Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Minor
-
Resolution: Not A Defect
-
Component/s: core, envinject-plugin
-
Labels:None
-
Environment:jenkins 2.121.2
Environment Injector Plugin 2.1.6
-
Similar Issues:
Description
On Manage Jenkins page, I see the following warning message:
Warnings have been published for the following currently installed components.
Environment Injector Plugin 2.1.6
Exposure of sensitive build variables stored by EnvInject 1.90 and earlier
however my environment injector plugin is already 2.1.6.
Also in Jenkins log, there is a warning:
WARNING: Attempt to (de-)serialize anonymous class hudson.FilePath$27 in file:/var/cache/jenkins/war/WEB-INF/lib/jenkins-core-2.121.2.jar; see: https://jenkins.io/redirect/serialization-of-anonymous-classes/
Anyway to get rid of this?
The warning is being published for all releases of envinject due to the nature of the problem (we only published it years after it was fixed, but old stored data can still be around).
Hence, closing as not a defect.
The other is not a bug. We're cleaning up and anything older than the latest weekly may still have some old callables around that have since been fixed without backport.