From 7aaedac817923d1bcc12e5dbe4ebe52d2cae7b1c Mon Sep 17 00:00:00 2001 From: Daniel Beck <1831569+daniel-beck@users.noreply.github.com> Date: Sat, 9 Mar 2024 15:29:33 +0100 Subject: [PATCH 1/7] Update bundled trilead-api to 2.84.86.vf9c960e9b_458 (#9022) Co-authored-by: Daniel Beck (cherry picked from commit 3a07440b339bc9da1b5c8632aa78a02e011b4e5b) --- war/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/war/pom.xml b/war/pom.xml index cf9a92d79ab9..400d9c366fbf 100644 --- a/war/pom.xml +++ b/war/pom.xml @@ -471,7 +471,7 @@ THE SOFTWARE. org.jenkins-ci.plugins trilead-api - 2.84.v72119de229b_7 + 2.84.86.vf9c960e9b_458 hpi From 57cab7aeef08b3be978a7e5706e52df6acc0531a Mon Sep 17 00:00:00 2001 From: James Nord Date: Wed, 6 Mar 2024 14:19:31 +0000 Subject: [PATCH 2/7] [JENKINS-72796] stable context classloader for Computer.threadPoolForRemoting (#9012) * [JENKINS-72796] stable context classloader for Computer.threadPoolForRemoting Whilst the threadpool used reset the context classloader at the end of any task, it did not ensure that the initial c;lassloader used was anything sepcific, rather it would use whatever the calling threads contextClassLoader was. This is now fixed as we use the Jenkins WebApp classloader (same as the Timer) which is used by (A)PeriodicTasks. Whilst we should really not have a context classloader (aka null) and this should be set where needed by code, almost everywhere in Jenkins the context classloader is already the webapp classloader, and so setting this to be different depending on how things where called would seemingly be a little scary. Arguably this and other context classloaders should be all set to null and any code that wants different should be changed, but this is a larger piece of work that would have potential impact on an unknown number of plugins in the ecosystem, so this fix uses what was set > 90% of the time. * Update core/src/test/java/hudson/model/ComputerTest.java --------- Co-authored-by: Tim Jacomb <21194782+timja@users.noreply.github.com> (cherry picked from commit 89195cc248eb973dae4212d613914d616805bc1d) --- core/src/main/java/hudson/model/Computer.java | 5 ++- .../test/java/hudson/model/ComputerTest.java | 40 +++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/core/src/main/java/hudson/model/Computer.java b/core/src/main/java/hudson/model/Computer.java index 1759397d0b6d..ad09c189edf7 100644 --- a/core/src/main/java/hudson/model/Computer.java +++ b/core/src/main/java/hudson/model/Computer.java @@ -63,6 +63,7 @@ import hudson.slaves.RetentionStrategy; import hudson.slaves.WorkspaceList; import hudson.triggers.SafeTimerTask; +import hudson.util.ClassLoaderSanityThreadFactory; import hudson.util.DaemonThreadFactory; import hudson.util.EditDistance; import hudson.util.ExceptionCatchingThreadFactory; @@ -1381,7 +1382,9 @@ public String call() throws IOException { Executors.newCachedThreadPool( new ExceptionCatchingThreadFactory( new NamingThreadFactory( - new DaemonThreadFactory(), "Computer.threadPoolForRemoting")))), ACL.SYSTEM2)); + new ClassLoaderSanityThreadFactory(new DaemonThreadFactory()), + "Computer.threadPoolForRemoting")))), + ACL.SYSTEM2)); // // diff --git a/core/src/test/java/hudson/model/ComputerTest.java b/core/src/test/java/hudson/model/ComputerTest.java index d7c27880c1af..bd5ddda4ab8c 100644 --- a/core/src/test/java/hudson/model/ComputerTest.java +++ b/core/src/test/java/hudson/model/ComputerTest.java @@ -8,9 +8,11 @@ import hudson.FilePath; import hudson.security.ACL; import java.io.File; +import java.util.ArrayList; import java.util.concurrent.ExecutionException; import java.util.concurrent.Future; import jenkins.model.Jenkins; +import jenkins.util.SetContextClassLoader; import org.junit.Test; import org.jvnet.hudson.test.Issue; import org.springframework.security.core.Authentication; @@ -45,4 +47,42 @@ public void testThreadPoolForRemotingActsAsSystemUser() throws InterruptedExcept Future job = Computer.threadPoolForRemoting.submit(Jenkins::getAuthentication2); assertThat(job.get(), is(ACL.SYSTEM2)); } + + @Issue("JENKINS-72796") + @Test + public void testThreadPoolForRemotingContextClassLoaderIsSet() throws Exception { + // as the threadpool is cached, any other tests here pollute this test so we need enough threads to + // avoid any cached. + final int numThreads = 5; + + // simulate the first call to Computer.threadPoolForRemoting with a non default classloader + try (var ignored = new SetContextClassLoader(new ClassLoader() {})) { + obtainAndCheckThreadsContextClassloaderAreCorrect(numThreads); + } + // now repeat this as the checking that the pollution of the context classloader is handled + obtainAndCheckThreadsContextClassloaderAreCorrect(numThreads); + } + + private static void obtainAndCheckThreadsContextClassloaderAreCorrect(int numThreads) throws Exception { + ArrayList> classloaderFuturesList = new ArrayList<>(); + // block all calls to getContextClassloader() so we create more threads. + synchronized (WaitAndGetContextClassLoader.class) { + for (int i = 0; i < numThreads; i++) { + classloaderFuturesList.add(Computer.threadPoolForRemoting.submit(WaitAndGetContextClassLoader::getContextClassloader)); + } + } + for (Future fc : classloaderFuturesList) { + assertThat(fc.get(), is(Jenkins.class.getClassLoader())); + } + } + + private static class WaitAndGetContextClassLoader { + + public static synchronized ClassLoader getContextClassloader() throws InterruptedException { + ClassLoader ccl = Thread.currentThread().getContextClassLoader(); + // intentionally pollute the Threads context classloader + Thread.currentThread().setContextClassLoader(new ClassLoader() {}); + return ccl; + } + } } From 0c9eb0c814e207f1957b8a59978163cbd993ade6 Mon Sep 17 00:00:00 2001 From: Jesse Glick Date: Mon, 4 Mar 2024 09:46:10 -0500 Subject: [PATCH 3/7] [JENKINS-72799] Apply `SlaveComputer.decorate` also to `openLogFile` (#9009) (cherry picked from commit c7ccbfdde15511b29b0b649b62b1d9fec09284dd) --- core/src/main/java/hudson/slaves/SlaveComputer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/src/main/java/hudson/slaves/SlaveComputer.java b/core/src/main/java/hudson/slaves/SlaveComputer.java index bc9922180f39..dbb579b9b3ae 100644 --- a/core/src/main/java/hudson/slaves/SlaveComputer.java +++ b/core/src/main/java/hudson/slaves/SlaveComputer.java @@ -386,7 +386,7 @@ public boolean isConnecting() { public OutputStream openLogFile() { try { log.rewind(); - return log; + return decorate(log); } catch (IOException e) { logger.log(Level.SEVERE, "Failed to create log file " + getLogFile(), e); return OutputStream.nullOutputStream(); From 2ca228aac4ec611ccb083215bc4739f83226e312 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 00:03:45 +0100 Subject: [PATCH 4/7] Bump org.springframework:spring-framework-bom from 5.3.32 to 5.3.33 (#9042) Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 5.3.32 to 5.3.33. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.32...v5.3.33) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit e9923d3d7a67f03b15f460ee34e5e83a073484bb) --- bom/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/pom.xml b/bom/pom.xml index 70f6da3c3741..1fe0793cb07d 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -56,7 +56,7 @@ THE SOFTWARE. org.springframework spring-framework-bom - 5.3.31 + 5.3.33 pom import From 1dba772b2779a22a01089602c374380558d2c8ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 21:47:42 +0100 Subject: [PATCH 5/7] Bump org.springframework.security:spring-security-bom from 5.8.10 to 5.8.11 (#9047) Bump org.springframework.security:spring-security-bom Bumps [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) from 5.8.10 to 5.8.11. - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/5.8.10...5.8.11) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 4666cae77ead4d111898348124fd5cf480bf4376) --- bom/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bom/pom.xml b/bom/pom.xml index 1fe0793cb07d..7a02d6f7152a 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -64,7 +64,7 @@ THE SOFTWARE. org.springframework.security spring-security-bom - 5.8.9 + 5.8.11 pom import From f25c5d061e1d1bda0cd131a2d219092ac4c5e733 Mon Sep 17 00:00:00 2001 From: Daniel Beck <1831569+daniel-beck@users.noreply.github.com> Date: Fri, 29 Mar 2024 03:20:13 +0100 Subject: [PATCH 6/7] Bump Mina to 2.12.1 in the CLI (#9089) Bump Mina to 2.12.1 Co-authored-by: Daniel Beck Co-authored-by: Mark Waite (cherry picked from commit 5e6387ad3a244b928d27f56e873b0a55ad30c07e) --- cli/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/pom.xml b/cli/pom.xml index 50588e3e692b..3767acc3d05f 100644 --- a/cli/pom.xml +++ b/cli/pom.xml @@ -15,7 +15,7 @@ https://github.com/jenkinsci/jenkins - 2.11.0 + 2.12.1 From 387f5a600bee5cae72cb95a6a1cf59bc8da14255 Mon Sep 17 00:00:00 2001 From: Basil Crow Date: Thu, 4 Apr 2024 10:40:35 -0700 Subject: [PATCH 7/7] Backport bundled plugin updates --- war/pom.xml | 70 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 24 deletions(-) diff --git a/war/pom.xml b/war/pom.xml index 400d9c366fbf..438c42220d13 100644 --- a/war/pom.xml +++ b/war/pom.xml @@ -46,6 +46,7 @@ THE SOFTWARE. localhost 8080 + 2.12.1-101.v85b_e08b_780dd 20.10.0 1.22.19 @@ -289,14 +290,14 @@ THE SOFTWARE. org.jenkins-ci.plugins mailer - 463.vedf8358e006b_ + 472.vf7c289a_4b_420 hpi org.jenkins-ci.plugins matrix-auth - 3.2.1 + 3.2.2 hpi @@ -317,35 +318,35 @@ THE SOFTWARE. org.jenkins-ci.plugins script-security - 1294.v99333c047434 + 1326.vdb_c154de8669 hpi org.jenkins-ci.plugins junit - 1240.vf9529b_881428 + 1265.v65b_14fa_f12f0 hpi org.jenkins-ci.plugins.workflow workflow-api - 1283.v99c10937efcb_ + 1291.v51fd2a_625da_7 hpi io.jenkins.plugins plugin-util-api - 3.6.0 + 4.1.0 hpi io.jenkins.plugins bootstrap5-api - 5.3.2-2 + 5.3.3-1 hpi @@ -360,7 +361,7 @@ THE SOFTWARE. org.jenkins-ci.plugins.workflow workflow-support - 865.v43e78cc44e0d + 896.v175a_a_9c5b_78f hpi @@ -368,14 +369,14 @@ THE SOFTWARE. org.jenkins-ci.plugins jackson2-api - 2.15.3-372.v309620682326 + 2.17.0-379.v02de8ec9f64c hpi io.jenkins.plugins echarts-api - 5.4.3-1 + 5.5.0-1 hpi @@ -399,7 +400,7 @@ THE SOFTWARE. io.jenkins.plugins jquery3-api - 3.7.1-1 + 3.7.1-2 hpi @@ -407,7 +408,7 @@ THE SOFTWARE. io.jenkins.plugins font-awesome-api - 6.4.2-1 + 6.5.1-3 hpi @@ -415,28 +416,28 @@ THE SOFTWARE. org.jenkins-ci.plugins.workflow workflow-step-api - 639.v6eca_cd8c04a_a_ + 657.v03b_e8115821b_ hpi org.jenkins-ci.plugins scm-api - 683.vb_16722fb_b_80b_ + 689.v237b_6d3a_ef7f hpi org.jenkins-ci.plugins structs - 325.vcb_307d2a_2782 + 337.v1b_04ea_4df7c8 hpi org.jenkins-ci.plugins bouncycastle-api - 2.29 + 2.30.1.77-225.v26ea_c9455fd9 hpi @@ -464,14 +465,14 @@ THE SOFTWARE. org.jenkins-ci.modules sshd - 3.312.v1c601b_c83b_0e + 3.322.v159e91f6a_550 hpi org.jenkins-ci.plugins trilead-api - 2.84.86.vf9c960e9b_458 + 2.142.v748523a_76693 hpi @@ -502,6 +503,13 @@ THE SOFTWARE. 4.5.14-208.v438351942757 hpi + + + io.jenkins.plugins + asm-api + 9.6-3.v2e1fa_b_338cd7 + hpi + io.jenkins.plugins @@ -513,42 +521,56 @@ THE SOFTWARE. io.jenkins.plugins commons-text-api - 1.11.0-94.v3e1f4a_926e49 + 1.11.0-95.v22a_d30ee5d36 + hpi + + + + io.jenkins.plugins + gson-api + 2.10.1-15.v0d99f670e0a_7 hpi io.jenkins.plugins ionicons-api - 56.v1b_1c8c49374e + 70.v2959a_b_74e3cf hpi io.jenkins.plugins jakarta-activation-api - 2.0.1-3 + 2.1.3-1 hpi io.jenkins.plugins jakarta-mail-api - 2.0.1-3 + 2.1.3-1 + hpi + + + + io.jenkins.plugins + json-api + 20240303-41.v94e11e6de726 hpi io.jenkins.plugins.mina-sshd-api mina-sshd-api-common - 2.11.0-86.v836f585d47fa_ + ${mina-sshd-api.version} hpi io.jenkins.plugins.mina-sshd-api mina-sshd-api-core - 2.11.0-86.v836f585d47fa_ + ${mina-sshd-api.version} hpi