![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
Jesse Glick
|
|
Components:
|
script-security |
|
Created:
|
24/Aug/14 12:44 AM
|
|
Description:
|
- script-security 1.5 introduced "Additional classpath".
- Those classpaths require administrators' approval.
- Class directories are valid for "Additional classpath".
- Once class directories are appoved, adding or replacing files in sub directories of those class directories no longer require approval.
- This should allow users to use classes that administrators doesn't want to allow.
Possible resolution:
- Don't allow class directories for "Additional classpath"
- This doesn't cause critical regressions as it is easy to create jar file from class directories.
- When a class directory is specified, check all files in the class directory.
- Leave this as a limitation.
I'll add a test and send a pull request to see this behavior.
|
|
Environment:
|
Jenkins 1.509.4, script-security 1.5, Java 1.7.0_45, Windows 8 (64bit)
|
|
Project:
|
Jenkins
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
ikedam
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
