[JENKINS-28298] Reject unauthenticated configurations via REST / CLI #21
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
JENKINS-28298
See also https://wiki.jenkins-ci.org/display/JENKINS/JENKINS-28298
When using authorize-project <= 1.1.0 with Jenkins >= 1.545,
users can inject unauthenticated
SpecificUserAuthorizationStrategy
andSystemAuthorizationStrategy
(SystemAuthorizationStrategy
is not released yet).Followings are required for the fundamental resolution:
XStream2#addCriticalField
Jenkins 1.532 - 1.544 is not affected by this issue, and I know I can support those versions by using Java reflections to call
XStream2#addCriticalField
.But I decided to change the target version to 1.625 as: