[JIRA] (JENKINS-50980) MicroFocus DA step persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev commented on JENKINS-50980 Re: MicroFocus DA step persists PrintStream to the disk (JEP-200) Kevin Lee the plugin has been never released. Are you still interested in hosting it? Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50980) MicroFocus DA step persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-50980 MicroFocus DA step persists PrintStream to the disk (JEP-200) Change By: Oleg Nenashev According to the code inspection, there is a JEP-200 issue in the plugin: * https://github.com/jenkinsci/ loaderio microfocus - da- plugin/blob/ 987a638da8cfeda2f7cbe7bfab0d71ca920289bc d8b4f731e0d46a45f6a8cbacfd43084181f4d028 /src/main/java/ io com / loader microfocus /jenkins/ LoaderPublisher plugins/da/model/DAStep .java# L73 L128 This code likely causes a JEP-200 security exception when the object gets persisted to the disk. "java.io.PrintStream" is not whitelisted in Jenkins for a reason, because loggers are not expected reliably after being deserialized from the disk. Useful links about JEP-200:* Blog post for users: https://jenkins.io/blog/2018/03/15/jep-200-lts/* JEP-200 guidelines for plugin developers: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
[JIRA] (JENKINS-50980) MicroFocus DA step persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev assigned an issue to Kevin Lee Jenkins / JENKINS-50980 MicroFocus DA step persists PrintStream to the disk (JEP-200) Change By: Oleg Nenashev Assignee: Kevin Lee Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50980) MicroFocus DA step persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-50980 MicroFocus DA step persists PrintStream to the disk (JEP-200) Change By: Oleg Nenashev Component/s: microfocus-da-plugin Component/s: loaderio-jenkins Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50980) MicroFocus DA step persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev created an issue Jenkins / JENKINS-50980 MicroFocus DA step persists PrintStream to the disk (JEP-200) Issue Type: Bug Assignee: Unassigned Components: loaderio-jenkins Created: 2018-04-24 23:41 Labels: JEP-200 Priority: Minor Reporter: Oleg Nenashev According to the code inspection, there is a JEP-200 issue in the plugin: https://github.com/jenkinsci/loaderio-plugin/blob/987a638da8cfeda2f7cbe7bfab0d71ca920289bc/src/main/java/io/loader/jenkins/LoaderPublisher.java#L73 This code likely causes a JEP-200 security exception when the object gets persisted to the disk. "java.io.PrintStream" is not whitelisted in Jenkins for a reason, because loggers are not expected reliably after being deserialized from the disk. Useful links about JEP-200: Blog post for users: https://jenkins.io/blog/2018/03/15/jep-200-lts/ JEP-200 guidelines for plugin developers: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers
