diff --git a/Jenkinsfile b/Jenkinsfile
index 87a086dad..a229fa517 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1 +1 @@
-buildPlugin(configurations: buildPlugin.recommendedConfigurations())
+buildPlugin()
diff --git a/pom.xml b/pom.xml
index 2ebb37122..080ff2f40 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
org.jenkins-ci.plugins
plugin
- 3.55
+ 4.3
@@ -67,7 +67,7 @@
2.3.12
-SNAPSHOT
- 2.138.4
+ 2.222.4
8
4.5
1.35
@@ -90,8 +90,8 @@
io.jenkins.tools.bom
- bom-2.138.x
- 3
+ bom-2.222.x
+ 11
import
pom
diff --git a/src/main/java/com/cloudbees/plugins/credentials/CredentialsStoreAction.java b/src/main/java/com/cloudbees/plugins/credentials/CredentialsStoreAction.java
index 826e5f4c4..5cf6b8d6c 100644
--- a/src/main/java/com/cloudbees/plugins/credentials/CredentialsStoreAction.java
+++ b/src/main/java/com/cloudbees/plugins/credentials/CredentialsStoreAction.java
@@ -28,7 +28,6 @@
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainSpecification;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
-import com.cloudbees.plugins.credentials.util.XMLUtils;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
@@ -84,6 +83,7 @@
import jenkins.model.Jenkins;
import jenkins.model.ModelObjectWithChildren;
import jenkins.model.ModelObjectWithContextMenu;
+import jenkins.util.xml.XMLUtils;
import net.sf.json.JSONObject;
import org.acegisecurity.AccessDeniedException;
import org.apache.commons.lang.StringUtils;
diff --git a/src/main/java/com/cloudbees/plugins/credentials/GlobalCredentialsConfiguration.java b/src/main/java/com/cloudbees/plugins/credentials/GlobalCredentialsConfiguration.java
index aceefc2e1..03dd5df59 100644
--- a/src/main/java/com/cloudbees/plugins/credentials/GlobalCredentialsConfiguration.java
+++ b/src/main/java/com/cloudbees/plugins/credentials/GlobalCredentialsConfiguration.java
@@ -68,6 +68,7 @@ public class GlobalCredentialsConfiguration extends ManagementLink
/**
* Our filter.
*/
+ @Deprecated
public static final Predicate FILTER = Category.class::isInstance;
/**
@@ -164,7 +165,7 @@ private boolean configure(StaplerRequest req, JSONObject json) throws FormExcept
// persist all the provider configs
boolean result = true;
- for (Descriptor d : Functions.getSortedDescriptorsForGlobalConfig(FILTER)) {
+ for (Descriptor d : Functions.getSortedDescriptorsForGlobalConfigByDescriptor(Category.class::isInstance)) {
result &= configureDescriptor(req, json, d);
}
diff --git a/src/main/java/com/cloudbees/plugins/credentials/cli/BaseCredentialsCLICommand.java b/src/main/java/com/cloudbees/plugins/credentials/cli/BaseCredentialsCLICommand.java
index e0c527183..a90fa42d5 100644
--- a/src/main/java/com/cloudbees/plugins/credentials/cli/BaseCredentialsCLICommand.java
+++ b/src/main/java/com/cloudbees/plugins/credentials/cli/BaseCredentialsCLICommand.java
@@ -27,7 +27,6 @@
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.domains.Domain;
-import com.cloudbees.plugins.credentials.util.XMLUtils;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.xml.XppDriver;
import hudson.cli.CLICommand;
@@ -42,6 +41,8 @@
import javax.xml.transform.TransformerException;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
+
+import jenkins.util.xml.XMLUtils;
import org.apache.commons.lang.StringUtils;
import org.xml.sax.SAXException;
diff --git a/src/main/java/com/cloudbees/plugins/credentials/util/RestrictiveEntityResolver.java b/src/main/java/com/cloudbees/plugins/credentials/util/RestrictiveEntityResolver.java
deleted file mode 100644
index 00a1d20d9..000000000
--- a/src/main/java/com/cloudbees/plugins/credentials/util/RestrictiveEntityResolver.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package com.cloudbees.plugins.credentials.util;
-
-import org.kohsuke.accmod.Restricted;
-import org.kohsuke.accmod.restrictions.NoExternalUse;
-import org.xml.sax.EntityResolver;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-import java.io.IOException;
-
-/**
- * TODO This class is a clone of {@link jenkins.util.xml.RestrictiveEntityResolver} because the last is Restricted.
- * It's expected that the weekly release 2.179 unrestrict this class. More info: https://github.com/jenkinsci/jenkins/pull/4032
- */
-
-@Restricted(NoExternalUse.class)
-public final class RestrictiveEntityResolver implements EntityResolver {
-
- public final static RestrictiveEntityResolver INSTANCE = new RestrictiveEntityResolver();
-
- private RestrictiveEntityResolver() {
- // prevent multiple instantiation.
- super();
- }
-
- /**
- * Throws a SAXException if this tried to resolve any entity.
- */
- @Override
- public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
- throw new SAXException("Refusing to resolve entity with publicId(" + publicId + ") and systemId (" + systemId + ")");
- }
-}
diff --git a/src/main/java/com/cloudbees/plugins/credentials/util/XMLUtils.java b/src/main/java/com/cloudbees/plugins/credentials/util/XMLUtils.java
deleted file mode 100644
index 0249e0d1d..000000000
--- a/src/main/java/com/cloudbees/plugins/credentials/util/XMLUtils.java
+++ /dev/null
@@ -1,93 +0,0 @@
-package com.cloudbees.plugins.credentials.util;
-
-import org.kohsuke.accmod.Restricted;
-import org.kohsuke.accmod.restrictions.NoExternalUse;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-import org.xml.sax.XMLReader;
-import org.xml.sax.helpers.XMLReaderFactory;
-
-import javax.annotation.Nonnull;
-import javax.xml.XMLConstants;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.sax.SAXSource;
-import javax.xml.transform.sax.SAXTransformerFactory;
-import java.util.logging.Level;
-import java.util.logging.LogManager;
-import java.util.logging.Logger;
-
-/**
- * TODO This class is a clone of {@link jenkins.util.xml.XMLUtils} because the last is Restricted.
- * It's expected that the weekly release 2.179 unrestrict this class. More info: https://github.com/jenkinsci/jenkins/pull/4032
- */
-@Restricted(NoExternalUse.class)
-public class XMLUtils {
- private final static Logger LOGGER = LogManager.getLogManager().getLogger(XMLUtils.class.getName());
-
- private static final String FEATURE_HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_GENERAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
- private static final String FEATURE_HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_PARAMETER_ENTITIES = "http://xml.org/sax/features/external-parameter-entities";
- private final static String DISABLED_PROPERTY_NAME = "jenkins.util.xml.XMLUtils.disableXXEPrevention";
-
- public static void safeTransform(@Nonnull Source source, @Nonnull Result out) throws TransformerException,
- SAXException {
-
- InputSource src = SAXSource.sourceToInputSource(source);
- if (src != null) {
- SAXTransformerFactory stFactory = (SAXTransformerFactory) TransformerFactory.newInstance();
- stFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-
- XMLReader xmlReader = XMLReaderFactory.createXMLReader();
- setFeatureQuietly(xmlReader, FEATURE_HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_GENERAL_ENTITIES, false);
- setFeatureQuietly(xmlReader, FEATURE_HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_PARAMETER_ENTITIES, false);
-
- // defend against XXE
- // the above features should strip out entities - however the feature may not be supported depending
- // on the xml implementation used and this is out of our control.
- // So add a fallback plan if all else fails.
- xmlReader.setEntityResolver(RestrictiveEntityResolver.INSTANCE);
- SAXSource saxSource = new SAXSource(xmlReader, src);
- _transform(saxSource, out);
- }
- else {
- // for some reason we could not convert source
- // this applies to DOMSource and StAXSource - and possibly 3rd party implementations...
- // a DOMSource can already be compromised as it is parsed by the time it gets to us.
- if (Boolean.getBoolean(DISABLED_PROPERTY_NAME)) {
- LOGGER.log(Level.WARNING, "XML external entity (XXE) prevention has been disabled by the system " +
- "property {0}=true Your system may be vulnerable to XXE attacks.", DISABLED_PROPERTY_NAME);
- if (LOGGER.isLoggable(Level.FINE)) {
- LOGGER.log(Level.FINE, "Caller stack trace: ", new Exception("XXE Prevention caller history"));
- }
- _transform(source, out);
- }
- else {
- throw new TransformerException("Could not convert source of type " + source.getClass() + " and " +
- "XXEPrevention is enabled.");
- }
- }
- }
-
- @SuppressWarnings("lgtm[java/xxe]") // intentional fallback method
- private static void _transform(Source source, Result out) throws TransformerException {
- TransformerFactory factory = TransformerFactory.newInstance();
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-
- // this allows us to use UTF-8 for storing data,
- // plus it checks any well-formedness issue in the submitted data.
- Transformer t = factory.newTransformer();
- t.transform(source, out);
- }
-
- private static void setFeatureQuietly(XMLReader reader, String feature, boolean value) {
- try {
- reader.setFeature(feature, value);
- }
- catch (SAXException ignored) {
- // ignore and continue in case the feature cannot be changed
- }
- }
-}