Basically, the Groovy plugin (and a bunch of other plugins with Groovy scripting involved) now go through the script security process. So by default, not everything is white listed in a system Groovy script. There are no changes to non-system Groovy scripts, and you can approve scripts or signatures that aren't white listed.
A. On Fri, Apr 14, 2017 at 11:29 AM Emory Penney <[email protected]> wrote: > Hi, > > Does anyone know what's going on with the Groovy plugin right now? My > Jenkins instance is bugging me to update Groovy from 1.30 to 2.0 because of > this remote code execution security advisory > <https://jenkins.io/security/advisory/2017-04-10/> and when I visit > plugin manager I see the wonderful message: > Warning: the new version of this plugin claims to use a different settings > format than the installed version. Jobs using this plugin may need to be > reconfigured, and/or you may not be able to cleanly revert to the prior > version without manually restoring old settings. Consult the plugin release > notes for details. > > When I go to the Groovy Wiki <https://plugins.jenkins.io/groovy> I find > no references to WHAT has changed. Additionally, there aren't even release > notes for the new Groovy version... GitHub > <https://github.com/jenkinsci/groovy-plugin/compare/groovy-1.30...groovy-2.0>has > nothing. So... what gives? What am I going to break if I update this > plugin? It's a pretty big version number jump, so I'm assuming it's a big > change, and I refuse to upgrade if I don't have at least SOME heads up > about what might break before going in. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/16f507d9-eb9f-4a7a-affd-e99596c09ad8%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/16f507d9-eb9f-4a7a-affd-e99596c09ad8%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPbPdOY9MXvnqH9OQdWRNuLzCh7aF%3Dy%2BaKGsmnV6c%2Brr%3DLxasQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
