Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55240

Refusing to marshal org.jvnet.hudson.test.TestCrumbIssuer for security reasons

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Caused by: java.lang.UnsupportedOperationException: Refusing to marshal org.jvnet.hudson.test.TestCrumbIssuer for security reasons; see https://jenkins.io/redirect/class-filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:546) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) ... 39 more
      

        Attachments

          Activity

          Hide
          renescheibe René Scheibe added a comment - - edited

          I am a bit confused - the TestCrumbIssuer contained in the issue title is not contained in the provided stacktrace. Why is that?

          Show
          renescheibe René Scheibe added a comment - - edited I am a bit confused - the TestCrumbIssuer contained in the issue title is not contained in the provided stacktrace. Why is that?
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Removed the confusing description. IIUc the issue is still there, Abhyudaya Sharma has hit it recently in Role Strategy plugin tests.

          My suggestion would be to whitelist the serialization in the entire JTH library to avoid such issues in the future. We just need to add "Jenkins-ClassFilter-Whitelisted=true" to the manifest (https://jenkins.io/blog/2018/01/13/jep-200/#making-plugins-compatible-with-jenkins-2-102-or-above). WDYT Jesse Glick?

           

          Show
          oleg_nenashev Oleg Nenashev added a comment - Removed the confusing description. IIUc the issue is still there, Abhyudaya Sharma has hit it recently in Role Strategy plugin tests. My suggestion would be to whitelist the serialization in the entire JTH library to avoid such issues in the future. We just need to add "Jenkins-ClassFilter-Whitelisted=true" to the manifest ( https://jenkins.io/blog/2018/01/13/jep-200/#making-plugins-compatible-with-jenkins-2-102-or-above ). WDYT  Jesse Glick ?  
          Hide
          jglick Jesse Glick added a comment -

          As per this logic it should not be necessary. Is there a specific way to reproduce this error?

          Show
          jglick Jesse Glick added a comment - As per this logic it should not be necessary. Is there a specific way to reproduce this error?

            People

            • Assignee:
              Unassigned
              Reporter:
              csanchez Carlos Sanchez
            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: