Currently the PluginServletFilter class is not final, which allows faulty implementations like https://github.com/jenkinsci/audit-log-plugin/blob/a8206637889be84a966711ab69f76dc4a74ba5d5/src/main/java/io/jenkins/plugins/audit/filter/RequestContextFilter.java where a plugin can contribute a filter that will replace itself as the PluginServletFilter (which should really be a singleton) and prevent other filters from receiving requests.
Change is breaking.
- relates to
-
JENKINS-63681 The RequestContextFilter is breaking other filters in the instance
-
- Resolved
-
- links to
[JENKINS-63682] The PluginServletFilter class should be final
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Link |
New:
This issue relates to |
Remote Link | New: This issue links to "jenkins #4934 (Web Link)" [ 25901 ] |
Labels | New: api |
Released As | New: 2.258 | |
Resolution | New: Fixed [ 1 ] | |
Status | Original: In Review [ 10005 ] | New: Resolved [ 5 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |