Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.67.x-blue] NO-ISSUE: Bump xstream to version 1.4.21 #2525

Open
wants to merge 4 commits into
base: 7.67.x-blue
Choose a base branch
from
Open

[7.67.x-blue] NO-ISSUE: Bump xstream to version 1.4.21 #2525

wants to merge 4 commits into from

Conversation

yesamer
Copy link
Member

@yesamer yesamer commented Nov 19, 2024
edited
Loading

The current xstream 1.4.20 is affected by CVE-2024-47072.
Updating xstream to ´1.4.21´ resolves the CVE

Related PR: kiegroup/droolsjbpm-integration#3068

@yesamer yesamer requested a review from porcelli November 19, 2024 07:26
@yesamer yesamer changed the title NO-ISSUE: Bump xstream to version 1.4.21 [7.67.x-blue] NO-ISSUE: Bump xstream to version 1.4.21 Nov 19, 2024
@yesamer
Copy link
Member Author

yesamer commented Nov 19, 2024

Jenkins run fdb

@yesamer
Copy link
Member Author

yesamer commented Nov 20, 2024

Jenkins run fdb

@mareknovotny
Copy link
Member

jenkins do fdb

@mareknovotny
Copy link
Member

btw @yesamer you need to change revapi for kie-server see dependabot's PR failed with this issue #2523

@mareknovotny
Copy link
Member

for reference also here it failed

[2024-11-20T11:28:24.068Z] [ERROR] Failed to execute goal org.revapi:revapi-maven-plugin:0.9.5:check (check) on project kie-server-api: The following API problems caused the build to fail:
[2024-11-20T11:28:24.068Z] [ERROR] java.field.removed: field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.fieldsToOmit @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore: Field removed from class. [com.thoughtworks.xstream:xstream:jar:1.4.17]
[2024-11-20T11:28:24.068Z] [ERROR] java.field.removed: field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.unknownElementsToIgnore @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore: Field removed from class. [com.thoughtworks.xstream:xstream:jar:1.4.17]
[2024-11-20T11:28:24.068Z] [ERROR] 
[2024-11-20T11:28:24.068Z] [ERROR] If you're using the semver-ignore extension, update your module's version to one compatible with the current changes (e.g. mvn package revapi:update-versions). If you want to explicitly ignore this change and provide a justification for it, add the following JSON snippet to your Revapi configuration under "revapi.ignore" path:
[2024-11-20T11:28:24.068Z] [ERROR] {
[2024-11-20T11:28:24.068Z] [ERROR]   "code": "java.field.removed",
[2024-11-20T11:28:24.068Z] [ERROR]   "old": "field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.fieldsToOmit @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore",
[2024-11-20T11:28:24.068Z] [ERROR]   "package": "org.kie.server.api.marshalling.xstream",
[2024-11-20T11:28:24.068Z] [ERROR]   "classSimpleName": "CustomElementIgnore",
[2024-11-20T11:28:24.068Z] [ERROR]   "fieldName": "fieldsToOmit",
[2024-11-20T11:28:24.068Z] [ERROR]   "elementKind": "field",
[2024-11-20T11:28:24.068Z] [ERROR]   "justification": <<<<< ADD YOUR EXPLANATION FOR THE NECESSITY OF THIS CHANGE >>>>>
[2024-11-20T11:28:24.068Z] [ERROR] },
[2024-11-20T11:28:24.068Z] [ERROR] {
[2024-11-20T11:28:24.068Z] [ERROR]   "code": "java.field.removed",
[2024-11-20T11:28:24.068Z] [ERROR]   "old": "field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.unknownElementsToIgnore @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore",
[2024-11-20T11:28:24.068Z] [ERROR]   "package": "org.kie.server.api.marshalling.xstream",
[2024-11-20T11:28:24.068Z] [ERROR]   "classSimpleName": "CustomElementIgnore",
[2024-11-20T11:28:24.068Z] [ERROR]   "fieldName": "unknownElementsToIgnore",
[2024-11-20T11:28:24.068Z] [ERROR]   "elementKind": "field",
[2024-11-20T11:28:24.068Z] [ERROR]   "justification": <<<<< ADD YOUR EXPLANATION FOR THE NECESSITY OF THIS CHANGE >>>>>
[2024-11-20T11:28:24.068Z] [ERROR] }
[2024-11-20T11:28:24.068Z] [ERROR] -> [Help 1]
[2024-11-20T11:28:24.068Z] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.revapi:revapi-maven-plugin:0.9.5:check (check) on project kie-server-api: The following API problems caused the build to fail:
[2024-11-20T11:28:24.068Z] java.field.removed: field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.fieldsToOmit @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore: Field removed from class. [com.thoughtworks.xstream:xstream:jar:1.4.17]
[2024-11-20T11:28:24.068Z] java.field.removed: field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.unknownElementsToIgnore @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore: Field removed from class. [com.thoughtworks.xstream:xstream:jar:1.4.17]
[2024-11-20T11:28:24.068Z] 
[2024-11-20T11:28:24.068Z] If you're using the semver-ignore extension, update your module's version to one compatible with the current changes (e.g. mvn package revapi:update-versions). If you want to explicitly ignore this change and provide a justification for it, add the following JSON snippet to your Revapi configuration under "revapi.ignore" path:
[2024-11-20T11:28:24.068Z] {
[2024-11-20T11:28:24.068Z]   "code": "java.field.removed",
[2024-11-20T11:28:24.068Z]   "old": "field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.fieldsToOmit @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore",
[2024-11-20T11:28:24.068Z]   "package": "org.kie.server.api.marshalling.xstream",
[2024-11-20T11:28:24.068Z]   "classSimpleName": "CustomElementIgnore",
[2024-11-20T11:28:24.068Z]   "fieldName": "fieldsToOmit",
[2024-11-20T11:28:24.068Z]   "elementKind": "field",
[2024-11-20T11:28:24.068Z]   "justification": <<<<< ADD YOUR EXPLANATION FOR THE NECESSITY OF THIS CHANGE >>>>>
[2024-11-20T11:28:24.068Z] },
[2024-11-20T11:28:24.068Z] {
[2024-11-20T11:28:24.068Z]   "code": "java.field.removed",
[2024-11-20T11:28:24.068Z]   "old": "field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.unknownElementsToIgnore @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore",
[2024-11-20T11:28:24.068Z]   "package": "org.kie.server.api.marshalling.xstream",
[2024-11-20T11:28:24.068Z]   "classSimpleName": "CustomElementIgnore",
[2024-11-20T11:28:24.068Z]   "fieldName": "unknownElementsToIgnore",
[2024-11-20T11:28:24.068Z]   "elementKind": "field",
[2024-11-20T11:28:24.068Z]   "justification": <<<<< ADD YOUR EXPLANATION FOR THE NECESSITY OF THIS CHANGE >>>>>
[2024-11-20T11:28:24.068Z] }
[2024-11-20T11:28:24.068Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
[2024-11-20T11:28:24.068Z]     at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
[2024-11-20T11:28:24.068Z]     at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
[2024-11-20T11:28:24.068Z]     at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
[2024-11-20T11:28:24.068Z]     at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
[2024-11-20T11:28:24.068Z]     at java.lang.reflect.Method.invoke (Method.java:566)
[2024-11-20T11:28:24.068Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
[2024-11-20T11:28:24.068Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
[2024-11-20T11:28:24.068Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
[2024-11-20T11:28:24.068Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[2024-11-20T11:28:24.068Z] Caused by: org.apache.maven.plugin.MojoFailureException: The following API problems caused the build to fail:
[2024-11-20T11:28:24.068Z] java.field.removed: field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.fieldsToOmit @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore: Field removed from class. [com.thoughtworks.xstream:xstream:jar:1.4.17]
[2024-11-20T11:28:24.068Z] java.field.removed: field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.unknownElementsToIgnore @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore: Field removed from class. [com.thoughtworks.xstream:xstream:jar:1.4.17]
[2024-11-20T11:28:24.068Z] 
[2024-11-20T11:28:24.069Z] If you're using the semver-ignore extension, update your module's version to one compatible with the current changes (e.g. mvn package revapi:update-versions). If you want to explicitly ignore this change and provide a justification for it, add the following JSON snippet to your Revapi configuration under "revapi.ignore" path:
[2024-11-20T11:28:24.069Z] {
[2024-11-20T11:28:24.069Z]   "code": "java.field.removed",
[2024-11-20T11:28:24.069Z]   "old": "field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.fieldsToOmit @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore",
[2024-11-20T11:28:24.069Z]   "package": "org.kie.server.api.marshalling.xstream",
[2024-11-20T11:28:24.069Z]   "classSimpleName": "CustomElementIgnore",
[2024-11-20T11:28:24.069Z]   "fieldName": "fieldsToOmit",
[2024-11-20T11:28:24.069Z]   "elementKind": "field",
[2024-11-20T11:28:24.069Z]   "justification": <<<<< ADD YOUR EXPLANATION FOR THE NECESSITY OF THIS CHANGE >>>>>
[2024-11-20T11:28:24.069Z] },
[2024-11-20T11:28:24.069Z] {
[2024-11-20T11:28:24.069Z]   "code": "java.field.removed",
[2024-11-20T11:28:24.069Z]   "old": "field com.thoughtworks.xstream.mapper.ElementIgnoringMapper.unknownElementsToIgnore @ org.kie.server.api.marshalling.xstream.XStreamMarshaller.CustomElementIgnore",
[2024-11-20T11:28:24.069Z]   "package": "org.kie.server.api.marshalling.xstream",
[2024-11-20T11:28:24.069Z]   "classSimpleName": "CustomElementIgnore",
[2024-11-20T11:28:24.069Z]   "fieldName": "unknownElementsToIgnore",
[2024-11-20T11:28:24.069Z]   "elementKind": "field",
[2024-11-20T11:28:24.069Z]   "justification": <<<<< ADD YOUR EXPLANATION FOR THE NECESSITY OF THIS CHANGE >>>>>
[2024-11-20T11:28:24.069Z] }
[2024-11-20T11:28:24.069Z]     at org.revapi.maven.CheckMojo.execute (CheckMojo.java:52)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
[2024-11-20T11:28:24.069Z]     at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
[2024-11-20T11:28:24.069Z]     at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
[2024-11-20T11:28:24.069Z]     at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
[2024-11-20T11:28:24.069Z]     at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
[2024-11-20T11:28:24.069Z]     at java.lang.reflect.Method.invoke (Method.java:566)
[2024-11-20T11:28:24.069Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
[2024-11-20T11:28:24.069Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
[2024-11-20T11:28:24.069Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
[2024-11-20T11:28:24.069Z]     at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[2024-11-20T11:28:24.069Z] [ERROR] 
[2024-11-20T11:28:24.069Z] [ERROR] Re-run Maven using the -X switch to enable full debug logging.
[2024-11-20T11:28:24.069Z] [ERROR] 
[2024-11-20T11:28:24.069Z] [ERROR] For more information about the errors and possible solutions, please read the following articles:
[2024-11-20T11:28:24.069Z] [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[2024-11-20T11:28:24.069Z] [ERROR] 
[2024-11-20T11:28:24.069Z] [ERROR] After correcting the problems, you can resume the build with the command
[2024-11-20T11:28:24.069Z] [ERROR]   mvn <args> -rf :kie-server-api
[2024-11-20T11:28:24.069Z] [INFO] kiegroup/droolsjbpm-integration failed. Won't execute remaining commands and projects
[2024-11-20T11:28:24.069Z] [INFO] Execution summary for kiegroup/droolsjbpm-integration
[2024-11-20T11:28:24.069Z] [INFO] [BEFORE] No commands were found for kiegroup/droolsjbpm-integration
[2024-11-20T11:28:24.069Z] # [COMMANDS] [kiegroup/droolsjbpm-integration] mvn  dependency:tree -Dmaven.wagon.httpconnectionManager.ttlSeconds=25 -Dmaven.wagon.http.retryHandler.count=3 -e -nsu clean install -Dfull -Pbusiness-central,wildfly,sourcemaps,no-showcase,jenkins-pr-builder -Dcontainer=wildfly -Dcontainer.profile=wildfly -Dintegration-tests=true -Dcargo.ignore.failures=true -Dmaven.test.failure.ignore=true -Dmaven.test.redirectTestOutputToFile=true -Dgwt.compiler.localWorkers=1 -Dwebdriver.firefox.bin=/opt/tools/firefox-91esr/firefox-bin -Dgwt.skipCompilation=true -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B -s /home/jenkins/workspace/KIE/7.67.x-blue/fdb/droolsjbpm-build-bootstrap-7.67.x-blue.fdb@tmp/config11355038859041735382tmp -Dmaven.wagon.http.ssl.insecure=true
[2024-11-20T11:28:24.069Z] [INFO] NOT OK [Executed in 467206.425898 ms]
[2024-11-20T11:28:24.069Z] [ERROR] The process '/opt/tools/apache-maven-3.8.1/bin/mvn' failed with exit code 1
[2024-11-20T11:28:24.069Z]  
[2024-11-20T11:28:24.069Z] [INFO] [AFTER] No commands were found for kiegroup/droolsjbpm-integration
[2024-11-20T11:28:24.069Z]  
[2024-11-20T11:28:24.069Z] # Uploading artifacts
[2024-11-20T11:28:24.069Z] [INFO] Will not upload any artifacts in CLI environment
[2024-11-20T11:28:24.069Z]  
[2024-11-20T11:28:24.069Z] [ERROR] Failed to execute commands for kiegroup/droolsjbpm-integration
[2024-11-20T11:28:24.069Z] [ERROR] Failed to execute mvn  dependency:tree -Dmaven.wagon.httpconnectionManager.t

@yesamer
Copy link
Member Author

yesamer commented Nov 25, 2024

jenkins do fdb

1 similar comment
@yesamer
Copy link
Member Author

yesamer commented Dec 4, 2024

jenkins do fdb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@porcelli porcelli Awaiting requested review from porcelli

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yesamer @mareknovotny @porcelli