Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.0.10, 2.1.0, 2.2.1
-
None
Description
Running "mvn package" on this POM snippet will crash:
<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>2.2</version> <configuration> <encoding>${localRepository}</encoding> </configuration> </plugin> </plugins> </build>
Output:
[INFO] Failed to configure plugin parameters for: org.apache.maven.plugins:maven-resources-plugin:2.2 Cause: Cannot assign value '[local] -> file://repo' to field: org.apache.maven.plugin.resources.ResourcesMojo.encoding; type: org.apache.maven.artifact.repository.DefaultArtifactRepository
Although this exploit is rather artificial, it demonstrates the problem. We have never properly reserved certain parameter expressions for usage by the core to inject magic values. Last but not least, we occasionally extend the list of supported expressions in newer Maven versions. That means we're in a bad position to demand plugin authors to not use these expressions. Hence we need to gracefully handle plugins that use this magic expressions for ordinary system properties.
The real-life example of this issue is MNG-3683, where the Help Plugin uses ${plugin} for a String-typed parameter but a new Maven version started to use this expression to inject the plugin descriptor.
Attachments
Issue Links
- is depended upon by
-
-
- Closed
-