Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55452

REST API blocked by SECURITY-595

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: next-executions-plugin
    • Labels:
      None
    • Environment:
      Jenkins version 2.157
      next-executions plugin version 1.0.12
    • Similar Issues:

      Description

      I've been using the REST API exposed by JENKINS-36210, but since the SECURITY-595 fix was applied (I think in Jenkins version 2.154), that API has stopped working. The widgets API link now returns a 404 error, and I see the following warning in the logs:

      WARNING: New Stapler routing rules result in the URL "/view/all/widgets/2/api/json" no longer being allowed. If you consider it safe to use, add the following to the whitelist: "method hudson.model.View getWidgets". Learn more: [https://jenkins.io/redirect/stapler-routing]
      

      I can get the API working again by adding that method to the whitelist, but the documentation here suggests that it would be preferable if the component could be changed to prevent the problem in the first place.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            j4_james James Holderness
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: