Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49980

Whitelist standard Kotlin classes to ensure compatibility with JEP-200 in 2.102+

XMLWordPrintable

      It is a follow-up to the discussion in HOSTING-492 with casz . The plugin does not whitelist base classes, and it's high risk of regressions in API user plugins. E.g. see JENKINS-49699

      > What to serialize? It is a complicated topic. Jenkins 2.102+ will reject serialization of classes over Remoting and XStream, so the rule would be the following:

      • Every class plugin developers persist on the disk
      • Every class plugin developers send over the channel to agents

      > I would say that the most of the classes should be whitelisted by plugin developers, but the library could whitelist Kotlin base classes (like kotlin.collections.EmptyList in JENKINS-49699). You can find examples of whitelisted base classes for Java here: https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/jenkins/security/whitelisted-classes.txt

            jetersen Joseph Petersen
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: