Hi, We are currently using 2.32.2 LTS in production env. I wanted to update it to 2.46.x LTS, but after playing with test environment, I found huge issue with script approval. 2.32.2 despite having Script Security Plugin (1.25) installed and enabled, system groovy scripts are working fine, even when triggered using timer (not by admin user).
2.46 requires update to 1.27 which introduced sandbox and whitelisting. Problem is that we have a ton of automation scripts that are kept in repository with access only for CI team repo. Thus - we already have layer of security for who can edit those scripts - for some internal reasons (don't ask) some scripts are self-modifying, and whitelisting them each minute sounds like a boring idea. Permissive Script Security Plugin does not work for me. After installation and adding -Dpermissive-script-security.enabled=true does not work for me - scripts are still blocked. So my question is - how to permanently disable script security?. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8e1bc282-52d7-4d86-a7ec-36569bd98db3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
