | awk -F ' ' '{print $2}' | sort | uniq
      hudson.model.Cause$UserIdCause
      hudson.model.Hudson$CloudList
      hudson.model.MyViewsProperty
      hudson.model.PaneStatusProperties
      hudson.model.Queue$State
      hudson.model.UpdateSite
      hudson.model.View$PropertyList
      hudson.node_monitors.ArchitectureMonitor
      hudson.node_monitors.ClockMonitor
      hudson.node_monitors.DiskSpaceMonitor
      hudson.node_monitors.ResponseTimeMonitor
      hudson.node_monitors.SwapSpaceMonitor
      hudson.node_monitors.TemporarySpaceMonitor
      hudson.remoting.RemoteInvocationHandler$RPCRequest
      hudson.scm.SCMRevisionState$None
      hudson.search.UserSearchProperty
      hudson.slaves.JNLPLauncher
      hudson.slaves.RetentionStrategy$2
      hudson.tasks.LogRotator
      hudson.tasks.Shell$DescriptorImpl
      hudson.triggers.SCMTrigger$BuildAction
      hudson.triggers.SCMTrigger$DescriptorImpl
      hudson.triggers.SCMTrigger$SCMTriggerCause
      hudson.util.CopyOnWriteMap$Hash
      jenkins.model.BuildDiscarderProperty
      jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy
      jenkins.security.ApiTokenProperty
      jenkins.security.LastGrantedAuthoritiesProperty
      jenkins.slaves.RemotingWorkDirSettings
      

      So, I added those as a comma-separated list to -Dhudson.remoting.ClassFilter= and restarted Tomcat. Jenkins came back (authentication worked, but no build information is available, and slaves cannot connect), but I am now seeing a message about "You have data stored in an older format and/or unreadable data.". I am a bit afraid I will lose my build history and other metadata if I click on "Discard Unreadable Data". Is that a "safe" operation for my builds metadata?

      Also, why do I need to add so many exclusions to the hudson.remoting.ClassFilter, some of which seem to be internal to jenkins/hudson? Shouldn't that "just work"? Did I do something wrong in the upgrade?

          [JENKINS-49147] JEP-200 location-based whitelisting broken in obsolete versions of Tomcat

          Kyle Mott created issue -
          Kyle Mott made changes -
          Attachment New: catalina.out.gz [ 41239 ]
          Kyle Mott made changes -
          Summary Original: JEP-200: After Jenkins update to 2.103, unable to start unless -Dhudson.remoting.ClassFilter= contains hudson.* class names New: JEP-200: After Jenkins update to 2.103, unable to start unless hudson.remoting.ClassFilter contains hudson.* and jenkins.* class names
          Kyle Mott made changes -
          Priority Original: Minor [ 4 ] New: Critical [ 2 ]
          Kyle Mott made changes -
          Assignee New: Jesse Glick [ jglick ]

          Kyle Mott added a comment -

          To clarify a bit further, I did take a snapshot of my Jenkins VM after the upgrade to 2.103 and my hudson.remoting.ClassFilter changes, but before I did "Discard Old Data". I did click on "Discard Old Data", and that doesn't seem to have changed anything. My slave machines are still all disconnected.

          Kyle Mott added a comment - To clarify a bit further, I did take a snapshot of my Jenkins VM after the upgrade to 2.103 and my hudson.remoting.ClassFilter changes, but before I did "Discard Old Data". I did click on "Discard Old Data", and that doesn't seem to have changed anything. My slave machines are still all disconnected.

          Jesse Glick added a comment -

          Shouldn't that "just work"?

          Yes of course. Nothing in Jenkins core needs to be whitelisted.

          I suspect ClassFilterImpl.isLocationWhitelisted is failing to grasp that your Jenkins core is really Jenkins core, for some reason related to an unusual packaging. Perhaps because you are running on Tomcat—almost everyone uses the built-in Winstone instead, and I do not know of any automated tests which check compatibility with other containers.

