Newest dependency check is breaking builds on older Gradle versions due to jackson-core 2.15.2 multi-release jar with Java 19 classes #5791
Comments
|
Jackson is a multi-release jar, which should be fine in any environment that uses a supported java version. Classes under |
|
And see also gradle/gradle#24390 |
|
Ah so upgrading gradle wrapper to 7.6 might fix this. Let me try that out. |
|
But this basically restricts the usage of dependency check gradle to gradle 7.6 or higher for version 8.3.1+ |
|
I'm not much in the gradle ecosystem. Would you be able to verify if gradle 6.9.4 yields the issue? |
|
Hmm... given https://docs.gradle.org/current/userguide/feature_lifecycle.html#eol_support it appears that 6.9.4 would be an anomaly (as in released despite 8.x was already there so it would typically be seen as EOL) due to the severity of log4shell... I suppose it won't get fixes should it also have the multirelease-jar-support issue. |
aikebah
changed the title
|
Same problem here with a gradle 6 multi project, and we can't easily migrate to higher gradle version (will be done later this year). |
|
I'm not sure if there is another way to force the version of jackson for ODC. Maybe use classpath instead of all - but I doubt that will work cleanly. I apologize about issue everyone is facing - I was forced to upgrade the project to gradle 7.x. With making no changes other then incrementing the version of ODC-core the build started failing due to dependency-check/dependency-check-gradle#339 |
|
As Hans pointed out - gradle 6 is EOL... |
|
I'm facing the same issue since today. I'm using:
|
|
I've upgraded Gradle from version 7.4.2 to 7.6.2, and the issue is fixed. |
Describe the bug
Jackson-bom 2.15.2 which is being passed in transitively by dependency check includes Jackson-core 2.15.2 which seems to contain a file that was compiled by file version 63 (aka java 19)
Version of dependency-check used
The problem occurs using version 8.3.1 of the gradle (cli, gradle plugin, maven plugin, etc.)
Log file
When reporting errors, 99% of the time log file output is required. Please post the log file as a gist and provide a link in the new issue.
java.util.concurrent.ExecutionException: org.gradle.api.GradleException: Failed to create Jar file /root/.gradle/caches/jars-9/87491e8cdb0229bafcb7120e23222513/jackson-core-2.15.2.jar
Caused by: java.io.IOException: Failed to process the entry 'META-INF/versions/19/com/fasterxml/jackson/core/io/doubleparser/FastDoubleSwar.class' from '/Users/saitx/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.15.2/a6fe1836469a69b3ff66037c324d75fc66ef137c/jackson-core-2.15.2.jar'
at org.gradle.internal.classpath.InstrumentingClasspathFileTransformer.lambda$visitEntries$1(InstrumentingClasspathFileTransformer.java:161)
at org.gradle.internal.classpath.ClasspathWalker.visitJarContents(ClasspathWalker.java:91)
at org.gradle.internal.classpath.ClasspathWalker.visit(ClasspathWalker.java:55)
at org.gradle.internal.classpath.InstrumentingClasspathFileTransformer.visitEntries(InstrumentingClasspathFileTransformer.java:148)
at org.gradle.internal.classpath.InstrumentingClasspathFileTransformer.lambda$instrument$0(InstrumentingClasspathFileTransformer.java:139)
at org.gradle.internal.classpath.ClasspathBuilder.buildJar(ClasspathBuilder.java:66)
at org.gradle.internal.classpath.ClasspathBuilder.jar(ClasspathBuilder.java:53)
... 9 more
Caused by: java.lang.IllegalArgumentException: Unsupported class file major version 63
at org.objectweb.asm.ClassReader.(ClassReader.java:199)
at org.objectweb.asm.ClassReader.(ClassReader.java:180)
at org.objectweb.asm.ClassReader.(ClassReader.java:166)
at org.gradle.internal.classpath.InstrumentingClasspathFileTransformer.lambda$visitEntries$1(InstrumentingClasspathFileTransformer.java:151)
... 15 more
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Runs with no errors
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: