[JIRA] (JENKINS-16319) Failure to delete old config files during rekeying on Windows

[jgl...@cloudbees.com (JIRA)]

Jesse Glick commented on JENKINS-16319 Failure to delete old config files during rekeying on Windows @alexlombardi keep discussion about authentication in JENKINS-16273. This is about rekeying only. And BTW giving anonymous users slave connect permissions is insecure (unless your network or servlet container adds independent security layers). @romanhar Jenkins will only attempt to rewrite a file if it found some changes to make, meaning that the existing file contained insecurely encrypted passwords, so yes I think this is a problem. I suspect that the root cause here is code in core or plugins which opens input streams on config files and fails to promptly close them in a finally block. On Windows, an open InputStream holds a mandatory file lock until it is garbage collected.

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira