Fixed: javax.ws.rs-api dependency download issue by excluding it as a… #249
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… transitive dependency and then explicitly downloading as a jar packaging
|
Kudos, SonarCloud Quality Gate passed!
|
dixitdeepak
reviewed
Jan 4, 2021
| @@ -139,8 +139,11 @@ dependencies { | |||
| compile 'org.apache.httpcomponents:httpclient-cache:4.5.4' | |||
| compile 'org.apache.logging.log4j:log4j-api:2.10.0' // the API of log4j 2 | |||
| compile 'org.apache.shiro:shiro-core:1.4.0' | |||
| compile 'org.apache.tika:tika-core:1.24.1' | |||
| compile 'org.apache.tika:tika-parsers:1.24.1' | |||
| compile 'org.apache.tika:tika-core:1.20' | |||
There was a problem hiding this comment.
Hi Girish,
We need to update tika-core to 1.24.1
https://issues.apache.org/jira/browse/OFBIZ-12080
|
Hi Girish, switching to tika-core:1.24.1 and tika-parsers:1.24.1 fixed the problem for us. 1.25 also seems to work but we'll stick to 1.24.1 first after @dixitdeepak 's comment. There's no need to exclude javax.ws.rs in both cases. |
|
Hi @martnaum, @dixitdeepak : Yes, I noticed there was a security vulnerability for lower tika version so it made sense to update it and hence solr/lucene had to be updated to so that makes sense. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixed:(OFBIZ-)
Explanation
The problem stems from an invalid POM for the artifact javax.ws.rs-api with version 2.1.1. javax.ws.rs-api gets somehow included as a transitive dependency by tika-parsers:1.20 and javax.ws.rs-api:2.1.1 has an invalid POM definition for the packaging.
I checked file https://repo1.maven.org/maven2/javax/ws/rs/javax.ws.rs-api/2.1/javax.ws.rs-api-2.1.pom and this is what I see -
${packaging.type}
So gradle tries to actually go to https://jcenter.bintray.com/javax/ws/rs/javax.ws.rs-api/2.1.1/javax.ws.rs-api-2.1.1.$%7Bpackaging.type%7D instead of
https://jcenter.bintray.com/javax/ws/rs/javax.ws.rs-api/2.1.1/javax.ws.rs-api-2.1.1.jar which is a valid URL and JAR does exist.
So the first issue is that the POM file is messed up and it is actually an issue with other versions as well of the artifact javax.ws.rs-api.
There are two fixes as suggested here - gradle/gradle#3065
compile('org.apache.tika:tika-parsers:1.20') {
exclude group: 'javax.ws.rs'
}compile "javax.ws.rs:javax.ws.rs-api:2.1.1@jar" // @jar will make sure packaging 'jar' is used to resolve the URLI have tested the above fix and it is working properly. No 404 issue while the solr test is running too.
Thanks:
Girish