Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48950

JEP-200: GHPRB Plugin Fails Whitelist

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:

       

      WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
      Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
      WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

       

      The mitigation technique worked by adding the class names to the Hudson classfilter:

      -Dhudson.remoting.ClassFilter=org.kohsuke.github.*

      ^ This doesn't actually work, would need to force all of the dependent classes individually here. In my case, the WARNING messages just didn't show up in the log until later than I expected and still resulted in the build.xml throwing the stack traces below when a job using the GHPRB was run.

       

        Attachments

          Issue Links

            Activity

            Hide
            sasquatch85 Jeremy Stewart added a comment -

            Jesse,

            Right on the money! Thanks a ton, I never would have guessed that. We did lose some build history for the builds between updating to 2.102 and when I installed your patched plugin but that's not a huge loss.

            Show
            sasquatch85 Jeremy Stewart added a comment - Jesse, Right on the money! Thanks a ton, I never would have guessed that. We did lose some build history for the builds between updating to 2.102 and when I installed your patched plugin but that's not a huge loss.
            Hide
            jglick Jesse Glick added a comment -

            I probably know how to fix that (just rename the newly transient variables), but unless a plugin maintainer appears and seems ready to do a release, I am not about to spend time on retesting.

            Show
            jglick Jesse Glick added a comment - I probably know how to fix that (just rename the newly transient variables), but unless a plugin maintainer appears and seems ready to do a release, I am not about to spend time on retesting.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java
            http://jenkins-ci.org/commit/ghprb-plugin/e3afffc529941bc2674bc98f5cda3fd6944abfe8
            Log:
            JENKINS-48950 [JEP-200] Stop trying to serialize github-api types.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java http://jenkins-ci.org/commit/ghprb-plugin/e3afffc529941bc2674bc98f5cda3fd6944abfe8 Log: JENKINS-48950 [JEP-200] Stop trying to serialize github-api types.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Sam Gleske
            Path:
            src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java
            http://jenkins-ci.org/commit/ghprb-plugin/e381590a278599f689d3394651f009faf86610cf
            Log:
            Merge pull request #616 from jglick/JENKINS-48950

            JENKINS-48950 [JEP-200] Stop trying to serialize github-api types

            Compare: https://github.com/jenkinsci/ghprb-plugin/compare/66084576abfc...e381590a2785

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Sam Gleske Path: src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java http://jenkins-ci.org/commit/ghprb-plugin/e381590a278599f689d3394651f009faf86610cf Log: Merge pull request #616 from jglick/ JENKINS-48950 JENKINS-48950 [JEP-200] Stop trying to serialize github-api types Compare: https://github.com/jenkinsci/ghprb-plugin/compare/66084576abfc...e381590a2785
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Fixed in GHPRB 1.40.0

            Show
            oleg_nenashev Oleg Nenashev added a comment - Fixed in GHPRB 1.40.0

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                sasquatch85 Jeremy Stewart
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: