[JENKINS-49980] Whitelist standard Kotlin classes to ensure compatibility with JEP-200 in 2.102+

Type: Improvement
Resolution: Fixed
Priority: Minor
Component/s: kotlin-v1-stdlib-jdk8-plugin
Labels:
- JEP-200

Similar Issues:
Powered by SuggestiMate

Show

It is a follow-up to the discussion in HOSTING-492 with casz . The plugin does not whitelist base classes, and it's high risk of regressions in API user plugins. E.g. see ~~JENKINS-49699~~

> What to serialize? It is a complicated topic. Jenkins 2.102+ will reject serialization of classes over Remoting and XStream, so the rule would be the following:

Every class plugin developers persist on the disk
Every class plugin developers send over the channel to agents

> I would say that the most of the classes should be whitelisted by plugin developers, but the library could whitelist Kotlin base classes (like kotlin.collections.EmptyList in ~~JENKINS-49699~~). You can find examples of whitelisted base classes for Java here: https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/jenkins/security/whitelisted-classes.txt

relates to

JENKINS-49699 Doktor plugin affected by JEP-200

Closed

Oleg Nenashev created issue - 2018-03-07 11:04

Oleg Nenashev made changes - 2018-03-07 11:04

Link

New: This issue relates to ~~JENKINS-49699~~ [ ~~JENKINS-49699~~ ]

Oleg Nenashev made changes - 2018-03-07 11:04

Link

New: This issue relates to HOSTING-492 [ HOSTING-492 ]

Oleg Nenashev made changes - 2018-03-07 11:04

Labels

New: JEP-200

Oleg Nenashev added a comment - 2018-04-13 09:29

casz IIUC the discussion in ~~JENKINS-49699~~, you have already done some whitelisting prototyping, right?
Do you think it makes sense to close this ticket?

Oleg Nenashev added a comment - 2018-04-13 09:29 casz IIUC the discussion in JENKINS-49699 , you have already done some whitelisting prototyping, right? Do you think it makes sense to close this ticket?

Joseph Petersen (old) added a comment - 2018-04-15 06:45

Yup, closing

Joseph Petersen (old) added a comment - 2018-04-15 06:45 Yup, closing

Joseph Petersen (old) made changes - 2018-04-15 06:45

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Joseph Petersen made changes - 2020-03-07 06:06

Assignee

Original: Joseph Petersen (old) [ casz ]

New: Joseph Petersen [ jetersen ]

Assignee:: Joseph Petersen

Reporter:: Oleg Nenashev

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2018-03-07 11:04

Updated:: 2020-03-07 06:06

Resolved:: 2018-04-15 06:45

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Oleg Nenashev added a comment - 2018-04-13 09:29

Expand comment: Oleg Nenashev added a comment - 2018-04-13 09:29

Collapse comment: Joseph Petersen (old) added a comment - 2018-04-15 06:45

Expand comment: Joseph Petersen (old) added a comment - 2018-04-15 06:45

People

Dates