Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20204

Latest release of Java 7 blocks the connection to slaves due to no permissions attribute in the JAR file

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Component/s: core
    • Environment:
      All platforms where you can use at least Java web start to get a slave node connected, and Java 7 update 45 installed.
    • Similar Issues:

      Description

      Since I have installed Java 7 update 45 on our test slaves I get the following security warning:

      Running applications by UNKNOWN publishers will be blocked in a future release because it is potentially unsafe and a security risk.

      This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute. Please contact the Publisher for more information.

      It looks like that the .jar file(s) do not contain a permissions attribute, which would let slaves connect to the master in the future. In our case we connect slaves via Java web start.

      As of now it is not a hard-blocker and you can click through and accept. But I think that this should be fixed soon.

        Attachments

          Issue Links

            Activity

            whimboo Henrik Skupin created issue -
            whimboo Henrik Skupin made changes -
            illenseer illenseer made changes -
            Priority Major [ 3 ] Blocker [ 1 ]
            whimboo Henrik Skupin made changes -
            Summary Future releases of Java 7 will block connecting slaves due to no permissions attribute in the JAR file Latest release of Java 7 blocks the connection to slaves due to no permissions attribute in the JAR file
            stuartjsmith Stuart Smith made changes -
            Link This issue is related to JENKINS-21570 [ JENKINS-21570 ]
            illenseer illenseer made changes -
            Assignee Kohsuke Kawaguchi [ kohsuke ]
            whimboo Henrik Skupin made changes -
            Labels security
            kohsuke Kohsuke Kawaguchi made changes -
            Link This issue is duplicated by JENKINS-22374 [ JENKINS-22374 ]
            scm_issue_link SCM/JIRA link daemon made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            jglick Jesse Glick made changes -
            Labels security jnlp security
            olivergondza Oliver Gondža made changes -
            Labels jnlp security jnlp lts-candidate security
            olivergondza Oliver Gondža made changes -
            Labels jnlp lts-candidate security 1.554.1-fixed jnlp security
            oleg_nenashev Oleg Nenashev made changes -
            Resolution Fixed [ 1 ]
            Status Resolved [ 5 ] Reopened [ 4 ]
            oleg_nenashev Oleg Nenashev made changes -
            Status Reopened [ 4 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 151726 ] JNJira + In-Review [ 194067 ]

              People

              • Assignee:
                kohsuke Kohsuke Kawaguchi
                Reporter:
                whimboo Henrik Skupin
              • Votes:
                19 Vote for this issue
                Watchers:
                34 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: