[JENKINS-50633] JEP-200 - org.apache.maven.model.Model might be dangerous, so rejecting - Jenkins Jira

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: pipeline-utility-steps-plugin
Labels:
- JEP-200
Environment:
Jenkins 2.114, Maven Integration plugin 3.1.2, Pipeline Utility Steps 2.0.2

Similar Issues:
Powered by SuggestiMate

Show

Errors after update to latest Jenkins version:

WARNING: org.apache.maven.model.Model in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.DistributionManagement in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Dependency in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Build in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.DeploymentRepository in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Plugin in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.PluginExecution in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Exclusion in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Parent in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.codehaus.plexus.util.xml.Xpp3Dom in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/plexus-utils-3.0.24.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Resource in file:/var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven-model-3.1.0.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

WARNING: org.apache.maven.model.Model in file:/var/lib/jenkins/plugins/pipeline-utility-steps/WEB-INF/lib/maven-model-3.3.9.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.DistributionManagement in file:/var/lib/jenkins/plugins/pipeline-utility-steps/WEB-INF/lib/maven-model-3.3.9.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Plugin in file:/var/lib/jenkins/plugins/pipeline-utility-steps/WEB-INF/lib/maven-model-3.3.9.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Exclusion in file:/var/lib/jenkins/plugins/pipeline-utility-steps/WEB-INF/lib/maven-model-3.3.9.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.Parent in file:/var/lib/jenkins/plugins/pipeline-utility-steps/WEB-INF/lib/maven-model-3.3.9.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
WARNING: org.apache.maven.model.PluginExecution in file:/var/lib/jenkins/plugins/pipeline-utility-steps/WEB-INF/lib/maven-model-3.3.9.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

plugins-list.txt
4 kB
2018-04-06 14:46

relates to

JENKINS-50632 JEP-200 - Refusing to marshal org.apache.maven.model

Closed

JENKINS-50670 Pipeline job does not fail when serialization of Pipeline steps arguments fails within NonCPS

Closed

JENKINS-50666 Create a nonCPS() wrapper to simplify nonCPS invocations

In Review

JENKINS-50752 ArgumentsAction Can Fail Serialization Of FlowNodes and Build When Given Unserializable input

Resolved

JENKINS-50665 Pipeline Steps should be able to filter arguments being persisted to the disk

Open

links to

CloudBees Internal ARC-283

https://github.com/jenkinsci/pipeline-utility-steps-plugin/pull/46

(3 links to)

SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Code changed in jenkins
User: Oleg Nenashev
Path:
src/main/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStep.java
src/test/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStepTest.java
http://jenkins-ci.org/commit/pipeline-utility-steps-plugin/0f038583a0b5e4cbde2dd9ca79b80c1816e4b608
Log:
~~JENKINS-50633~~ - Remove the non-CPS requirement

SCM/JIRA link daemon added a comment - 2018-05-09 09:32 Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStep.java src/test/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStepTest.java http://jenkins-ci.org/commit/pipeline-utility-steps-plugin/0f038583a0b5e4cbde2dd9ca79b80c1816e4b608 Log: JENKINS-50633 - Remove the non-CPS requirement

SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Code changed in jenkins
User: Oleg Nenashev
Path:
Jenkinsfile
http://jenkins-ci.org/commit/pipeline-utility-steps-plugin/641fae05694224c823be10e91828d6952128c1b5
Log:
~~JENKINS-50633~~ - Jenkinsfile should use 2.107.2 with security fixes

SCM/JIRA link daemon added a comment - 2018-05-09 09:32 Code changed in jenkins User: Oleg Nenashev Path: Jenkinsfile http://jenkins-ci.org/commit/pipeline-utility-steps-plugin/641fae05694224c823be10e91828d6952128c1b5 Log: JENKINS-50633 - Jenkinsfile should use 2.107.2 with security fixes

SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Code changed in jenkins
User: Robert Sandell
Path:
Jenkinsfile
pom.xml
src/main/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStep.java
src/test/java/org/jenkinsci/plugins/pipeline/utility/steps/conf/mf/ReadManifestStepTest.java
src/test/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStepTest.java
http://jenkins-ci.org/commit/pipeline-utility-steps-plugin/777fd44d9976dc0615dec4150db579dff87c07d7
Log:
Merge pull request #46 from oleg-nenashev/jep-200/~~JENKINS-50633~~

~~JENKINS-50633~~ - Update Pipeline: CPS requirement to 2.48 and run tests against core with JEP-200

Compare: https://github.com/jenkinsci/pipeline-utility-steps-plugin/compare/bd1bcf86cf76...777fd44d9976
*NOTE:* This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

Functionality will be removed from GitHub.com on January 31st, 2019.

SCM/JIRA link daemon added a comment - 2018-05-09 09:32 Code changed in jenkins User: Robert Sandell Path: Jenkinsfile pom.xml src/main/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStep.java src/test/java/org/jenkinsci/plugins/pipeline/utility/steps/conf/mf/ReadManifestStepTest.java src/test/java/org/jenkinsci/plugins/pipeline/utility/steps/maven/WriteMavenPomStepTest.java http://jenkins-ci.org/commit/pipeline-utility-steps-plugin/777fd44d9976dc0615dec4150db579dff87c07d7 Log: Merge pull request #46 from oleg-nenashev/jep-200/ JENKINS-50633 JENKINS-50633 - Update Pipeline: CPS requirement to 2.48 and run tests against core with JEP-200 Compare: https://github.com/jenkinsci/pipeline-utility-steps-plugin/compare/bd1bcf86cf76...777fd44d9976 * NOTE: * This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.

Oleg Nenashev added a comment - 2018-05-09 20:53

Fix released in 2.1.0

Oleg Nenashev added a comment - 2018-05-09 20:53 Fix released in 2.1.0

Valéry FREBOURG added a comment - 2018-06-05 09:19

Hello,

still a problem ?

I have on startup log:

juin 05, 2018 11:04:45 AM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
WARNING: org.apache.maven.artifact.versioning.DefaultArtifactVersion in file:/XXX/jenkins2/plugins/maven-plugin/WEB-INF/lib/*+maven-artifact-3.1.0.jar+* might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

Jenkins version : (LTS) 2.107.3

pipeline utility steps version : 2.1

pipeline maven integration plugin : 3.5.7

(all others plugin up-to-date)

Regards,

Valéry FREBOURG added a comment - 2018-06-05 09:19 Hello, still a problem ? I have on startup log: juin 05, 2018 11:04:45 AM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1 WARNING: org.apache.maven.artifact.versioning.DefaultArtifactVersion in file:/XXX/jenkins2/plugins/maven-plugin/WEB-INF/lib/*+maven-artifact-3.1.0.jar+* might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/ Jenkins version : (LTS) 2.107.3 pipeline utility steps version : 2.1 pipeline maven integration plugin : 3.5.7 (all others plugin up-to-date) Regards,

Oleg Nenashev added a comment - 2018-06-05 09:52 - edited

Maybe another plugin? Please provide a full stacktrace in a new ticket

Oleg Nenashev added a comment - 2018-06-05 09:52 - edited Maybe another plugin? Please provide a full stacktrace in a new ticket

Jesse Glick added a comment - 2018-06-05 11:37

Best to treat the readMavenPom and writeMavenPom steps as deprecated. Do not use. There are command-line mvn equivalents.

Jesse Glick added a comment - 2018-06-05 11:37 Best to treat the readMavenPom and writeMavenPom steps as deprecated. Do not use. There are command-line mvn equivalents.

Robin Smith added a comment - 2018-11-08 17:19

jglick if these methods are to be treated as deprecated, could this be marked as such in the Pipeline Utility Steps plugin documentation? And/or in the code on GitHub?

Robin Smith added a comment - 2018-11-08 17:19 jglick if these methods are to be treated as deprecated, could this be marked as such in the Pipeline Utility Steps plugin documentation ? And/or in the code on GitHub?

Jesse Glick added a comment - 2018-11-08 18:42

robin_smith trying. https://github.com/jenkinsci/pipeline-utility-steps-plugin/pull/47

Jesse Glick added a comment - 2018-11-08 18:42 robin_smith trying. https://github.com/jenkinsci/pipeline-utility-steps-plugin/pull/47

Robin Smith added a comment - 2018-11-09 16:09

Thanks jglick. It would be great to have that in the docs too - I suppose that will happen after the PR is merged.

Robin Smith added a comment - 2018-11-09 16:09 Thanks jglick . It would be great to have that in the docs too - I suppose that will happen after the PR is merged.

Assignee:: Oleg Nenashev

Reporter:: Test User

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2018-04-06 13:53

Updated:: 2018-11-09 16:09

Resolved:: 2018-05-09 20:53

Details

Description

Attachments

Attachments

Issue Links

Activity

[JENKINS-50633] JEP-200 - org.apache.maven.model.Model might be dangerous, so rejecting

Collapse comment: SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Expand comment: SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Collapse comment: SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Expand comment: SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Collapse comment: SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Expand comment: SCM/JIRA link daemon added a comment - 2018-05-09 09:32

Collapse comment: Oleg Nenashev added a comment - 2018-05-09 20:53

Expand comment: Oleg Nenashev added a comment - 2018-05-09 20:53

Collapse comment: Valéry FREBOURG added a comment - 2018-06-05 09:19

Expand comment: Valéry FREBOURG added a comment - 2018-06-05 09:19

Collapse comment: Oleg Nenashev added a comment - 2018-06-05 09:52, Edited by Oleg Nenashev - 2018-06-05 09:52

Expand comment: Oleg Nenashev added a comment - 2018-06-05 09:52, Edited by Oleg Nenashev - 2018-06-05 09:52

Collapse comment: Jesse Glick added a comment - 2018-06-05 11:37

Expand comment: Jesse Glick added a comment - 2018-06-05 11:37

Collapse comment: Robin Smith added a comment - 2018-11-08 17:19

Expand comment: Robin Smith added a comment - 2018-11-08 17:19

Collapse comment: Jesse Glick added a comment - 2018-11-08 18:42

Expand comment: Jesse Glick added a comment - 2018-11-08 18:42

Collapse comment: Robin Smith added a comment - 2018-11-09 16:09

Expand comment: Robin Smith added a comment - 2018-11-09 16:09

People

Dates