Metaspace Leak in Pipeline Groovy and Script Security with Java 11

Issue

Jenkins restarts randomly due to memory issues
The metaspace on the controller instance has been slowly filling, though the java heap space usage stays relatively low.

Environment

CloudBees CI (CloudBees Core) < 2.346.1.4
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller < 2.346.1.4
CloudBees CI (CloudBees Core) on traditional platforms - Client controller < 2.346.1.4
Script security plugin < 1175.v4b_d517d6db_f0
Pipeline: Groovy Plugin < 2705.v0449852ee36f
Java 11

Related Issue(s)

Explanation

A bug in Java 11 JDK-8231454 is causing a leak of com.sun.beans.introspect.ClassInfo the metaspace whenever a the method java.beans.Introspector#getBeanInfo is invoked. In Jenkins, this is mainly used by the groovy engine through Pipeline: Groovy and Script Security for example.

The problem has been tackled in two directions:

workarounds have been implemented in Jenkins Core, Pipeline Groovy plugin 2705.v0449852ee36f and *Script Security_ plugin 1175.v4b_d517d6db_f0
a fix has been implemented in Java 11.0.16

Resolution

There are different solutions to solve this problem: upgrade Core/Plugins or upgrade java or both.

Solution 1: Upgrade Core and Plugins

Upgrade CloudBees CI to version 2.346.1.4 or later. This release contains the fix versions of Pipeline Groovy plugin and Script Security plugin.

Solution 2: Upgrade Java

Upgrade Java to version 11.0.16.1 or later.

due to another memory leak introduced in version 11.0.16, prefer version 11.0.16.1 or later rather than 11.0.16.

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.