Regressions in rolling line 2.263.2.2 (and CJP fixed lines 2.249.30.0.1 & 2.222.43.0.1) produced by SECURITY-1452

Introduction

All rolling releases for 2.263.2.2, and the CJP fixed lines 2.249.30.0.1 and 2.222.43.0.1, are affected by the three issues listed below.

You are affected by these issues in case that:

  • You have implemented custom scripts which expect Zip files of artifacts to have a top-level directory.
  • You use a pluggable storage like Artifact Manager S3 or Compress Artifacts Plugin.
  • You are serving user content ($JENKINS_HOME/userContent) from hosted Jenkins through plugins like Simple Theme Plugin, Custom Job Icon Plugin, HTML Publisher, or if you are downloading the files directly from workspace or artifact views.

Environment

The issue happens for rolling line 2.263.2.2 in all products listed below, but also for versions 2.249.30.0.1 and 2.222.43.0.1 for CJP

JENKINS-64621: Zip artifact downloads missing a top-level directory

Zip files downloaded from userContent/workspace/artifact views no longer have a top-level directory, but all the contents is at the root.

For example, for agent workspaces, the structure changed from jobName / a / b / c to a / b / c.

Affected Users

Users who download zip files from userContent, workspace, or archived artifacts using custom scripts.

Impact

The structure of zip files from artifacts/workspaces changed. This might break customers’ scripts which tries to retrieve the artifacts in a top-level directory instead of root level.

JENKINS-64655: UnsupportedOperationException in jenkins.util.VirtualFile.zip when downloading artifacts from pluggable storage

Artifacts can’t be downloaded from pluggable storage like Artifact Manager S3 or Compress Artifacts Plugin.

Affected Users

Users who use a pluggable storage in Jenkins.

Impact

External artifact storage no longer allows downloading multiple artifacts in Zip file. Jenkins shows an “Oops! A problem occurred while processing the request.” page every time you try to click the “(all files in zip)” link to download the artifacts. A stacktrace similar to the one below will show up in the Jenkins logs.

Caught unhandled exception with ID 8004672b-68d5-4bfa-a9a0-1282420e7540
java.lang.UnsupportedOperationException: Not implemented.
	at jenkins.util.VirtualFile.zip(VirtualFile.java:342)
	at hudson.model.DirectoryBrowserSupport.serveFile(DirectoryBrowserSupport.java:254)
	at hudson.model.DirectoryBrowserSupport.generateResponse(DirectoryBrowserSupport.java:156)
	at org.kohsuke.stapler.HttpResponseRenderer$Default.handleHttpResponse(HttpResponseRenderer.java:124)
	at org.kohsuke.stapler.HttpResponseRenderer$Default.generateResponse(HttpResponseRenderer.java:69)
	at org.kohsuke.stapler.Function.renderResponse(Function.java:164)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:147)
	at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)

JENKINS-64632: Jenkins master leaks file descriptors

There is a file descriptor leaks with images used by plugins like Simple Theme Plugin or Custom Job Icon Plugin, which use local hosted images.

Every time a page on the web ui containing locally hosted images is refreshed, a file descriptor is opened (and never closed).

Affected Users

You are actually serving user content from hosted Jenkins, e.g. files in workspaces, archived artifacts, files in $JENKINS_HOME/userContent, or using features provided by plugins such as HTML Publisher Plugin, Javadoc Plugin, and similar.

Impact

Jenkins runs out of file handles.

Resolution

Given the regressions listed above on this document, in case that you already addressed SECURITY-1452 by upgrading to 2.263.2.2 for rolling line, or 2.249.30.0.1, 2.222.43.0.1 for fixed line, it is recommended to upgrade to the following.

  • For rolling line: Upgrade from 2.263.2.2 to 2.263.2.3
  • For CJP fixed line:
  • Upgrade from 2.249.30.0.1 to 2.249.30.0.2
  • Upgrade from 2.222.43.0.1 to 2.222.43.0.2

Have more questions?

0 Comments

Please sign in to leave a comment.