Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49574

[JEP-200] java.lang.SecurityException: Rejected: java.util.Calendar

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Component/s: cvs-plugin
    • Labels:
    • Environment:
      Jenkins 2.106
      CVS Plugin 2.13
    • Similar Issues:

      Description

      Since the introduction of JEP-200 a new whitelist has to be maintained.

      CVS Plugin was not listed on https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200. I added it.

      Hence, I experienced the following error on a matrix build:

      java.lang.SecurityException: Rejected: java.util.Calendar; see https://jenkins.io/redirect/class-filter/
          at hudson.remoting.ClassFilter.check(ClassFilter.java:76)
          at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
          at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
          at java.io.ObjectInputStream.readClassDesc(Unknown Source)
          at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
          at java.io.ObjectInputStream.readClassDesc(Unknown Source)
          at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
          at java.io.ObjectInputStream.readObject0(Unknown Source)
          at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
          at java.io.ObjectInputStream.readSerialData(Unknown Source)
          at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
          at java.io.ObjectInputStream.readObject0(Unknown Source)
          at java.io.ObjectInputStream.readObject(Unknown Source)
          at java.util.ArrayList.readObject(Unknown Source)
          at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
          at java.lang.reflect.Method.invoke(Unknown Source)
          at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
          at java.io.ObjectInputStream.readSerialData(Unknown Source)
          at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
          at java.io.ObjectInputStream.readObject0(Unknown Source)
          at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
          at java.io.ObjectInputStream.readSerialData(Unknown Source)
          at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
          at java.io.ObjectInputStream.readObject0(Unknown Source)
          at java.io.ObjectInputStream.readObject(Unknown Source)
          at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
          at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
          at hudson.remoting.Channel.call(Channel.java:952)
      Caused: java.io.IOException: Failed to deserialize response to UserRequest:hudson.scm.AbstractCvs$2@38a84e77
          at hudson.remoting.Channel.call(Channel.java:960)
          at hudson.FilePath.act(FilePath.java:998)
      Caused: java.io.IOException: remote file operation failed: /home/compil/workspace/project/label/centos7 at hudson.remoting.Channel@f24469c:VM_CentOs7
          at hudson.FilePath.act(FilePath.java:1005)
          at hudson.FilePath.act(FilePath.java:987)
          at hudson.scm.AbstractCvs.getRemoteLogForModule(AbstractCvs.java:693)
          at hudson.scm.AbstractCvs.calculateChangeLog(AbstractCvs.java:818)
          at hudson.scm.AbstractCvs.postCheckout(AbstractCvs.java:836)
          at hudson.scm.CVSSCM.checkout(CVSSCM.java:395)
          at hudson.scm.CVSSCM.checkout(CVSSCM.java:365)
          at hudson.model.AbstractProject.checkout(AbstractProject.java:1203)
          at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
          at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
          at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
          at hudson.model.Run.execute(Run.java:1727)
          at hudson.matrix.MatrixRun.run(MatrixRun.java:146)
          at hudson.model.ResourceController.execute(ResourceController.java:97)
          at hudson.model.Executor.run(Executor.java:429)
      
      
      

        Attachments

          Issue Links

            Activity

            adrien Adrien CLERC created issue -
            adrien Adrien CLERC made changes -
            Field Original Value New Value
            Labels JEP-200
            adrien Adrien CLERC made changes -
            Description Since the introduction of [JEP-200|[https://jenkins.io/blog/2018/01/13/jep-200/],] a new whitelist has to be maintained.

            CVS Plugin is *NOT* listed on [https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200.]

            Hence, I experienced the following error on a matrix build:
            {noformat}
            java.lang.SecurityException: Rejected: java.util.Calendar; see https://jenkins.io/redirect/class-filter/
                at hudson.remoting.ClassFilter.check(ClassFilter.java:76)
                at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at java.util.ArrayList.readObject(Unknown Source)
                at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                at java.lang.reflect.Method.invoke(Unknown Source)
                at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
                at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
                at hudson.remoting.Channel.call(Channel.java:952)
            Caused: java.io.IOException: Failed to deserialize response to UserRequest:hudson.scm.AbstractCvs$2@38a84e77
                at hudson.remoting.Channel.call(Channel.java:960)
                at hudson.FilePath.act(FilePath.java:998)
            Caused: java.io.IOException: remote file operation failed: /home/compil/workspace/project/label/centos7 at hudson.remoting.Channel@f24469c:VM_CentOs7
                at hudson.FilePath.act(FilePath.java:1005)
                at hudson.FilePath.act(FilePath.java:987)
                at hudson.scm.AbstractCvs.getRemoteLogForModule(AbstractCvs.java:693)
                at hudson.scm.AbstractCvs.calculateChangeLog(AbstractCvs.java:818)
                at hudson.scm.AbstractCvs.postCheckout(AbstractCvs.java:836)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:395)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:365)
                at hudson.model.AbstractProject.checkout(AbstractProject.java:1203)
                at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
                at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
                at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
                at hudson.model.Run.execute(Run.java:1727)
                at hudson.matrix.MatrixRun.run(MatrixRun.java:146)
                at hudson.model.ResourceController.execute(ResourceController.java:97)
                at hudson.model.Executor.run(Executor.java:429)


            {noformat}

            This is completely blocking. The fact that CVS is not listed on the affected plugin page makes the issue harder.
            Since the introduction of [JEP-200|[https://jenkins.io/blog/2018/01/13/jep-200/],] a new whitelist has to be maintained.

            CVS Plugin was not listed on [https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200.] I added it.

            Hence, I experienced the following error on a matrix build:
            {noformat}
            java.lang.SecurityException: Rejected: java.util.Calendar; see https://jenkins.io/redirect/class-filter/
                at hudson.remoting.ClassFilter.check(ClassFilter.java:76)
                at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at java.util.ArrayList.readObject(Unknown Source)
                at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                at java.lang.reflect.Method.invoke(Unknown Source)
                at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
                at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
                at hudson.remoting.Channel.call(Channel.java:952)
            Caused: java.io.IOException: Failed to deserialize response to UserRequest:hudson.scm.AbstractCvs$2@38a84e77
                at hudson.remoting.Channel.call(Channel.java:960)
                at hudson.FilePath.act(FilePath.java:998)
            Caused: java.io.IOException: remote file operation failed: /home/compil/workspace/project/label/centos7 at hudson.remoting.Channel@f24469c:VM_CentOs7
                at hudson.FilePath.act(FilePath.java:1005)
                at hudson.FilePath.act(FilePath.java:987)
                at hudson.scm.AbstractCvs.getRemoteLogForModule(AbstractCvs.java:693)
                at hudson.scm.AbstractCvs.calculateChangeLog(AbstractCvs.java:818)
                at hudson.scm.AbstractCvs.postCheckout(AbstractCvs.java:836)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:395)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:365)
                at hudson.model.AbstractProject.checkout(AbstractProject.java:1203)
                at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
                at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
                at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
                at hudson.model.Run.execute(Run.java:1727)
                at hudson.matrix.MatrixRun.run(MatrixRun.java:146)
                at hudson.model.ResourceController.execute(ResourceController.java:97)
                at hudson.model.Executor.run(Executor.java:429)


            {noformat}
            oleg_nenashev Oleg Nenashev made changes -
            Assignee Oleg Nenashev [ oleg_nenashev ]
            oleg_nenashev Oleg Nenashev made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            oleg_nenashev Oleg Nenashev made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            oleg_nenashev Oleg Nenashev made changes -
            Remote Link This issue links to "https://github.com/jenkinsci/cvs-plugin/pull/45 (Web Link)" [ 20089 ]
            jglick Jesse Glick made changes -
            Assignee Oleg Nenashev [ oleg_nenashev ] Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 46 (Web Link)" [ 20101 ]
            adrien Adrien CLERC made changes -
            Description Since the introduction of [JEP-200|[https://jenkins.io/blog/2018/01/13/jep-200/],] a new whitelist has to be maintained.

            CVS Plugin was not listed on [https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200.] I added it.

            Hence, I experienced the following error on a matrix build:
            {noformat}
            java.lang.SecurityException: Rejected: java.util.Calendar; see https://jenkins.io/redirect/class-filter/
                at hudson.remoting.ClassFilter.check(ClassFilter.java:76)
                at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at java.util.ArrayList.readObject(Unknown Source)
                at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                at java.lang.reflect.Method.invoke(Unknown Source)
                at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
                at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
                at hudson.remoting.Channel.call(Channel.java:952)
            Caused: java.io.IOException: Failed to deserialize response to UserRequest:hudson.scm.AbstractCvs$2@38a84e77
                at hudson.remoting.Channel.call(Channel.java:960)
                at hudson.FilePath.act(FilePath.java:998)
            Caused: java.io.IOException: remote file operation failed: /home/compil/workspace/project/label/centos7 at hudson.remoting.Channel@f24469c:VM_CentOs7
                at hudson.FilePath.act(FilePath.java:1005)
                at hudson.FilePath.act(FilePath.java:987)
                at hudson.scm.AbstractCvs.getRemoteLogForModule(AbstractCvs.java:693)
                at hudson.scm.AbstractCvs.calculateChangeLog(AbstractCvs.java:818)
                at hudson.scm.AbstractCvs.postCheckout(AbstractCvs.java:836)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:395)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:365)
                at hudson.model.AbstractProject.checkout(AbstractProject.java:1203)
                at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
                at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
                at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
                at hudson.model.Run.execute(Run.java:1727)
                at hudson.matrix.MatrixRun.run(MatrixRun.java:146)
                at hudson.model.ResourceController.execute(ResourceController.java:97)
                at hudson.model.Executor.run(Executor.java:429)


            {noformat}
            Since the introduction of [JEP-200|https://jenkins.io/blog/2018/01/13/jep-200/] a new whitelist has to be maintained.

            CVS Plugin was not listed on [https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200]. I added it.

            Hence, I experienced the following error on a matrix build:
            {noformat}
            java.lang.SecurityException: Rejected: java.util.Calendar; see https://jenkins.io/redirect/class-filter/
                at hudson.remoting.ClassFilter.check(ClassFilter.java:76)
                at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
                at java.io.ObjectInputStream.readClassDesc(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at java.util.ArrayList.readObject(Unknown Source)
                at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                at java.lang.reflect.Method.invoke(Unknown Source)
                at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
                at java.io.ObjectInputStream.readSerialData(Unknown Source)
                at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
                at java.io.ObjectInputStream.readObject0(Unknown Source)
                at java.io.ObjectInputStream.readObject(Unknown Source)
                at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)
                at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)
                at hudson.remoting.Channel.call(Channel.java:952)
            Caused: java.io.IOException: Failed to deserialize response to UserRequest:hudson.scm.AbstractCvs$2@38a84e77
                at hudson.remoting.Channel.call(Channel.java:960)
                at hudson.FilePath.act(FilePath.java:998)
            Caused: java.io.IOException: remote file operation failed: /home/compil/workspace/project/label/centos7 at hudson.remoting.Channel@f24469c:VM_CentOs7
                at hudson.FilePath.act(FilePath.java:1005)
                at hudson.FilePath.act(FilePath.java:987)
                at hudson.scm.AbstractCvs.getRemoteLogForModule(AbstractCvs.java:693)
                at hudson.scm.AbstractCvs.calculateChangeLog(AbstractCvs.java:818)
                at hudson.scm.AbstractCvs.postCheckout(AbstractCvs.java:836)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:395)
                at hudson.scm.CVSSCM.checkout(CVSSCM.java:365)
                at hudson.model.AbstractProject.checkout(AbstractProject.java:1203)
                at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
                at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
                at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
                at hudson.model.Run.execute(Run.java:1727)
                at hudson.matrix.MatrixRun.run(MatrixRun.java:146)
                at hudson.model.ResourceController.execute(ResourceController.java:97)
                at hudson.model.Executor.run(Executor.java:429)


            {noformat}
            jglick Jesse Glick made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "Page (Jenkins Wiki)" [ 20193 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                adrien Adrien CLERC
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: