On Thursday, January 11, 2018 at 11:44:09 AM UTC-7, Oleg Nenashev wrote:
Nevertheless, we (as a Security Team) want to release this change in > weeklies in order to get it well tested before the next LTS cutoff. We will > make sure that all communications is sent to users. Known issues will be > tracked on this Wiki page > <https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200>. > > Jenkins admins will also get explicit error messages, which will point them > to this page and to the blogpost with issue reporting guidelines (Pending > PR <https://github.com/jenkins-infra/jenkins.io/pull/1293>). And of > course, we will be tracking issue trackers in order to quickly resolve > reported issues or to provide workarounds. > > Patterns to be aware of... > > - > > Serialization over XStream: > - > > java.lang.UnsupportedOperationException: Refusing to marshal > ${CLASS} for security reasons; see > https://jenkins.io/redirect/class-filter/ > - > > Serialization over Remoting: > - > > WARNING jenkins.security.ClassFilterImpl#lambda$isBlacklisted$1: > ${CLASS} in JRE might be dangerous, so rejecting; see > https://jenkins.io/redirect/class-filter/ > > Thanks for doing this. I've downloaded the latest jenkins.war file from ci.jenkins.io/Core and installed it in my test environment as an upgrade from Jenkins 2.89.3-rc. Administrative monitor output appears at startup with the following information: org.jenkinsci.plugins.workflow.job.WorkflowRun Bugs - Individual Checks ยป JENKINS-43468-continuous-builds-if-pipeline-polling-enabled #1230 ConversionException: Refusing to unmarshal textBuilder for security reasons; see https://jenkins.io/redirect/class-filter/ ---- Debugging information ---- class : java.lang.StringBuilder required-type : java.lang.StringBuilder converter-type : hudson.util.XStream2$BlacklistedTypesConverter path : /flow-build/actions/org.jvnet.hudson.plugins.groovypostbuild.GroovyPostbuildSummaryAction/textBuilder line number : 120 ------------------------------- I've not yet found a way to duplicate the problem in a separate configuration. I'll continue investigating later today. Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/c273c8cd-958f-4f85-beca-0ed592ce7cdd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
