Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48615

Dependency resolution for detached and bundled plugins should always use the most recent version out of all versions requested

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      It appears that dependency resolution for detached and bundled plugins makes no guarantees about which version of a dependency gets installed if different versions are requested. Discovered by while investigating JENKINS-48604, see https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554968.

      I don't have an actual example of this in the wild, but here is the idea of how to reproduce:

      1. Assume a plugin artifactA with two releases: 1.0 and 2.0
      2. Assume a plugin artifactB, with a single release 1.0, which has a dependency on artifactA:1.0
      3. Assume a plugin artifactC, with a single release 1.0, which has a dependency on artifactA:2.0
      4. Create a fresh Jenkins installation.
      5. Upgrade Jenkins using a jenkins.war with artifactB:1.0 and artifactC:1.0 in /WEB-INF/detached-plugins
      6. Expected Result: artifactA:2.0 should be installed.
      7. Actual Result: The installed version of artifactA depends on which of artifactB and artifactC is processed first, (alphabetical order, hashset iteration order?).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                dnusbaum Devin Nusbaum
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: