Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49980

Whitelist standard Kotlin classes to ensure compatibility with JEP-200 in 2.102+

XMLWordPrintable

      It is a follow-up to the discussion in HOSTING-492 with casz . The plugin does not whitelist base classes, and it's high risk of regressions in API user plugins. E.g. see JENKINS-49699

      > What to serialize? It is a complicated topic. Jenkins 2.102+ will reject serialization of classes over Remoting and XStream, so the rule would be the following:

      • Every class plugin developers persist on the disk
      • Every class plugin developers send over the channel to agents

      > I would say that the most of the classes should be whitelisted by plugin developers, but the library could whitelist Kotlin base classes (like kotlin.collections.EmptyList in JENKINS-49699). You can find examples of whitelisted base classes for Java here: https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/jenkins/security/whitelisted-classes.txt

          [JENKINS-49980] Whitelist standard Kotlin classes to ensure compatibility with JEP-200 in 2.102+

          Oleg Nenashev added a comment -

          casz IIUC the discussion in JENKINS-49699, you have already done some whitelisting prototyping, right?
          Do you think it makes sense to close this ticket?

          Oleg Nenashev added a comment - casz IIUC the discussion in JENKINS-49699 , you have already done some whitelisting prototyping, right? Do you think it makes sense to close this ticket?

          Joseph Petersen (old) added a comment -

          Yup, closing

          Joseph Petersen (old) added a comment - Yup, closing

            jetersen Joseph Petersen
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: