![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
Jesse Glick
|
|
Components:
|
script-security |
|
Created:
|
24/Aug/14 12:44 AM
|
|
Description:
|
- script-security 1.5 introduced "Additional classpath".
- Those classpaths require administrators' approval.
- Class directories are valid for "Additional classpath".
- Once class directories are appoved, adding or replacing files in sub directories of those class directories no longer require approval.
- This should allow users to use classes that administrators doesn't want to allow.
Possible resolution:
- Don't allow class directories for "Additional classpath"
- This doesn't cause critical regressions as it is easy to create jar file from class directories.
- When a class directory is specified, check all files in the class directory.
- Leave this as a limitation.
I'll add a test and send a pull request to see this behavior.
|
|
Environment:
|
Jenkins 1.509.4, script-security 1.5, Java 1.7.0_45, Windows 8 (64bit)
|
|
Project:
|
Jenkins
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
ikedam
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/d/optout.
