Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49089

UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: maven-plugin
    • Labels:
    • Environment:
      Jenkins 2.102

      Maven Integration plugin 3.0
      Maven Dependency Update Trigger 1.5
    • Similar Issues:

      Description

      After upgrading jenkins and a maven project is triggert by a upstream maven project dependency the build breaks with the following error:

       

      Parsing POMs
      java.io.IOException: java.lang.RuntimeException: Failed to serialize hudson.maven.MavenModule#dependencies for class hudson.maven.MavenModule
      	at hudson.XmlFile.write(XmlFile.java:201)
      	at hudson.model.AbstractItem.save(AbstractItem.java:483)
      	at hudson.model.Job.save(Job.java:196)
      	at hudson.model.AbstractProject.save(AbstractProject.java:289)
      	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.parsePoms(MavenModuleSetBuild.java:1039)
      	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.doRun(MavenModuleSetBuild.java:691)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
      	at hudson.model.Run.execute(Run.java:1727)
      	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543)
      	at hudson.model.ResourceController.execute(ResourceController.java:97)
      	at hudson.model.Executor.run(Executor.java:429)
      Caused by: java.lang.RuntimeException: Failed to serialize hudson.maven.MavenModule#dependencies for class hudson.maven.MavenModule
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
      	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
      	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
      	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
      	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
      	at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
      	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
      	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
      	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
      	at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
      	at hudson.XmlFile.write(XmlFile.java:194)
      	... 10 more
      Caused by: java.lang.RuntimeException: Failed to serialize hudson.maven.ModuleDependency#parsedVersion for class hudson.maven.ModuleDependency
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
      	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
      	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
      	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
      	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
      	at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
      	at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
      	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      	... 23 more
      Caused by: java.lang.UnsupportedOperationException: Refusing to marshal org.apache.maven.artifact.versioning.DefaultArtifactVersion for security reasons; see https://jenkins.io/redirect/class-filter/
      	at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
      	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      	... 38 more

       

        Attachments

          Issue Links

            Activity

            Hide
            marco_rothe Marco Rothe added a comment -

            Thank you. I will try the snaphot build. 

            Strange enough, the problem doesn't occur on any build triggered by an upstream snapshot build on our jenkins instance. :-/

            On some builds the downstream project fails, on other they start and complete sucessful.

            Show
            marco_rothe Marco Rothe added a comment - Thank you. I will try the snaphot build.  Strange enough, the problem doesn't occur on any build triggered by an upstream snapshot build on our jenkins instance. :-/ On some builds the downstream project fails, on other they start and complete sucessful.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/hudson/maven/ModuleDependency.java
            http://jenkins-ci.org/commit/maven-plugin/fb9fab663b3ccbf7155b4590da3979a15e3933a2
            Log:
            JENKINS-49089 Probably fixing error, without yet knowing how to reproduce it.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/hudson/maven/ModuleDependency.java http://jenkins-ci.org/commit/maven-plugin/fb9fab663b3ccbf7155b4590da3979a15e3933a2 Log: JENKINS-49089 Probably fixing error, without yet knowing how to reproduce it.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            Jenkinsfile
            src/main/java/hudson/maven/ModuleDependency.java
            src/main/java/hudson/maven/SplittableBuildListener.java
            src/test/java/hudson/maven/ModuleDependencyLocator.java
            http://jenkins-ci.org/commit/maven-plugin/ab7e2592e752d2d6a9c31c56a05ae1c2ffdba29c
            Log:
            Merge pull request #112 from jglick/JEP-200-JENKINS-49089

            JENKINS-49089 Whitelist problems

            Compare: https://github.com/jenkinsci/maven-plugin/compare/4c3b42be00ed...ab7e2592e752

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: Jenkinsfile src/main/java/hudson/maven/ModuleDependency.java src/main/java/hudson/maven/SplittableBuildListener.java src/test/java/hudson/maven/ModuleDependencyLocator.java http://jenkins-ci.org/commit/maven-plugin/ab7e2592e752d2d6a9c31c56a05ae1c2ffdba29c Log: Merge pull request #112 from jglick/JEP-200- JENKINS-49089 JENKINS-49089 Whitelist problems Compare: https://github.com/jenkinsci/maven-plugin/compare/4c3b42be00ed...ab7e2592e752
            Hide
            marco_rothe Marco Rothe added a comment -

            Ok, I tested the snapshot version and the error gone away (on projects where the build fail before).

            So the problem seems to be fixed even it can't be reproduced in a reliable manner ;-(

            Show
            marco_rothe Marco Rothe added a comment - Ok, I tested the snapshot version and the error gone away (on projects where the build fail before). So the problem seems to be fixed even it can't be reproduced in a reliable manner ;-(
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            It has been released in 3.1. Let's see whether the current fix is enough

            Show
            oleg_nenashev Oleg Nenashev added a comment - It has been released in 3.1. Let's see whether the current fix is enough

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                marco_rothe Marco Rothe
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: