• Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • script-security-plugin
    • None
    • Jenkins 2.89.3 
      Pipeline Groovy 2.53 
      Script Security Plugin 1.44
    • script-security 1.47

      The following operations are currently not whitelisted but they should be safe:

      • isinstance check
      • java.lang.Throwable.getCause()
      • java.util.Arrays.asList()
      • java.util.regex.MatchResult.group(String)
      • List - List

          [JENKINS-53800] Whitelisting misc. methods

          Hari Dara added a comment -

          Hari Dara added a comment - Sent PR: https://github.com/jenkinsci/script-security-plugin/pull/226

          Hari Dara added a comment -

          Hari Dara added a comment - This was addressed in this PR:  https://github.com/jenkinsci/script-security-plugin/pull/226

          Hari Dara added a comment -

          dnusbaum: Could you update the status for this one too?

          Hari Dara added a comment - dnusbaum : Could you update the status for this one too?

          Devin Nusbaum added a comment -

          haridsv Updated. Are you sure you don't have access to modify the ticket yourself when logged in? I don't think there is anything special about my account, you just need to be logged in, then click "Workflow", then "Resolved".

          Devin Nusbaum added a comment - haridsv Updated. Are you sure you don't have access to modify the ticket yourself when logged in? I don't think there is anything special about my account, you just need to be logged in, then click "Workflow", then "Resolved".

          Hari Dara added a comment -

          I guess I just couldn't figure out how to do it, thanks for pointing it out. However, how would I know what to enter for "Released As"?

          Hari Dara added a comment - I guess I just couldn't figure out how to do it, thanks for pointing it out. However, how would I know what to enter for "Released As"?

          Devin Nusbaum added a comment -

          Yeah, in that case you'd have to go through the changelog on the wiki and figure out what version it was released in. Normally the person who released the plugin should update the ticket, probably someone just forgot for your two tickets. It helps if in GitHub you make the PR title start with "[JENKINS-XXXXX]" and add a "See JENKINS-XXXXX" link to the PR description, but in this case you already did that, so nothing wrong on your side.

          Devin Nusbaum added a comment - Yeah, in that case you'd have to go through the changelog on the wiki  and figure out what version it was released in. Normally the person who released the plugin should update the ticket, probably someone just forgot for your two tickets. It helps if in GitHub you make the PR title start with " [JENKINS-XXXXX] " and add a "See JENKINS-XXXXX" link to the PR description, but in this case you already did that, so nothing wrong on your side.

            haridsv Hari Dara
            haridsv Hari Dara
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: