-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 2.190.1
-
-
Jenkins 2.203
Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check.
java.lang.NullPointerException
at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328)
at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296)
at jenkins.model.Jenkins.doLogout(Jenkins.java:4063)
at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
How to reproduce:
curl https://ci.jenkins.io/logout
or open a browser, delete all cookies and the browse open the same url
[JENKINS-59904] NPE when calling logout without cookie
Description |
Original:
Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check. java.lang.NullPointerException at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328) at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296) at jenkins.model.Jenkins.doLogout(Jenkins.java:4063) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) |
New:
Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check. java.lang.NullPointerException at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328) at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296) at jenkins.model.Jenkins.doLogout(Jenkins.java:4063) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) How to reproduce: curl [https://ci.jenkins.io/logout] |
Description |
Original:
Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check. java.lang.NullPointerException at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328) at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296) at jenkins.model.Jenkins.doLogout(Jenkins.java:4063) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) How to reproduce: curl [https://ci.jenkins.io/logout] |
New:
Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check. java.lang.NullPointerException at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328) at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296) at jenkins.model.Jenkins.doLogout(Jenkins.java:4063) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) How to reproduce: curl [https://ci.jenkins.io/logout] or open a browser, delete all cookies and the browse open the same url |
Released As | New: Jenkins 2.203 | |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Labels | New: lts-candidate |
Labels | Original: lts-candidate |