Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49147

JEP-200 location-based whitelisting broken in obsolete versions of Tomcat

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • Jenkins 2.103 running on Debian 8 with OpenJDK 1.8.0_131 and Tomcat8

      I followed my normal procedure in updating our Jenkins builder:

      • Update all Jenkins plugins first.
      • Update jenkins core (using .war file)

      I got the error message about JEP-200 and XStream, so I browsed to the wiki page. It had a note in there about -Dhudson.remoting.ClassFilter=, with a comma-separated list of class names from the log file. I got the list of classes:

      # grep -ri rejecting /var/log/tomcat8/catalina.out | awk -F ' ' '{print $2}' | sort | uniq
hudson.model.Cause$UserIdCause
hudson.model.Hudson$CloudList
hudson.model.MyViewsProperty
hudson.model.PaneStatusProperties
hudson.model.Queue$State
hudson.model.UpdateSite
hudson.model.View$PropertyList
hudson.node_monitors.ArchitectureMonitor
hudson.node_monitors.ClockMonitor
hudson.node_monitors.DiskSpaceMonitor
hudson.node_monitors.ResponseTimeMonitor
hudson.node_monitors.SwapSpaceMonitor
hudson.node_monitors.TemporarySpaceMonitor
hudson.remoting.RemoteInvocationHandler$RPCRequest
hudson.scm.SCMRevisionState$None
hudson.search.UserSearchProperty
hudson.slaves.JNLPLauncher
hudson.slaves.RetentionStrategy$2
hudson.tasks.LogRotator
hudson.tasks.Shell$DescriptorImpl
hudson.triggers.SCMTrigger$BuildAction
hudson.triggers.SCMTrigger$DescriptorImpl
hudson.triggers.SCMTrigger$SCMTriggerCause
hudson.util.CopyOnWriteMap$Hash
jenkins.model.BuildDiscarderProperty
jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy
jenkins.security.ApiTokenProperty
jenkins.security.LastGrantedAuthoritiesProperty
jenkins.slaves.RemotingWorkDirSettings

      So, I added those as a comma-separated list to -Dhudson.remoting.ClassFilter= and restarted Tomcat. Jenkins came back (authentication worked, but no build information is available, and slaves cannot connect), but I am now seeing a message about "You have data stored in an older format and/or unreadable data.". I am a bit afraid I will lose my build history and other metadata if I click on "Discard Unreadable Data". Is that a "safe" operation for my builds metadata?

      Also, why do I need to add so many exclusions to the hudson.remoting.ClassFilter, some of which seem to be internal to jenkins/hudson? Shouldn't that "just work"? Did I do something wrong in the upgrade?

        1. catalina.out.gz
          198 kB

            jglick Jesse Glick
            kmott Kyle Mott
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: