Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50339

log-entry: 'svnkit-1.9.1.jar might be dangerous' after LTS update

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: subversion-plugin
    • Labels:
    • Environment:
      Jenkins LTS 2.107.1 on Windows Server 2008 R2 x64,
      and Java(TM) SE Runtime Environment 1.8.0_161-b12
      subversion-plugin (newest release) 2.10.4
    • Similar Issues:

      Description

      Hi!

      I've found following log-entry, which may is JEP-200 relevant:

      Mar 22, 2018 2:50:34 PM WARNING jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
      org.tmatesoft.svn.core.SVNErrorMessage in file:/C:/xxx/Jenkins/plugins/subversion/WEB-INF/lib/svnkit-1.9.1.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

      Note: There are no other JEP-200 or subversion-related log-entries; also svn-checkout (in builds) were successfull.

      Best regards from Salzburg,
      Markus

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          pom.xml
          http://jenkins-ci.org/commit/subversion-plugin/20630b996bf3a721e8a34c52c1c07b0a9a1328cf
          Log:
          JENKINS-50339 - Update to the newest parent POM to support testing against 2.107.1

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: pom.xml http://jenkins-ci.org/commit/subversion-plugin/20630b996bf3a721e8a34c52c1c07b0a9a1328cf Log: JENKINS-50339 - Update to the newest parent POM to support testing against 2.107.1
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Ivan Fernandez Calvo
          Path:
          Jenkinsfile
          pom.xml
          src/main/java/hudson/scm/CredentialsSVNAuthenticationProviderImpl.java
          src/main/java/hudson/scm/DirAwareSVNXMLLogHandler.java
          src/main/java/hudson/scm/SubversionEventHandlerImpl.java
          src/main/java/hudson/scm/SubversionSCM.java
          src/main/java/hudson/scm/subversion/SubversionUpdateEventHandler.java
          src/main/java/hudson/scm/subversion/UpdateWithCleanUpdater.java
          src/main/java/jenkins/scm/impl/subversion/RemotableSVNErrorMessage.java
          src/main/resources/META-INF/hudson.remoting.ClassFilter
          src/test/java/hudson/scm/SubversionSCMTest.java
          src/test/java/jenkins/scm/impl/subversion/RemotableSVNErrorMessageStepTest.java
          http://jenkins-ci.org/commit/subversion-plugin/5088b1cd54ed5107db46b9b09d2189b08f1728d2
          Log:
          Merge pull request #211 from oleg-nenashev/bug/JENKINS-50339

          JENKINS-50339 - Whitelist SVNErrorMessage and introduce RemotableSVNErrorMessage

          Compare: https://github.com/jenkinsci/subversion-plugin/compare/7f392ba32b36...5088b1cd54ed

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Ivan Fernandez Calvo Path: Jenkinsfile pom.xml src/main/java/hudson/scm/CredentialsSVNAuthenticationProviderImpl.java src/main/java/hudson/scm/DirAwareSVNXMLLogHandler.java src/main/java/hudson/scm/SubversionEventHandlerImpl.java src/main/java/hudson/scm/SubversionSCM.java src/main/java/hudson/scm/subversion/SubversionUpdateEventHandler.java src/main/java/hudson/scm/subversion/UpdateWithCleanUpdater.java src/main/java/jenkins/scm/impl/subversion/RemotableSVNErrorMessage.java src/main/resources/META-INF/hudson.remoting.ClassFilter src/test/java/hudson/scm/SubversionSCMTest.java src/test/java/jenkins/scm/impl/subversion/RemotableSVNErrorMessageStepTest.java http://jenkins-ci.org/commit/subversion-plugin/5088b1cd54ed5107db46b9b09d2189b08f1728d2 Log: Merge pull request #211 from oleg-nenashev/bug/ JENKINS-50339 JENKINS-50339 - Whitelist SVNErrorMessage and introduce RemotableSVNErrorMessage Compare: https://github.com/jenkinsci/subversion-plugin/compare/7f392ba32b36...5088b1cd54ed
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          it was released on 2.10.5

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - it was released on 2.10.5
          Hide
          gmc_devel GMC Software Development B&R Corporate added a comment -

          Sorry for delayed response ...

          I've only found one SVNError-related stack-trace within a build-log on the same day;
          but  time differs about 40 minutes (log-entry on master has the timestamp Mar 22, 2018 2:50:34 PM):
          Note: We are using timestamper-plugin to get/show local time within build-logs.

          [14:10:55] Checking out a fresh workspace because Jenkins failed to detect the current workspace E:\Jenkins\workspace\GMC_AdHocBuild
          [14:10:55] ERROR: svn: E155010: The node 'E:\Jenkins\workspace\GMC_AdHocBuild' was not found.
          [14:10:55] org.tmatesoft.svn.core.SVNException: svn: E155010: The node 'E:\Jenkins\workspace\GMC_AdHocBuild' was not found.
          [14:10:55] at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:70)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:57)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SvnWcDbConflicts.readConflictInternal(SvnWcDbConflicts.java:365)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SvnWcDbConflicts.readConflict(SvnWcDbConflicts.java:342)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SVNWCDb.readConflicts(SVNWCDb.java:3395)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SVNWCDb.readConflicts(SVNWCDb.java:3355)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SVNWCDb.opReadTreeConflict(SVNWCDb.java:2797)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgGetInfo.run(SvnNgGetInfo.java:74)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgGetInfo.run(SvnNgGetInfo.java:45)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20)
          [14:10:55] at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
          [14:10:55] at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1239)
          [14:10:55] at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
          [14:10:55] at org.tmatesoft.svn.core.wc.SVNWCClient.doInfo(SVNWCClient.java:2497)
          [14:10:55] at hudson.scm.subversion.UpdateUpdater$TaskImpl.parseSvnInfo(UpdateUpdater.java:126)
          [14:10:55] at hudson.scm.subversion.UpdateUpdater$TaskImpl.getSvnCommandToUse(UpdateUpdater.java:88)
          [14:10:55] at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:131)
          [14:10:55] at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:168)
          [14:10:55] at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:1030)
          [14:10:55] at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:1006)
          [14:10:55] at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:979)
          [14:10:55] at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2816)
          [14:10:55] at hudson.remoting.UserRequest.perform(UserRequest.java:207)
          [14:10:55] at hudson.remoting.UserRequest.perform(UserRequest.java:53)
          [14:10:55] at hudson.remoting.Request$2.run(Request.java:358)
          [14:10:55] at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
          [14:10:55] at java.util.concurrent.FutureTask.run(Unknown Source)
          [14:10:55] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
          [14:10:55] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
          [14:10:55] at hudson.remoting.Engine$1$1.run(Engine.java:98)
          [14:10:55] at java.lang.Thread.run(Unknown Source)
          [14:10:55] Cleaning local Directory .

          Because of the "huge" time-difference (master and agents are synchronized by AD), I'm not sure, whether these log-entries are related ...

          Best regards from Salzburg,
          Markus

          Show
          gmc_devel GMC Software Development B&R Corporate added a comment - Sorry for delayed response ... I've only found one SVNError-related stack-trace within a build-log on the same day; but  time differs about 40 minutes (log-entry on master has the timestamp Mar 22, 2018 2:50:34 PM): Note: We are using timestamper-plugin to get/show local time within build-logs. [14:10:55] Checking out a fresh workspace because Jenkins failed to detect the current workspace E:\Jenkins\workspace\GMC_AdHocBuild [14:10:55] ERROR: svn: E155010: The node 'E:\Jenkins\workspace\GMC_AdHocBuild' was not found. [14:10:55] org.tmatesoft.svn.core.SVNException: svn: E155010: The node 'E:\Jenkins\workspace\GMC_AdHocBuild' was not found. [14:10:55] at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:70) [14:10:55] at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:57) [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SvnWcDbConflicts.readConflictInternal(SvnWcDbConflicts.java:365) [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SvnWcDbConflicts.readConflict(SvnWcDbConflicts.java:342) [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SVNWCDb.readConflicts(SVNWCDb.java:3395) [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SVNWCDb.readConflicts(SVNWCDb.java:3355) [14:10:55] at org.tmatesoft.svn.core.internal.wc17.db.SVNWCDb.opReadTreeConflict(SVNWCDb.java:2797) [14:10:55] at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgGetInfo.run(SvnNgGetInfo.java:74) [14:10:55] at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgGetInfo.run(SvnNgGetInfo.java:45) [14:10:55] at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20) [14:10:55] at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21) [14:10:55] at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1239) [14:10:55] at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294) [14:10:55] at org.tmatesoft.svn.core.wc.SVNWCClient.doInfo(SVNWCClient.java:2497) [14:10:55] at hudson.scm.subversion.UpdateUpdater$TaskImpl.parseSvnInfo(UpdateUpdater.java:126) [14:10:55] at hudson.scm.subversion.UpdateUpdater$TaskImpl.getSvnCommandToUse(UpdateUpdater.java:88) [14:10:55] at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:131) [14:10:55] at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:168) [14:10:55] at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:1030) [14:10:55] at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:1006) [14:10:55] at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:979) [14:10:55] at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2816) [14:10:55] at hudson.remoting.UserRequest.perform(UserRequest.java:207) [14:10:55] at hudson.remoting.UserRequest.perform(UserRequest.java:53) [14:10:55] at hudson.remoting.Request$2.run(Request.java:358) [14:10:55] at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) [14:10:55] at java.util.concurrent.FutureTask.run(Unknown Source) [14:10:55] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [14:10:55] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [14:10:55] at hudson.remoting.Engine$1$1.run(Engine.java:98) [14:10:55] at java.lang.Thread.run(Unknown Source) [14:10:55] Cleaning local Directory . Because of the "huge" time-difference (master and agents are synchronized by AD), I'm not sure, whether these log-entries are related ... Best regards from Salzburg, Markus
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          GMC Software Development B&R Corporate The released patch will likely work in your case, please try it.
          If not, JENKINS-50237 in the next weekly should help as an ultimate power solution

          Best regards from Neuchâtel,
          Oleg

          Show
          oleg_nenashev Oleg Nenashev added a comment - GMC Software Development B&R Corporate The released patch will likely work in your case, please try it. If not, JENKINS-50237 in the next weekly should help as an ultimate power solution Best regards from Neuchâtel, Oleg

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              gmc_devel GMC Software Development B&R Corporate
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: