[JENKINS-49699] Doktor plugin affected by JEP-200

Type: Bug
Resolution: Won't Fix
Priority: Minor
Component/s: doktor-plugin
Labels:
- JEP-200
Environment:
debian jessie

Similar Issues:
Powered by SuggestiMate

Show

Doktor plugin is affected by JEP-200 :

I use the step doktor and in the log there is this message :
java.util.concurrent.ExecutionException: java.lang.SecurityException: Rejected: kotlin.collections.EmptyList; see https://jenkins.io/redirect/class-filter/
and in catalina.out :

AVERTISSEMENT: org.jgrapht.DirectedGraph in file:/data/jenkins/plugins/build-flow-plugin/WEB-INF/lib/jgrapht-jdk1.5-0.7.3.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
févr. 22, 2018 5:44:17 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
AVERTISSEMENT: kotlin.collections.EmptyList in file:/data/jenkins/plugins/doktor/WEB-INF/lib/kotlin-stdlib-1.1.51.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

is related to

JENKINS-47736 JEP-200: Switch Remoting/XStream blacklist to a whitelist

Resolved

relates to

JENKINS-49980 Whitelist standard Kotlin classes to ensure compatibility with JEP-200 in 2.102+

Resolved

Laurent Dufour created issue - 2018-02-22 16:52

Laurent Dufour made changes - 2018-02-22 16:52

Link

New: This issue is related to ~~JENKINS-47736~~ [ ~~JENKINS-47736~~ ]

Oleg Nenashev made changes - 2018-02-23 09:02

Link

New: This issue relates to HOSTING-492 [ HOSTING-492 ]

Oleg Nenashev added a comment - 2018-02-23 09:03

My proposal would be to integrate the plugin with the new Kotlin STL Library plugin and to whitelist the required Kotlin classes on its side

Oleg Nenashev added a comment - 2018-02-23 09:03 My proposal would be to integrate the plugin with the new Kotlin STL Library plugin and to whitelist the required Kotlin classes on its side

Oleg Nenashev added a comment - 2018-02-23 09:09

The plugin is based on Gradle, so I cannot run PCT against it. It's also hard to say how many Kotlin libs we will need to whitelist in order to make it working. Currently there are 44 installations of the plugin, so for JEP-200 maintainers it has a low priority being compared to other affected plugins. For now I will leave it to madhead, happy to advice if needed.

Oleg Nenashev added a comment - 2018-02-23 09:09 The plugin is based on Gradle, so I cannot run PCT against it. It's also hard to say how many Kotlin libs we will need to whitelist in order to make it working. Currently there are 44 installations of the plugin, so for JEP-200 maintainers it has a low priority being compared to other affected plugins. For now I will leave it to madhead , happy to advice if needed.

Siarhei Krukau added a comment - 2018-02-26 16:06

oleg_nenashev, can you please take a look at this commit and tell whether it will be enough?

Thanks a lot!

Siarhei Krukau added a comment - 2018-02-26 16:06 oleg_nenashev , can you please take a look at this commit and tell whether it will be enough? Thanks a lot!

Oleg Nenashev added a comment - 2018-02-26 16:17

madhead IIUC it won't be enough, the warning also mentions "kotlin.collections.EmptyList".

There are testing guidelines here: https://jenkins.io/blog/2018/01/13/jep-200/#testing-plugins-against-jenkins-2-102-and-above
Although the section is not applicable to Gradle builds, it may give you some idea how to run autotests (dependency bump generally)

Oleg Nenashev added a comment - 2018-02-26 16:17 madhead IIUC it won't be enough, the warning also mentions "kotlin.collections.EmptyList". There are testing guidelines here: https://jenkins.io/blog/2018/01/13/jep-200/#testing-plugins-against-jenkins-2-102-and-above Although the section is not applicable to Gradle builds, it may give you some idea how to run autotests (dependency bump generally)

Oleg Nenashev added a comment - 2018-03-07 11:00

madhead Hi, any updates? 2.107.1 lands in public next week, there will be a broader impact on users after that

Oleg Nenashev added a comment - 2018-03-07 11:00 madhead Hi, any updates? 2.107.1 lands in public next week, there will be a broader impact on users after that

Oleg Nenashev made changes - 2018-03-07 11:04

Link

New: This issue relates to ~~JENKINS-49980~~ [ ~~JENKINS-49980~~ ]

Siarhei Krukau added a comment - 2018-03-14 11:59

Sorry, not yet. I guess 44 installations are not very critical.

Siarhei Krukau added a comment - 2018-03-14 11:59 Sorry, not yet. I guess 44 installations are not very critical.

Assignee:: Unassigned

Reporter:: Laurent Dufour

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2018-02-22 16:52

Updated:: 2021-11-06 21:45

Resolved:: 2021-11-06 21:45

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Oleg Nenashev added a comment - 2018-02-23 09:03

Expand comment: Oleg Nenashev added a comment - 2018-02-23 09:03

Collapse comment: Oleg Nenashev added a comment - 2018-02-23 09:09

Expand comment: Oleg Nenashev added a comment - 2018-02-23 09:09

Collapse comment: Siarhei Krukau added a comment - 2018-02-26 16:06

Expand comment: Siarhei Krukau added a comment - 2018-02-26 16:06

Collapse comment: Oleg Nenashev added a comment - 2018-02-26 16:17

Expand comment: Oleg Nenashev added a comment - 2018-02-26 16:17

Collapse comment: Oleg Nenashev added a comment - 2018-03-07 11:00

Expand comment: Oleg Nenashev added a comment - 2018-03-07 11:00

Collapse comment: Siarhei Krukau added a comment - 2018-03-14 11:59

Expand comment: Siarhei Krukau added a comment - 2018-03-14 11:59

People

Dates