Guard api/xml and api/json against OutOfMemoryError#26386
Guard api/xml and api/json against OutOfMemoryError#26386sahilleth wants to merge 1 commit intojenkinsci:masterfrom
Conversation
|
Yay, your first pull request towards Jenkins core was created successfully! Thank you so much! |
comment-ops-bot
bot
added
the
rfe
|
/label bug |
comment-ops-bot
bot
added
the
bug
Add a heap check before processing potentially large API responses. When free memory is below a configurable threshold (default 50MB), the request is rejected with HTTP 503 and a message suggesting use of the tree parameter to limit returned data. - System property hudson.model.Api.minFreeMemoryBytes to configure or disable (set to 0) - Applies to XML, JSON, and Python API endpoints - Add ApiTest.lowHeapRejectsApiRequest to verify rejection behavior JENKINS-75747
|
Thanks for your pull request to Jenkins core. I am closing this pull request as noted in the instructions for new contributors. This pull request does not use the pull request template. We rely on the pull request template for crucial information as part of the review process. When new contributors fail to use the pull request template, it wastes maintainer time. You are welcome to submit a replacement pull request that uses the pull request template of Jenkins core and shows that you have read and followed the contribution guidelines. |
2 participants
Summary
Introduce a heap memory guard for api/xml and api/json endpoints to reduce the risk of OutOfMemoryError when serving large API responses (JENKINS-75747).
Large API responses may require building substantial in-memory object graphs during serialization. Under low heap conditions, this can result in JVM instability affecting the entire controller. This change adds a configurable safety threshold to reject such requests before memory exhaustion occurs.
Changes
Api.java
Check available heap before serving XML, JSON, and Python API endpoints.
If free memory is below the configured threshold:
Respond with HTTP 503 (Service Unavailable).
Include a message suggesting use of the tree parameter to reduce payload size.
Messages.properties
Add Api_LowMemory message for the 503 response.
ApiTest.java
Add lowHeapRejectsApiRequest test to verify request rejection when available heap is below threshold.
Configuration
New system property:
hudson.model.Api.minFreeMemoryBytes
Defines the minimum free heap (in bytes) required before allowing API response processing.
Default: 50MB
Set to 0 to disable the guard.
This keeps default behavior unchanged under normal operating conditions while allowing administrators to tune or disable the protection if needed.
Rationale
Prevents controller-wide instability caused by large API serializations under low memory.
Keeps change minimally invasive.
Avoids architectural changes (e.g., streaming refactor) while providing immediate safety.
Fully configurable for different deployment sizes.
Testing
mvn test -Dtest=ApiTest#lowHeapRejectsApiRequest
With default configuration:
Normal API requests continue to succeed.
Guard only activates when heap falls below configured threshold.