|
|
|
Issue Type:
|
Bug
|
Affects Versions:
|
current |
Assignee:
|
Unassigned |
Attachments:
|
error_log.txt |
Components:
|
plugin, update-center |
Created:
|
28/Jul/12 3:44 PM
|
Description:
|
From mailing-list entry "Verify downloaded jpi-files":
https://groups.google.com/forum/?fromgroups#!topic/jenkinsci-users/2v8csoO0cxE
Jenkins does not seem to verify the integrity of downloaded plugins right after the download has completed. Rather, the verification is only done when attempting to install/upgrade the plugin.
This concequence of this is that corrupted plugin updates will trigger a plugin uninstall instead of upgrade. Any job-configuration related to the accidentally uninstalled plugin is then also deleted, which is pretty serious.
Steps to reproduce:
1: Create a job with a subversion working-copy workspace.
2: Configure plugin manager with invalid PROXY settings, so that non-intranet HTTP-requests returns a HTML error webpage (instead of connection refused).
3: Upgrade the subversion plugin.
4: Jenkins will download a corrupted subversion.jpi file containing HTML content without any error message.
5: Restart Jenkins.
6: Loading of subversion.jpi will fail (error log attached).
7: The subversion plugin will be uninstalled.
8. Subversion-related configuration in all jobs will be deleted!
|
Environment:
|
Windows 7 x64.
Java HotSpot(TM) 64-Bit Server VM (build 14.0-b16, mixed mode).
|
Project:
|
Jenkins
|
Priority:
|
Critical
|
Reporter:
|
Fredrik Orderud
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
- [JIRA] (JENKINS-14616) Corrupted plugin update... forde...@gmail.com (JIRA)
-