Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48940

Nexus Platform Plugin is likely affected by JEP-200 in Jenkins 2.102+

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      During the code inspections for JEP-200 I have discovered that the plugin is most likely affected by this security hardening in the Jenkins core.

      • The RemoteScanResult.scan field uses class which comes from an external library without a "Jenkins-ClassFilter-Whitelisted" manifest entry
      • In Jenkins 2.102+ such classes will be blacklisted unless a workaround is applied

      You can find more guidelines for plugin developers in this blogpost: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers. Please let us know if you need any additional info or reviews regarding this issue.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Justin Young
          Path:
          pom.xml
          src/main/resources/META-INF/hudson.remoting.ClassFilter
          src/test/java/org/sonatype/nexus/ci/iq/IqPolicyEvaluatorSlaveIntegrationTest.groovy
          http://jenkins-ci.org/commit/nexus-platform-plugin/91e87f775e9d1d8091d1951b8f2148a37e0a2a36
          Log:
          JENKINS-48940 INT-418 Add whitelist for serialized classes. Add test on remote slave.

          Compare: https://github.com/jenkinsci/nexus-platform-plugin/compare/15153d4bab8c^...91e87f775e9d

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Justin Young Path: pom.xml src/main/resources/META-INF/hudson.remoting.ClassFilter src/test/java/org/sonatype/nexus/ci/iq/IqPolicyEvaluatorSlaveIntegrationTest.groovy http://jenkins-ci.org/commit/nexus-platform-plugin/91e87f775e9d1d8091d1951b8f2148a37e0a2a36 Log: JENKINS-48940 INT-418 Add whitelist for serialized classes. Add test on remote slave. Compare: https://github.com/jenkinsci/nexus-platform-plugin/compare/15153d4bab8c ^...91e87f775e9d
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Justin Young
          Path:
          pom.xml
          src/main/resources/META-INF/hudson.remoting.ClassFilter
          src/test/java/org/sonatype/nexus/ci/iq/IqPolicyEvaluatorSlaveIntegrationTest.groovy
          http://jenkins-ci.org/commit/nexus-platform-plugin/ccc6e8cd8f94fed1fc7e5a273b50c6f2d717d274
          Log:
          JENKINS-48940 INT-418 Add whitelist for serialized classes. (#17)

          • POM updates.
          • JENKINS-48940 INT-418 Add whitelist for serialized classes. Add test on remote slave.
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Justin Young Path: pom.xml src/main/resources/META-INF/hudson.remoting.ClassFilter src/test/java/org/sonatype/nexus/ci/iq/IqPolicyEvaluatorSlaveIntegrationTest.groovy http://jenkins-ci.org/commit/nexus-platform-plugin/ccc6e8cd8f94fed1fc7e5a273b50c6f2d717d274 Log: JENKINS-48940 INT-418 Add whitelist for serialized classes. (#17) POM updates. JENKINS-48940 INT-418 Add whitelist for serialized classes. Add test on remote slave.

            People

            Assignee:
            whyjustin Justin Young
            Reporter:
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: