Basically, the Groovy plugin (and a bunch of other plugins with Groovy scripting involved) now go through the script security process. So by default, not everything is white listed in a system Groovy script. There are no changes to non-system Groovy scripts, and you can approve scripts or signatures that aren't white listed.
A. On Fri, Apr 14, 2017 at 11:29 AM Emory Penney <treadston...@gmail.com> wrote: > Hi, > > Does anyone know what's going on with the Groovy plugin right now? My > Jenkins instance is bugging me to update Groovy from 1.30 to 2.0 because of > this remote code execution security advisory > <https://jenkins.io/security/advisory/2017-04-10/> and when I visit > plugin manager I see the wonderful message: > Warning: the new version of this plugin claims to use a different settings > format than the installed version. Jobs using this plugin may need to be > reconfigured, and/or you may not be able to cleanly revert to the prior > version without manually restoring old settings. Consult the plugin release > notes for details. > > When I go to the Groovy Wiki <https://plugins.jenkins.io/groovy> I find > no references to WHAT has changed. Additionally, there aren't even release > notes for the new Groovy version... GitHub > <https://github.com/jenkinsci/groovy-plugin/compare/groovy-1.30...groovy-2.0>has > nothing. So... what gives? What am I going to break if I update this > plugin? It's a pretty big version number jump, so I'm assuming it's a big > change, and I refuse to upgrade if I don't have at least SOME heads up > about what might break before going in. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/16f507d9-eb9f-4a7a-affd-e99596c09ad8%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/16f507d9-eb9f-4a7a-affd-e99596c09ad8%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPbPdOY9MXvnqH9OQdWRNuLzCh7aF%3Dy%2BaKGsmnV6c%2Brr%3DLxasQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
