Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48983

Artifactory Plugin is affected by JEP-200 in Jenkins 2.102+

    Details

    • Similar Issues:

      Description

      got the following error while deploy artifact in a freestyle job using generic-artifactory integration.
      ERROR: Rejected: org.jfrog.build.api.Artifact
      java.lang.SecurityException: Rejected: org.jfrog.build.api.Artifact
      at hudson.remoting.ClassFilter.check(ClassFilter.java:75)
      at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
      at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1863)
      at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1746)
      at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2037)
      at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1568)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:428)
      at java.util.ArrayList.readObject(ArrayList.java:797)
      at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158)
      at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2173)
      at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2064)
      at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1568)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:428)
      at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
      at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
      at hudson.remoting.Channel.call(Channel.java:909)
      at hudson.FilePath.act(FilePath.java:998)
      at hudson.FilePath.act(FilePath.java:987)
      at org.jfrog.hudson.generic.GenericArtifactsDeployer.deploy(GenericArtifactsDeployer.java:76)
      at org.jfrog.hudson.generic.ArtifactoryGenericConfigurator$1.tearDown(ArtifactoryGenericConfigurator.java:401)
      at hudson.model.Build$BuildExecution.doRun(Build.java:174)
      at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
      at hudson.model.Run.execute(Run.java:1727)
      at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
      at hudson.model.ResourceController.execute(ResourceController.java:97)
      at hudson.model.Executor.run(Executor.java:429)

        Attachments

          Issue Links

            Activity

            Hide
            oleg_nenashev Oleg Nenashev added a comment - - edited

            Chris Denneen the Snapshot will work in some case, e.g. Maven publishing.
            I cannot guarantee stability of other case (most likely "no"), but I am happy to update the pull request according to the feedback.

            The plugin has no tests, and JEP-200 maintainers have no time to setup a test environment for every case

            Show
            oleg_nenashev Oleg Nenashev added a comment - - edited Chris Denneen the Snapshot will work in some case, e.g. Maven publishing. I cannot guarantee stability of other case (most likely "no"), but I am happy to update the pull request according to the feedback. The plugin has no tests, and JEP-200 maintainers have no time to setup a test environment for every case
            Hide
            cdenneen Chris Denneen added a comment -

            Oleg Nenashev looks like 2.104 might have added the whitelists?

            Any idea what could be causing this?

            java.lang.SecurityException: Rejected: org.jfrog.build.api.Dependency
            Show
            cdenneen Chris Denneen added a comment - Oleg Nenashev looks like 2.104 might have added the whitelists? Any idea what could be causing this? java.lang.SecurityException: Rejected: org.jfrog.build.api.Dependency
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            > looks like 2.104 might have added the whitelists?

            It has added only few basic types which impact the plugin, but not the 3rd-party libraries.
            So the patch on the core's side is not going to resolve the issue

            Show
            oleg_nenashev Oleg Nenashev added a comment - > looks like 2.104 might have added the whitelists? It has added only few basic types which impact the plugin, but not the 3rd-party libraries. So the patch on the core's side is not going to resolve the issue
            Hide
            ajitsurana Ajit Surana added a comment -

            Is this JIRA resolved? I'm facing the same issue.

            I'm trying to use the command -Djenkins.security.ClassFilterImpl.SUPPRESS_WHITELIST=true but don't know how to use it. It would be helpful if you provide the resolution or workaround step in little more detail.

            Show
            ajitsurana Ajit Surana added a comment - Is this JIRA resolved? I'm facing the same issue. I'm trying to use the command -Djenkins.security.ClassFilterImpl.SUPPRESS_WHITELIST=true but don't know how to use it. It would be helpful if you provide the resolution or workaround step in little more detail.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The fix has been finally released in 2.15.0

            Show
            oleg_nenashev Oleg Nenashev added a comment - The fix has been finally released in 2.15.0

              People

              • Assignee:
                oleg_nenashev Oleg Nenashev
                Reporter:
                maksonlee Makson Lee
              • Votes:
                14 Vote for this issue
                Watchers:
                20 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: