-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
authorize-project-plugin 1.7.2
Jenkins 2.473
Debian 12
On Jenkins 2.472 all works well.
After upgrade to Jenkins 2.473, on startup I get a StackOverflow when loading jenkins.security.QueueItemAuthenticatorConfiguration.xml:
Downgrading to 2.472 clears the problem. Re-upgrade to 2.473 brings back the problem.
Failing to load jenkins.security.QueueItemAuthenticatorConfiguration.xml makes the queuing system non-operational.
Here is part of the stacktrace:
2024-08-23 12:05:55.355+0000 [id=14] WARNING hudson.model.Descriptor#load: Failed to load /var/lib/jenkins/jenkins.security.QueueItemAuthenticatorConfigurati
on.xml
com.thoughtworks.xstream.security.InputManipulationException: Possible Dneial of Service attack by Stack Overflow
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1466)
at hudson.util.XStream2.unmarshal(XStream2.java:230)
at hudson.util.XStream2.unmarshal(XStream2.java:201)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441)
at hudson.XmlFile.unmarshal(XmlFile.java:196)
at hudson.XmlFile.unmarshal(XmlFile.java:179)
at hudson.model.Descriptor.load(Descriptor.java:937)
at jdk.internal.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at hudson.ExtensionFinder$GuiceFinder$SezpozModule.onProvision(ExtensionFinder.java:637)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:117)
at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:66)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:93)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169)
at hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:448)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1148)
at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:406)
at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:397)
at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:353)
at hudson.ExtensionList.load(ExtensionList.java:384)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:320)
at hudson.ExtensionList.getComponents(ExtensionList.java:184)
at hudson.DescriptorExtensionList.load(DescriptorExtensionList.java:213)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:320)
at hudson.ExtensionList.iterator(ExtensionList.java:172)
at hudson.ExtensionList.getInstance(ExtensionList.java:162)
at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:60)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:212)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:224)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:177)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:167)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy.readResolve(SpecificUsersAuthorizationStrategy.java:250)
at jdk.internal.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at com.thoughtworks.xstream.core.util.SerializationMembers.callReadResolve(SerializationMembers.java:78)
at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:290)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:454)
at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:350)
at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:289)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:52)
at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.readBareItem(AbstractCollectionConverter.java:132)
at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.readItem(AbstractCollectionConverter.java:117)
at hudson.util.CopyOnWriteList$ConverterImpl.unmarshal(CopyOnWriteList.java:203)
at hudson.util.DescribableList$ConverterImpl.unmarshal(DescribableList.java:284)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:454)
at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:350)
at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:289)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:52)
at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:136)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1464)
at hudson.util.XStream2.unmarshal(XStream2.java:230)
at hudson.util.XStream2.unmarshal(XStream2.java:201)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441)
at hudson.XmlFile.unmarshal(XmlFile.java:196)
at hudson.XmlFile.unmarshal(XmlFile.java:179)
at hudson.model.Descriptor.load(Descriptor.java:937)
at jdk.internal.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at hudson.ExtensionFinder$GuiceFinder$SezpozModule.onProvision(ExtensionFinder.java:637)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:117)
at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:66)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:93)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169)
at hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:448)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1148)
at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:406)
at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:397)
at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:353)
at hudson.ExtensionList.load(ExtensionList.java:384)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:320)
at hudson.ExtensionList.getComponents(ExtensionList.java:184)
at hudson.DescriptorExtensionList.load(DescriptorExtensionList.java:213)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:320)
at hudson.ExtensionList.iterator(ExtensionList.java:172)
at hudson.ExtensionList.getInstance(ExtensionList.java:162)
at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:60)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:212)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:224)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:177)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:167)
at PluginClassLoader for authorize-project//org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy.readResolve(SpecificUsersAuthorizationStrategy.java:250)
.....
- duplicates
-
-
- Open
-
