Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.8.2
-
None
Description
I have a project that uses org.apache.maven.plugin-testing:maven-plugin-testing-harness:3.3.0 for testing a Maven plugin.
After upgrading the project’s Maven dependencies from Maven 3.8.1 to 3.8.2 I got this error message when running tests:
Error injecting: org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher java.lang.NoClassDefFoundError: org/sonatype/plexus/components/cipher/PlexusCipher ... 117 more
PlexusCipher is a class in the plexus-cipher artifact, which is a transitive dependency of maven-core 3.8.1:
[INFO] org.example:plexus-cipher-mystery:jar:1.0-SNAPSHOT [INFO] \- org.apache.maven:maven-core:jar:3.8.1:compile [INFO] +- org.apache.maven:maven-model:jar:3.8.1:compile [INFO] +- org.apache.maven:maven-settings:jar:3.8.1:compile [INFO] +- org.apache.maven:maven-settings-builder:jar:3.8.1:compile [INFO] | +- org.codehaus.plexus:plexus-interpolation:jar:1.25:compile [INFO] | \- org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:compile [INFO] | \- org.sonatype.plexus:plexus-cipher:jar:1.4:compile [INFO] +- org.apache.maven:maven-builder-support:jar:3.8.1:compile (…snip…)
But plexus-cipher is not a transitive dependency of maven-core 3.8.2:
[INFO] org.example:plexus-cipher-mystery:jar:1.0-SNAPSHOT [INFO] \- org.apache.maven:maven-core:jar:3.8.2:compile [INFO] +- org.apache.maven:maven-model:jar:3.8.2:compile [INFO] +- org.apache.maven:maven-settings:jar:3.8.2:compile [INFO] +- org.apache.maven:maven-settings-builder:jar:3.8.2:compile [INFO] | +- org.codehaus.plexus:plexus-interpolation:jar:1.25:compile [INFO] | \- org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:compile [INFO] +- org.apache.maven:maven-builder-support:jar:3.8.2:compile (…snip…)
Both maven-core 3.8.1 and 3.8.2 have a transitive dependency on org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4. When using maven-core 3.8.1 plexus-sec-dispatcher has a dependency on plexus-cipher, but when using maven-core 3.8.2 it doesn’t.
The pom.xml of plexus-sec-dispatcher:1.4 indeed declares a dependency on plexus-cipher 1.4, but it’s not there when depending on maven-core 3.8.2.
This regression was confirmed by Michael Osipov on the Maven Users mailing list. He mentioned that it was caused by commit 41efc134a9067b58a5ab01e9b8b05d2bd84a94f0, which was done for MNG-6886 ("upgrade plexus-cipher to 1.8 and update changed groupId"). A global exclusion was performed, but not all affected modules were properly updated (so the change wasn't complete):
[DEBUG] org.apache.maven:maven-settings-builder:jar:3.8.2 [DEBUG] org.apache.maven:maven-builder-support:jar:3.8.2:compile [DEBUG] javax.inject:javax.inject:jar:1:compile [DEBUG] org.codehaus.plexus:plexus-interpolation:jar:1.25:compile [DEBUG] org.codehaus.plexus:plexus-utils:jar:3.2.1:compile [DEBUG] org.apache.maven:maven-settings:jar:3.8.2:compile [DEBUG] org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:compile (exclusions managed from [org.sonatype.plexus:plexus-cipher:*:*]) [DEBUG] junit:junit:jar:4.12:test [DEBUG] org.hamcrest:hamcrest-core:jar:1.3:test (scope managed from compile) (version managed from 1.3) [INFO] org.apache.maven:maven-settings-builder:jar:3.8.2 [INFO] +- org.apache.maven:maven-builder-support:jar:3.8.2:compile [INFO] +- javax.inject:javax.inject:jar:1:compile [INFO] +- org.codehaus.plexus:plexus-interpolation:jar:1.25:compile [INFO] +- org.codehaus.plexus:plexus-utils:jar:3.2.1:compile [INFO] +- org.apache.maven:maven-settings:jar:3.8.2:compile [INFO] +- org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:compile [INFO] \- junit:junit:jar:4.12:test [INFO] \- org.hamcrest:hamcrest-core:jar:1.3:test
Attachments
Issue Links
- is caused by
-
MNG-6886 Upgrade plexus-cipher 1.8
-
- Closed
-