[ANNOUNCE] Active Choices v2.0 available again from the Jenkins update center

7 views
Skip to first unread message

Ioannis Moutsatsos

unread,
Nov 6, 2017, 10:59:16 AM11/6/17
to BioUno Developers
Greetings to all;

After a long wait the Active Choices plugin v2.0 is again available from the Jenkins distribution center.

We have several people to thank for this, especially Jesse Glick and Daniel Beck for shepherding the plugin through the 'troubled waters' of advanced Jenkins security.

Active Choices is now elegantly disentangled from the Scriptler plugin whose previously mandatory dependency had blocked its distribution from the Jenkins update center.

I think that the current Active Choices plugin version strikes the perfect balance between security and the advanced functionality (like dynamic HTML) that made Active Choices so useful and unique.

So here is a summary of the most recent changes:
  1. Scriptler dependency is optional
    • If you already have the Scriptler plugin installed, it can be used as in the previous Active Choices versions
    • If you don't have Scriptler, you can still use custom embedded Groovy scripts (sandboxed or not) to create options for Active Choice parameters
  2. Sandboxed Groovy scripts will no longer emit HTML that is considered unsafe. (such as <script> elements)
The Active Choices plugin runs safely, and still allows arbitrary HTML for those who don't need fine-grained permissions.
  • If the user who configures the job is an administrator on the Jenkins instance, they can just bypass the sandbox and there will be arbitrary HTML.
  • If the user who configures the job doesn't need JavaScript and similar powerful output (like the "wine recommendation" on the wiki), they can just use the sandbox and it won't affect them.
  • If the user who configures the job is not an administrator, they can choose to get only sanitized output, or to get an administrator to approve the Groovy Script.
With these enhancements in place, we are looking forward to resuming the functional enhancement of Active Choices, so that we continue to enhance free-style jobs with dynamic and interactive build forms.

Thank your for your patience, your suggestions and code contributions!

best regards
Ioannis & Bruno

Bruno P. Kinoshita

unread,
Nov 6, 2017, 4:24:33 PM11/6/17
to biouno-d...@googlegroups.com
Excellent write-up about the recent changes. And also would like to thank all for helping this release. I believe it includes changes from issues & pull requests reported by users, and the security fixes from CloudBees engineers.

Issues involving security, remote execution, special use cases from certain users, only demonstrate the plug-in is indeed filling a gap and helping a community of users in Jenkins and in life-sciences.

I am testing another pull request these next days, so a 2.0.1 release is pre-scheduled for Nov/December. In case any of you would like to see another issue or feature implemented in the next release, feel free to comment here, in JIRA, or GitHub.

Cheers
Bruno



From: Ioannis Moutsatsos <imout...@gmail.com>
To: BioUno Developers <biouno-d...@googlegroups.com>
Sent: Tuesday, 7 November 2017 4:59 AM
Subject: [ANNOUNCE] Active Choices v2.0 available again from the Jenkins update center

--
You received this message because you are subscribed to the Google Groups "BioUno Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to biouno-develop...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Reply all
Reply to author
Forward
0 new messages