Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48615

Dependency resolution for detached and bundled plugins should always use the most recent version out of all versions requested

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      It appears that dependency resolution for detached and bundled plugins makes no guarantees about which version of a dependency gets installed if different versions are requested. Discovered by while investigating JENKINS-48604, see https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554968.

      I don't have an actual example of this in the wild, but here is the idea of how to reproduce:

      1. Assume a plugin artifactA with two releases: 1.0 and 2.0
      2. Assume a plugin artifactB, with a single release 1.0, which has a dependency on artifactA:1.0
      3. Assume a plugin artifactC, with a single release 1.0, which has a dependency on artifactA:2.0
      4. Create a fresh Jenkins installation.
      5. Upgrade Jenkins using a jenkins.war with artifactB:1.0 and artifactC:1.0 in /WEB-INF/detached-plugins
      6. Expected Result: artifactA:2.0 should be installed.
      7. Actual Result: The installed version of artifactA depends on which of artifactB and artifactC is processed first, (alphabetical order, hashset iteration order?).

        Attachments

          Issue Links

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                Unassigned
                Reporter:
                dnusbaum Devin Nusbaum
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: