Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EE8 has reference to Xalan jars that are no longer needed on new JVMs #12674

Closed
joakime opened this issue Jan 6, 2025 · 2 comments · Fixed by #12675
Closed

EE8 has reference to Xalan jars that are no longer needed on new JVMs #12674

joakime opened this issue Jan 6, 2025 · 2 comments · Fixed by #12675
Assignees
Labels
Bug For general bugs on Jetty side Build

Comments

@joakime
Copy link
Contributor

joakime commented Jan 6, 2025

Jetty version(s)
12.0.14 (at least, could be older versions too)

Jetty Environment
ee8

Java version/vendor (use: java -version)
Any (17 or 21 tested)
Both Adoptium and Zulu

OS type/version
Any

Description
The xalan jars are being included in ee8 runtimes for JSTL use.
This is undesired now that we have a minimum JDK of 17.
The built-in XML in the JVM is xalan based anyway.

Problems can manifest like this -> igniterealtime/Openfire#2646

Note: xalan is already excluded on ee9 / ee10 / ee11 trees.

@guusdk
Copy link

guusdk commented Jan 6, 2025

Here's a minimal example on how to expose stack traces during a build, because of Xalan references: https://github.com/guusdk/jspctest

@joakime joakime linked a pull request Jan 6, 2025 that will close this issue
joakime added a commit that referenced this issue Jan 7, 2025
Issue #12674 - Exclude Xalan from ee8 dependencies
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Jetty 12.0.17 Jan 7, 2025
guusdk added a commit to guusdk/Openfire that referenced this issue Jan 7, 2025
After upgrading to Jetty 12, we also updated the Jetty plugin that performs precompilation of the JPS pages that make up the admin console. We are now using jetty-ee8-jspc-maven

Since this update, the build process is spewing out rather long stack traces, related to missing JAR files. The stack traces can be seen in https://igniterealtime.atlassian.net/browse/OF-2945

We have not noticed any failing functional behavior because of this. Nonetheless, the stack traces are annoying, as they suggest that something is wrong.

The missing JAR files seem to relate to the Xalan project, which is not a dependency of Openfire. It is, however, a dependency of Jetty's JSPC plugin.

On a hunch, I've excluded that dependency from the plugin during our build. That makes the stack trace go away. JSP compilation appears to work just fine with this change.

Jetty devs have raised the following ticket for this issue: jetty/jetty.project#12674 It is likely that the work-around introduced by this commit is no longer needed after Openfire upgrades to Jety 12.0.17 or later.
guusdk added a commit to igniterealtime/Openfire that referenced this issue Jan 7, 2025
After upgrading to Jetty 12, we also updated the Jetty plugin that performs precompilation of the JPS pages that make up the admin console. We are now using jetty-ee8-jspc-maven

Since this update, the build process is spewing out rather long stack traces, related to missing JAR files. The stack traces can be seen in https://igniterealtime.atlassian.net/browse/OF-2945

We have not noticed any failing functional behavior because of this. Nonetheless, the stack traces are annoying, as they suggest that something is wrong.

The missing JAR files seem to relate to the Xalan project, which is not a dependency of Openfire. It is, however, a dependency of Jetty's JSPC plugin.

On a hunch, I've excluded that dependency from the plugin during our build. That makes the stack trace go away. JSP compilation appears to work just fine with this change.

Jetty devs have raised the following ticket for this issue: jetty/jetty.project#12674 It is likely that the work-around introduced by this commit is no longer needed after Openfire upgrades to Jety 12.0.17 or later.
@joakime
Copy link
Contributor Author

joakime commented Jan 8, 2025

Also of note, xalan 2.7.2 has a vulnerability posted against it.

https://osv.dev/vulnerability/GHSA-9339-86wc-4qgf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For general bugs on Jetty side Build
Projects
Status: ✅ Done
Development

Successfully merging a pull request may close this issue.

2 participants