[JIRA] (JENKINS-50990) Security exception in pipeline

egorovhome@gmail.com (JIRA)

unread,

Apr 25, 2018, 4:26:03 AM4/25/18

to jenkinsc...@googlegroups.com

Sergey Egorov created an issue

Jenkins /

JENKINS-50990

Security exception in pipeline

Issue Type:	Bug
Assignee:	Tomas Bjerre
Components:	git-changelog-plugin
Created:	2018-04-25 08:25
Environment:	Jira 2.107.2 git-changelog 2.2
Labels:	JEP-200
Priority:	Major
Reporter:	Sergey Egorov

Seems JEP-200 hit

Pipeline fragment:
def changes = gitChangelog returnType: 'CONTEXT',
{{ from: [type: 'REF', value: env.GERRIT_BRANCH /*env.GIT_PREVIOUS_COMMIT*/],}}
{{ to: [type: 'COMMIT', value: env.GERRIT_PATCHSET_REVISION /*env.GIT__COMMIT*/],}}
{{ jira: [issuePattern: 'XXX-([0-9]+)}}
b', password: '', server: '', username: '']

Output:
{{ java.lang.SecurityException: Rejected: se.bjurr.gitchangelog.api.model.Changelog; see }}
{{ https://jenkins.io/redirect/class-filter/}}
{{ at hudson.remoting.ClassFilter.check(ClassFilter.java:76)}}
{{ at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:129)}}
{{ at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1859)}}
{{ at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1745)}}
{{ at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2033)}}
{{ at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)}}
{{ at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)}}
{{ at hudson.remoting.UserRequest.deserialize(UserRequest.java:277)}}
{{ at hudson.remoting.UserResponse.retrieve(UserRequest.java:310)}}
{{ at hudson.remoting.Channel.call(Channel.java:952)}}
{{ Caused: java.io.IOException: Failed to deserialize response to UserRequest:org.jenkinsci.plugins.gitchangelog.steps.GitChangelogStep$1$1@6c04f8e1}}
{{ at hudson.remoting.Channel.call(Channel.java:960)}}
{{ at hudson.FilePath.act(FilePath.java:1093)}}
{{ at org.jenkinsci.plugins.gitchangelog.steps.GitChangelogStep$1.run(GitChangelogStep.java:329)}}
{{ at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution$1$1.call(SynchronousNonBlockingStepExecution.java:49)}}
{{ at hudson.security.ACL.impersonate(ACL.java:290)}}
{{ at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution$1.run(SynchronousNonBlockingStepExecution.java:46)}}
{{ at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)}}
{{ at java.util.concurrent.FutureTask.run(FutureTask.java:266)}}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)}}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)}}
{{ at java.lang.Thread.run(Thread.java:748)}}
{{ Finished: FAILURE}}