          You will need to create a FINE logger on jenkins.security.ClassFilterImpl to find out. Normally you will see a single message early on to the effect of

          file:/usr/share/jenkins/WEB-INF/lib/jenkins-core-2.103.jar seems to be the location of Jenkins core, OK
          

          Jesse Glick added a comment - Shouldn't that "just work"? Yes of course. Nothing in Jenkins core needs to be whitelisted. I suspect ClassFilterImpl.isLocationWhitelisted is failing to grasp that your Jenkins core is really Jenkins core, for some reason related to an unusual packaging. Perhaps because you are running on Tomcat—almost everyone uses the built-in Winstone instead, and I do not know of any automated tests which check compatibility with other containers. You will need to create a FINE logger on jenkins.security.ClassFilterImpl to find out. Normally you will see a single message early on to the effect of file:/usr/share/jenkins/WEB-INF/lib/jenkins-core-2.103.jar seems to be the location of Jenkins core, OK
          Jesse Glick made changes -
          Labels New: JEP-200

          Kyle Mott added a comment -

          Thank you for the help jglick, really appreciate it. I tried creating the FINE logger, but when I went to save, it threw this in the UI:

          java.lang.UnsupportedOperationException: Refusing to marshal hudson.logging.LogRecorder for security reasons; see https://jenkins.io/redirect/class-filter/
          	at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
          	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
          	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
          	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
          	at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
          	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
          	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
          	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
          	at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
          	at hudson.XmlFile.write(XmlFile.java:194)
          Caused: java.io.IOException
          	at hudson.XmlFile.write(XmlFile.java:201)
          	at hudson.logging.LogRecorder.save(LogRecorder.java:328)
          	at hudson.logging.LogRecorder.doConfigSubmit(LogRecorder.java:303)
          	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
          	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
          	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
          	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
          	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
          	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
          	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
          	at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
          	at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
          	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
          	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
          	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
          	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
          	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:618)
          	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
          	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
          	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
          	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
          	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537)
          	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1081)
          	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658)
          	at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
          	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1570)
          	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1527)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
          	at java.lang.Thread.run(Thread.java:748)
          

          Kyle Mott added a comment - Thank you for the help jglick , really appreciate it. I tried creating the FINE logger, but when I went to save, it threw this in the UI: java.lang.UnsupportedOperationException: Refusing to marshal hudson.logging.LogRecorder for security reasons; see https: //jenkins.io/redirect/ class- filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015) at com.thoughtworks.xstream.XStream.toXML(XStream.java:988) at hudson.XmlFile.write(XmlFile.java:194) Caused: java.io.IOException at hudson.XmlFile.write(XmlFile.java:201) at hudson.logging.LogRecorder.save(LogRecorder.java:328) at hudson.logging.LogRecorder.doConfigSubmit(LogRecorder.java:303) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:618) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1081) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1570) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1527) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang. Thread .run( Thread .java:748)

          Kyle Mott added a comment -

          It looks like even though the UI threw the error, it did save the log recorder settings. Went back in to it, and this was in there:

          Jan 24, 2018 1:26:09 PM FINE jenkins.security.ClassFilterImpl lambda$isLocationWhitelisted$2
          jar:file:/var/lib/tomcat8/webapps/ROOT/WEB-INF/lib/jenkins-core-2.103.jar!/hudson/logging/LogRecorder$Target.class is not recognized; rejecting
          Jan 24, 2018 1:26:09 PM WARNING jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
          hudson.logging.LogRecorder$Target in jar:file:/var/lib/tomcat8/webapps/ROOT/WEB-INF/lib/jenkins-core-2.103.jar!/hudson/logging/LogRecorder$Target.class might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
          

          Kyle Mott added a comment - It looks like even though the UI threw the error, it did save the log recorder settings. Went back in to it, and this was in there: Jan 24, 2018 1:26:09 PM FINE jenkins.security.ClassFilterImpl lambda$isLocationWhitelisted$2 jar:file:/ var /lib/tomcat8/webapps/ROOT/WEB-INF/lib/jenkins-core-2.103.jar!/hudson/logging/LogRecorder$Target. class is not recognized; rejecting Jan 24, 2018 1:26:09 PM WARNING jenkins.security.ClassFilterImpl lambda$isBlacklisted$1 hudson.logging.LogRecorder$Target in jar:file:/ var /lib/tomcat8/webapps/ROOT/WEB-INF/lib/jenkins-core-2.103.jar!/hudson/logging/LogRecorder$Target. class might be dangerous, so rejecting; see https: //jenkins.io/redirect/ class- filter/

            jglick Jesse Glick
            kmott Kyle Mott
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: