• Icon: Task Task
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • 2.258

      Currently the PluginServletFilter class is not final, which allows faulty implementations like https://github.com/jenkinsci/audit-log-plugin/blob/a8206637889be84a966711ab69f76dc4a74ba5d5/src/main/java/io/jenkins/plugins/audit/filter/RequestContextFilter.java where a plugin can contribute a filter that will replace itself as the PluginServletFilter (which should really be a singleton) and prevent other filters from receiving requests.

       

      Change is breaking.

          [JENKINS-63682] The PluginServletFilter class should be final

          Pierre Beitz created issue -
          Pierre Beitz made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Pierre Beitz made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Pierre Beitz made changes -
          Link New: This issue relates to JENKINS-63681 [ JENKINS-63681 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "jenkins #4934 (Web Link)" [ 25901 ]
          Jesse Glick made changes -
          Labels New: api
          Daniel Beck made changes -
          Released As New: 2.258
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]
          Mark Waite made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]

            pierrebtz Pierre Beitz
            pierrebtz Pierre Beitz
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: