-
Bug
-
Resolution: Not A Defect
-
Minor
-
Jenkins 2.361.4
While doing an implementation for http-rest-plugin I had to use jackson2-api dependency and while testing I got the following message on the terminal:
WARNING jenkins.security.ClassFilterImpl#notifyRejected: com.fasterxml.jackson.core.JsonLocation in file:/home/chris/Workspace/JENKINS-68154/work/plugins/jackson2-api/WEB-INF/lib/jackson-core-2.14.2.jar might be dangerous, so rejecting; see https://www.jenkins.io/redirect/class-filter/
The dependency added in pom.xml is the following:
<dependency> <groupId>org.jenkins-ci.plugins</groupId> <artifactId>jackson2-api</artifactId></dependency>
Does this API need to be updated?
[JENKINS-71075] jackson-core-2.14.2.jar might be dangerous so rejecting
Christos Fitsialis
added a comment - Sorry about that markewaite. Thank you for this info. Will go through this.
I was trying to deserialize a Json string and store key/value pairs to a map.
Although the logic is working, this is something printed in the output so will check if I am doing it the wrong way.
Christos Fitsialis
added a comment - Sorry about that markewaite . Thank you for this info. Will go through this.
I was trying to deserialize a Json string and store key/value pairs to a map.
Although the logic is working, this is something printed in the output so will check if I am doing it the wrong way. 
chr1st0s please don't assign issues to others unless they have agreed to accept the assignment of the issue. Usually, their acceptance of the assignment of an issue means that they will assign it to themselves.
I suspect that you may be serializing the wrong thing if you are seeing that message. Be sure that you are following the guidance in https://www.jenkins.io/doc/developer/extensibility/serialization-of-anonymous-classes/ for the items that are being serialized.
You may also benefit by reading the Jenkins 2.19.3 upgrade with its detailed description of the serialization deny list https://www.jenkins.io/doc/upgrade-guide/2.19/#upgrading-to-jenkins-lts-2-19-3