[JIRA] (JENKINS-49699) Doktor plugin affected by JEP-200

Doktor plugin affected by JEP-200

Issue Type:	Bug
Assignee:	Siarhei Krukau
Components:	doktor-plugin
Created:	2018-02-22 16:52
Environment:	debian jessie
Labels:	JEP-200
Priority:	Minor
Reporter:	Laurent Dufour

Doktor plugin is affected by JEP-200 :

I use the step doktor and in the log there is this message :
java.util.concurrent.ExecutionException: java.lang.SecurityException: Rejected: kotlin.collections.EmptyList; see https://jenkins.io/redirect/class-filter/
and in catalina.out :

AVERTISSEMENT: org.jgrapht.DirectedGraph in file:/data/jenkins/plugins/build-flow-plugin/WEB-INF/lib/jgrapht-jdk1.5-0.7.3.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
févr. 22, 2018 5:44:17 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
AVERTISSEMENT: kotlin.collections.EmptyList in file:/data/jenkins/plugins/doktor/WEB-INF/lib/kotlin-stdlib-1.1.51.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

o.v.nenashev@gmail.com (JIRA)

unread,

Feb 23, 2018, 4:04:03 AM2/23/18

to jenkinsc...@googlegroups.com

Oleg Nenashev commented on

My proposal would be to integrate the plugin with the new Kotlin STL Library plugin and to whitelist the required Kotlin classes on its side

o.v.nenashev@gmail.com (JIRA)

unread,

Feb 23, 2018, 4:10:04 AM2/23/18

to jenkinsc...@googlegroups.com

Oleg Nenashev commented on

The plugin is based on Gradle, so I cannot run PCT against it. It's also hard to say how many Kotlin libs we will need to whitelist in order to make it working. Currently there are 44 installations of the plugin, so for JEP-200 maintainers it has a low priority being compared to other affected plugins. For now I will leave it to Siarhei Krukau, happy to advice if needed.

siarhei.krukau@gmail.com (JIRA)

unread,

Feb 26, 2018, 11:07:02 AM2/26/18

to jenkinsc...@googlegroups.com

Siarhei Krukau commented on

Oleg Nenashev, can you please take a look at this commit and tell whether it will be enough?

Thanks a lot!

o.v.nenashev@gmail.com (JIRA)

unread,

Feb 26, 2018, 11:18:03 AM2/26/18

to jenkinsc...@googlegroups.com

Oleg Nenashev commented on

Siarhei Krukau IIUC it won't be enough, the warning also mentions "kotlin.collections.EmptyList".

There are testing guidelines here: https://jenkins.io/blog/2018/01/13/jep-200/#testing-plugins-against-jenkins-2-102-and-above
Although the section is not applicable to Gradle builds, it may give you some idea how to run autotests (dependency bump generally)

o.v.nenashev@gmail.com (JIRA)

unread,

Mar 7, 2018, 6:01:03 AM3/7/18

to jenkinsc...@googlegroups.com

Oleg Nenashev commented on

Siarhei Krukau Hi, any updates? 2.107.1 lands in public next week, there will be a broader impact on users after that

siarhei.krukau@gmail.com (JIRA)

unread,

Mar 14, 2018, 8:00:02 AM3/14/18

to jenkinsc...@googlegroups.com

Siarhei Krukau commented on

Sorry, not yet. I guess 44 installations are not very critical.

josephp90@gmail.com (JIRA)

unread,

Mar 28, 2018, 5:38:02 PM3/28/18

to jenkinsc...@googlegroups.com

Joseph Petersen commented on

Just released kotlin-v1-stdlib-jdk8 which has the "kotlin.collections.EmptyList" as the initial classFilter

Going to suggest a PR at doktor

siarhei.krukau@gmail.com (JIRA)

unread,

Apr 8, 2018, 8:57:04 AM4/8/18

to jenkinsc...@googlegroups.com

Siarhei Krukau commented on

Oleg Nenashev I've tested this change: https://github.com/madhead/doktor/commit/d00e3f24d1b1be92391f3983405b58345b514135 and it seems to be working. I mean, listing those classes in META-INF/hudson.remoting.ClassFilter was enough. I have not seen any warnings about kotlin.collections.EmptyList.

Joseph Petersen, Oleg Nenashev I decided not to depend on other plugins. This forces me to use pluginFirstClassLoader is this a bad practice or not? I've seen no issues with it.

o.v.nenashev@gmail.com (JIRA)

unread,

Apr 12, 2018, 11:30:02 AM4/12/18

to jenkinsc...@googlegroups.com

Oleg Nenashev commented on