Jenkins allow unsafe plugin

0
votes

I'm setting up a new Jenkins instance on a closed network. I would like for the Jenkins build-server to be able to use the Grails plugin. The plugin however does not show under available plugins.

I think it is because of the following: https://jenkins.io/security/advisory/2017-04-10/ that states that the plugin is unsafe.

Inspecting http://updates.jenkins-ci.org/update-center.json shows then plugin, but only in regards to the security warning:

    {
        "id": "SECURITY-458",
        "message": "Arbitrary code execution vulnerability",
        "name": "grails",
        "type": "plugin",
        "url": "https://jenkins.io/security/advisory/2017-04-10/",
        "versions": [
            {
                "pattern": ".*"
            }
        ]
    }

Is there any way to force Jenkins to be able to download and use this plugin?

2
jenkins

2 Answers

0
votes

I think this message mean that your can`t download from Jenkins repository. But you can get sources from GitHub and build this plugin by you own. Or you can try my build

0
votes

You cannot force Jenkins to download unsafe plugins, but you can install them manually.

Download any plugin (even unsafe ones) from their Artifactory repo.

More information why unsafe plugins are not distributed anymore.