Does it allow usage with scripts in a class path? That is one of the requests for email-ext (presend scripts support classpath), so if it doesn't support that, then it won't be as useful. On Aug 17, 2014 4:33 PM, "Daniel Beck" <[email protected]> wrote:
> No plugin adopted this so far according to the update center, so I feel > compelled to write this message. > > Email-ext, EnvInject, Groovy, Build Flow, Groovy Postbuild, > PostBuildScript, ScriptTrigger, various 'dynamic parameter' plugins, ... > there are several plugins supporting scripting, and all are doing it in an > unsafe manner. There are thousands or even tens of thousands of installs of > some of these plugins, and I bet only _very_ few Jenkins admins using these > plugins realize what they allow their non-admin users to do. Admins > currently need to choose between having none of the features offered by > these (otherwise generally very useful or even essential) plugins, or > _completely_ trusting _all_ users able to configure _any_ item. > > It's absolutely seamless for users if you don't have security enabled, and > it seems to actually be safe if you do. > > It's also dead simple to use as developer. Here's a plugin I recently > wrote that brings Groovy scripting to list view columns in a safe manner: > https://github.com/daniel-beck/jenkins-script-column-plugin > Of course, this doesn't do migration from older configs, but an examples > for that exists as well. > > If you're an author of a plugin with Groovy-scripting functionality, > please consider depending on Script Security for that. > > Daniel > > On 12.03.2014, at 23:45, Jesse Glick <[email protected]> wrote: > > > I am working on a new plugin > > > > https://github.com/jenkinsci/script-security-plugin > > > > which allows other plugins with scripts (usually Groovy) to run those > > in a secured fashion. The wiki > > > > https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Plugin > > > > has details. People who are working on Groovy-based plugins (e.g. > > job-dsl) should consider trying to integrate with it. Comments on the > > API are welcomed. > > > > (I realized too late that I should have started with version 0.1, not > > 1.0-beta-1, since API changes may still be needed.) > > > > -- > > You received this message because you are subscribed to the Google > Groups "Jenkins Developers" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
