• github-oauth-0.31

      When updating to Jenkins 2.146 the "GitHub Committer Authorization strategy" no longer works.

      Users can log in but get granted no permissions at all.

      Downgrading to Jenkins 2.145 fixes the issue (but due to security advisories being present isn't a good solution at all)

      Setting logging to FINEST shows the plugin "tries" to grant the correct permissions, but Jenkins does not seem to respect them.

          [JENKINS-54031] GitHub OAuth plugin fails with Jenkins 2.146

          Mark Dietzer created issue -

          Daniel Beck added a comment -

          It seems that GitHub OAuth plugin ignores permission relationships, specifically permissions implied by Item/Read with allowAnonymousReadPermission set.

          Item/Discover is declared to be implied by Item/Read: https://github.com/jenkinsci/jenkins/blob/371b9c134681e3e04f52a5e0bb39c747e6d44c45/core/src/main/java/hudson/model/Item.java#L258

          That's what the Stapler routing hardening in 2.138.2 and 2.146 assumes to be the case to make this nice and succinct: https://github.com/jenkinsci/jenkins/blob/371b9c134681e3e04f52a5e0bb39c747e6d44c45/core/src/main/java/hudson/model/AbstractItem.java#L942...L949 (This slightly more readable code that'll make it into 2.147 after https://github.com/jenkinsci/jenkins/pull/3690 but functionally in this regard identical to what's in 2.138.2)

          GitHub OAuth needs to handle permissions implied by those it grants, at least Item/Discover. I'm pretty OK with the behavior in core.

          Meanwhile, you could set the system property hudson.model.AbstractItem.skipPermissionCheck to truehttps://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties ), but note that this disables a security improvement.

          Daniel Beck added a comment - It seems that GitHub OAuth plugin ignores permission relationships, specifically permissions implied by  Item/Read with allowAnonymousReadPermission set. Item/Discover  is declared to be implied by Item/Read : https://github.com/jenkinsci/jenkins/blob/371b9c134681e3e04f52a5e0bb39c747e6d44c45/core/src/main/java/hudson/model/Item.java#L258 That's what the Stapler routing hardening in 2.138.2 and 2.146 assumes to be the case to make this nice and succinct: https://github.com/jenkinsci/jenkins/blob/371b9c134681e3e04f52a5e0bb39c747e6d44c45/core/src/main/java/hudson/model/AbstractItem.java#L942...L949 (This slightly more readable code that'll make it into 2.147 after  https://github.com/jenkinsci/jenkins/pull/3690 but functionally in this regard identical to what's in 2.138.2) GitHub OAuth needs to handle permissions implied by those it grants, at least  Item/ Discover . I'm pretty OK with the behavior in core. Meanwhile, you could set the system property hudson.model.AbstractItem.skipPermissionCheck to true (  https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties ), but note that this disables a security improvement.

          Daniel Beck added a comment -

          (Note that my comment was originally written for a different report, so it might not only affect allowAnonymousReadPermission.

          Daniel Beck added a comment - (Note that my comment was originally written for a different report, so it might not only affect allowAnonymousReadPermission .
          Daniel Beck made changes -
          Labels New: regression

          Daniel Beck added a comment -

          Daniel Beck added a comment - Amending 2.138.2 upgrade guide in https://github.com/jenkins-infra/jenkins.io/pull/1835

          Russell Knighton added a comment - - edited

          For us, the workaround didn't work fully - it restored the ability for a regular user to browse and navigate each repository/branch etc., but when they tried to view individual jobs, they were 404'd, and the following is dumped to the jenkins.log:

          Oct 15, 2018 3:51:08 PM hudson.init.impl.InstallUncaughtExceptionHandler lambda$init$0
           WARNING: null
          java.lang.IllegalStateException: Committed
          	at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:853)
          	at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:960)
          	at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312)
          	at org.eclipse.jetty.server.Response.sendRedirect(Response.java:720)
          	at org.eclipse.jetty.server.Response.sendRedirect(Response.java:729)
          	at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176)
          	at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525)
          	at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176)
          	at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176)
          	at org.kohsuke.stapler.ResponseImpl.sendRedirect(ResponseImpl.java:138)
          	at org.kohsuke.stapler.ResponseImpl.sendRedirect2(ResponseImpl.java:153)
          	at org.kohsuke.stapler.DirectoryishDispatcher.dispatch(DirectoryishDispatcher.java:28)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
          	at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
          	at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
          	at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
          	at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
          	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
          	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
          	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
          	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
          	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
          	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
          	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
          	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
          	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
          	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
          	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
          	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
          	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
          	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
          	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          	at org.eclipse.jetty.server.Server.handle(Server.java:531)
          	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
          	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
          	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
          	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
          	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
          	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
          	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
          	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
          	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
          	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
          	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
          	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
          	at java.lang.Thread.run(Thread.java:748)

           

          Is there anything else we need to do/enable to restore full functionality?

           

          This was after an upgrade from 2.121.3 -> 2.138.2

          Russell Knighton added a comment - - edited For us, the workaround didn't work fully - it restored the ability for a regular user to browse and navigate each repository/branch etc., but when they tried to view individual jobs, they were 404'd, and the following is dumped to the jenkins.log : Oct 15, 2018 3:51:08 PM hudson.init.impl.InstallUncaughtExceptionHandler lambda$init$0 WARNING: null java.lang.IllegalStateException: Committed at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:853) at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:960) at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) at org.eclipse.jetty.server.Response.sendRedirect(Response.java:720) at org.eclipse.jetty.server.Response.sendRedirect(Response.java:729) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at org.kohsuke.stapler.ResponseImpl.sendRedirect(ResponseImpl.java:138) at org.kohsuke.stapler.ResponseImpl.sendRedirect2(ResponseImpl.java:153) at org.kohsuke.stapler.DirectoryishDispatcher.dispatch(DirectoryishDispatcher.java:28) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:531) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680) at java.lang.Thread.run(Thread.java:748)   Is there anything else we need to do/enable to restore full functionality?   This was after an upgrade from 2.121.3 -> 2.138.2

          Matt Friedman added a comment -

          We experienced all of the above issues. Finally to fix the issue fully we downgraded to 2.138.1 

          Hope this is fixed in the ubuntu pkg before long. Thank you. 

          Matt Friedman added a comment - We experienced all of the above issues. Finally to fix the issue fully we downgraded to 2.138.1  Hope this is fixed in the ubuntu pkg before long. Thank you. 

          I posted a PR with a potential fix here: https://github.com/jenkinsci/github-oauth-plugin/pull/101

          Could use some guidance on what the proper set of permissions to allow when "allow authenticated user to create jobs" is enabled.
          Also could use some actual usage/testing in a real install, since I haven't actually tried my own fix yet.

          Chris Williams added a comment - I posted a PR with a potential fix here: https://github.com/jenkinsci/github-oauth-plugin/pull/101 Could use some guidance on what the proper set of permissions to allow when "allow authenticated user to create jobs" is enabled. Also could use some actual usage/testing in a real install, since I haven't actually tried my own fix yet.

          Josh Pollara added a comment -

          Downgrading to Jenkins 2.145 fixed the issue for me. Poor long-term solution.

          Hoping this is fixed sooner rather than later. Thanks!

          Josh Pollara added a comment - Downgrading to Jenkins 2.145 fixed the issue for me. Poor long-term solution. Hoping this is fixed sooner rather than later. Thanks!

          Has there been a fix on this yet? We seem to have the same issue on 2.138.2

          fisnik hajredini added a comment - Has there been a fix on this yet? We seem to have the same issue on 2.138.2

            sag47 Sam Gleske
            doridian Mark Dietzer
            Votes:
            13 Vote for this issue
            Watchers:
            23 Start watching this issue

              Created:
              Updated:
              Resolved: