-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Jenkins 1.509.4, script-security 1.5, Java 1.7.0_45, Windows 8 (64bit)
- script-security 1.5 introduced "Additional classpath".
- Those classpaths require administrators' approval.
- Class directories are valid for "Additional classpath".
- Once class directories are appoved, adding or replacing files in sub directories of those class directories no longer require approval.
- This should allow users to use classes that administrators doesn't want to allow.
Possible resolution:
- Don't allow class directories for "Additional classpath"
- This doesn't cause critical regressions as it is easy to create jar file from class directories.
- When a class directory is specified, check all files in the class directory.
- Leave this as a limitation.
I'll add a test and send a pull request to see this behavior.