Why is my job failing with a message related to a dangerous class?

Article ID:360001743551
2 minute readKnowledge base

Issue

  • My job started failing and in the logs I can see the following message:

some.pkg.and.ClassName in file:/var/lib/jenkins/plugins/some-plugin-name/WEB-INF/lib/some-library-1.2.jar might be dangerous, so rejecting; see https://www.jenkins.io/redirect/class-filter/
  • My instance won’t load, I see a message with https://www.jenkins.io/redirect/class-filter/ in the startup log.

  • I cannot save configuration page, I see a message with https://www.jenkins.io/redirect/class-filter/ in the error window.

Environment

  • CloudBees Jenkins Enterprise - Managed controller (CJEMM)

  • Jenkins LTS

Context

If you are getting this error, it is most likely that you are experiencing a side effect of the Jenkins Enhancement Proposal 200.

For those interested to know what does this update imply, you can review the following articles:

Resolution

It is possible to work around the problem in your own installation as a temporary expedient (you should try to get the proper plugin versions so that the allowed classes are the ones allowlisted by Remoting). Simply make note of any class name(s) mentioned in such log messages, and run Jenkins with this startup option (details will depend on your installation method):

-Dhudson.remoting.ClassFilter=some.pkg.and.ClassName,some.pkg.and.OtherClassName

You have to consider that the process expressed above might require several iterations depending on the different class taxonomies.

This parameter will also solve any other XStream issue resulting in the same error, as this allowlisting approach has been applied both for Remoting layer and XStream.

Additional Steps

It would be advisable that you create a Support Ticket so that we can review the specific case and advise you accordingly. Adding the JEP-200 label to the description of the ticket will help triage the issue.

Testing Your Own Plugins

You can use Plugin Compatibility Tester tool to generate a matrix for plugins against a Jenkins core.

You can also check the specific section on the JEP-200: Remoting / XStream whitelist integrated into Jenkins core, for additional guidance on how to test your plugin.