[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title jeremy hochheiser commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Sam Gleske and Mark Dietzer, this is still an issue all the way from 2.131.2 to LTS (2.164.2). We are stuck on 2.131.1 and unable to move forwards until this is resolved. Could you please revisit this issue? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Sam Gleske updated an issue Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Change By: Sam Gleske Released As: github-oauth- 0.31 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Sam Gleske updated JENKINS-54031 Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Change By: Sam Gleske Status: Fixed but Unreleased Resolved Released As: 0.31 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Sam Gleske commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 A few minutes ago I released 0.31 which includes https://github.com/jenkinsci/github-oauth-plugin/pull/103. This should be resolved. Please re-open if not. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Sam Gleske updated JENKINS-54031 Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Change By: Sam Gleske Status: Open Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Lo Nigro commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Are there any workarounds that don't cause security issues? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Adam Lock updated an issue Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Change By: Adam Lock Priority: Major Critical Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Per today's security advisory, it is indeed not safe to apply the workaround that disables the additional permission check. Previously published documentation has been updated. https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595 https://jenkins.io/doc/upgrade-guide/2.138/#security-hardening-impacts-use-of-github-oauth-plugin Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Keith Harvey commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Any update on this, Thanks Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Adam Lock commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Any update on this? The workaround seems like it could become a concern. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Matt Friedman commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Does setting those skip permission check options to true (re)introduce a security issue? Thank you. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck updated an issue Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Change By: Daniel Beck Priority: Critical Major Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Steph Gosling Thanks! Merged the doc update and will lower priority to reflect the presence of a workaround. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Steph Gosling edited a comment on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 On Ubuntu 16.04 with 2.138.2 (as packaged by Canonical) setting the two properties does indeed appear to resolve: non- Jenkins admin -in-jenkins github users are able to browse projects, see console logs for builds Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Steph Gosling commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 On Ubuntu 16.04 with 2.138.2 (as packaged by Canonical) setting the two properties does indeed appear to resolve: non-Jenkins admin github users are able to browse projects, see console logs for builds Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title
AnneTheAgile edited a comment on JENKINS-54031
Re: GitHub OAuth plugin fails with Jenkins 2.146
[~jkmatt] fyi, the upgrade guide referenced in above PR against this ticket adds;{code:java}As a workaround, it is possible to temporarily disable part of the security hardening by setting the https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties[Java system properties] `hudson.model.AbstractItem.skipPermissionCheck` and `hudson.model.Run.skipPermissionCheck` to `true`. {code}
Add Comment
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title AnneTheAgile commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Matt Friedman fyi, the upgrade guide referenced above adds; As a workaround, it is possible to temporarily disable part of the security hardening by setting the https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties[Java system properties] `hudson.model.AbstractItem.skipPermissionCheck` and `hudson.model.Run.skipPermissionCheck` to `true`. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Amending upgrade guide in https://github.com/jenkins-infra/jenkins.io/pull/1843 – would appreciate if someone could try the amended instructions so we know these are a complete workaround. Can also be done while Jenkins is running (until the next restart) by running the following script console script: hudson.model.AbstractItem.SKIP_PERMISSION_CHECK = true hudson.model.Run.SKIP_PERMISSION_CHECK = true Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Oh, right. That makes sense. That's controlled by a different system property: hudson.model.Run.skipPermissionCheck. You'll need to set both to true. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Matt Friedman commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Daniel Beck Setting the property only partially fixed the issue for us. We downgraded to get back full functionality. IIRC, it allowed access to the summary page for a build, but not to things like console log. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Could I get confirmation that setting the system property I mentioned in a previous comment works in fact for nobody who's affected? Because that would be a related core bug. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Matt Friedman commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 fisnik hajredini It prevents us from upgrading Jenkins from a version that has security issues. I'd call that critical also. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title fisnik hajredini commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 We run an open source software, and its quite important for our external contributors to be able to view their build progress. This bugs Priority was on Moderate but i increased it to Critical. I hope thats fine. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Alexander Chernaev commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 We're having the same issue with Jenkins 2.138.2 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title fisnik hajredini updated an issue Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Change By: fisnik hajredini Priority: Major Critical Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title fisnik hajredini commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Has there been a fix on this yet? We seem to have the same issue on 2.138.2 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Josh Pollara commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Downgrading to Jenkins 2.145 fixed the issue for me. Poor long-term solution. Hoping this is fixed sooner rather than later. Thanks! Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Chris Williams commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 I posted a PR with a potential fix here: https://github.com/jenkinsci/github-oauth-plugin/pull/101 Could use some guidance on what the proper set of permissions to allow when "allow authenticated user to create jobs" is enabled. Also could use some actual usage/testing in a real install, since I haven't actually tried my own fix yet. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Matt Friedman commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 We experienced all of the above issues. Finally to fix the issue fully we downgraded to 2.138.1 Hope this is fixed in the ubuntu pkg before long. Thank you. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title
Russell Knighton edited a comment on JENKINS-54031
Re: GitHub OAuth plugin fails with Jenkins 2.146
For us, the workaround didn't work fully - it restored the ability for a regular user to browse and navigate each repository/branch etc., but when they tried to view individual jobs, they were 404'd, and the following is dumped to the {{jenkins.log}}:{noformat}Oct 15, 2018 3:51:08 PM hudson.init.impl.InstallUncaughtExceptionHandler lambda$init$0 WARNING: nulljava.lang.IllegalStateException: Committed at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:853) at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:960) at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) at org.eclipse.jetty.server.Response.sendRedirect(Response.java:720) at org.eclipse.jetty.server.Response.sendRedirect(Response.java:729) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at org.kohsuke.stapler.ResponseImpl.sendRedirect(ResponseImpl.java:138) at org.kohsuke.stapler.ResponseImpl.sendRedirect2(ResponseImpl.java:153) at org.kohsuke.stapler.DirectoryishDispatcher.dispatch(DirectoryishDispatcher.java:28) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Russell Knighton commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 For us, the workaround didn't work fully - it restored the ability for a regular user to browse and navigate each repository/branch etc., but when they tried to view individual jobs, they were 404'd, and the following is dumped to the jenkins.log: Oct 15, 2018 3:51:08 PM hudson.init.impl.InstallUncaughtExceptionHandler lambda$init$0 WARNING: null java.lang.IllegalStateException: Committed at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:853) at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:960) at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) at org.eclipse.jetty.server.Response.sendRedirect(Response.java:720) at org.eclipse.jetty.server.Response.sendRedirect(Response.java:729) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at org.acegisecurity.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendRedirect(HttpSessionContextIntegrationFilter.java:525) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:176) at org.kohsuke.stapler.ResponseImpl.sendRedirect(ResponseImpl.java:138) at org.kohsuke.stapler.ResponseImpl.sendRedirect2(ResponseImpl.java:153) at org.kohsuke.stapler.DirectoryishDispatcher.dispatch(DirectoryishDispatcher.java:28) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletF
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 Amending 2.138.2 upgrade guide in https://github.com/jenkins-infra/jenkins.io/pull/1835 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck updated an issue Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Change By: Daniel Beck Labels: regression Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 (Note that my comment was originally written for a different report, so it might not only affect allowAnonymousReadPermission. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Daniel Beck commented on JENKINS-54031 Re: GitHub OAuth plugin fails with Jenkins 2.146 It seems that GitHub OAuth plugin ignores permission relationships, specifically permissions implied by Item/Read with allowAnonymousReadPermission set. Item/Discover is declared to be implied by Item/Read: https://github.com/jenkinsci/jenkins/blob/371b9c134681e3e04f52a5e0bb39c747e6d44c45/core/src/main/java/hudson/model/Item.java#L258 That's what the Stapler routing hardening in 2.138.2 and 2.146 assumes to be the case to make this nice and succinct: https://github.com/jenkinsci/jenkins/blob/371b9c134681e3e04f52a5e0bb39c747e6d44c45/core/src/main/java/hudson/model/AbstractItem.java#L942...L949 (This slightly more readable code that'll make it into 2.147 after https://github.com/jenkinsci/jenkins/pull/3690 but functionally in this regard identical to what's in 2.138.2) GitHub OAuth needs to handle permissions implied by those it grants, at least Item/Discover. I'm pretty OK with the behavior in core. Meanwhile, you could set the system property hudson.model.AbstractItem.skipPermissionCheck to true ( https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties ), but note that this disables a security improvement. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-54031) GitHub OAuth plugin fails with Jenkins 2.146
Title: Message Title Mark Dietzer created an issue Jenkins / JENKINS-54031 GitHub OAuth plugin fails with Jenkins 2.146 Issue Type: Bug Assignee: Sam Gleske Components: github-oauth-plugin Created: 2018-10-11 21:52 Priority: Major Reporter: Mark Dietzer When updating to Jenkins 2.146 the "GitHub Committer Authorization strategy" no longer works. Users can log in but get granted no permissions at all. Downgrading to Jenkins 2.145 fixes the issue (but due to security advisories being present isn't a good solution at all) Setting logging to FINEST shows the plugin "tries" to grant the correct permissions, but Jenkins does not seem to respect them. Add Comment
