You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It was observed that Guava 32.0.0-jre and 32.0.1-jre exhibit a new and erroneous behaviour when executing a Java program with a custom system class loader that instantiates com.google.common.cache.Cache in its constructor.
Error occurred during initialization of VM
java.lang.BootstrapMethodError: java.lang.ExceptionInInitializerError
at com.google.common.cache.CacheBuilder.<clinit>(CacheBuilder.java:240)
at ua.com.fielden.platform.classloader.TgSystemClassLoader.<init>(TgSystemClassLoader.java:33)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.SystemClassLoaderAction.run(ClassLoader.java:2220)
at java.lang.SystemClassLoaderAction.run(ClassLoader.java:2204)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1450)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1430)
Caused by: java.lang.ExceptionInInitializerError
at java.lang.invoke.BoundMethodHandle.<clinit>(BoundMethodHandle.java:830)
at java.lang.invoke.LambdaForm.createIdentityForms(LambdaForm.java:1778)
at java.lang.invoke.LambdaForm.<clinit>(LambdaForm.java:1833)
at java.lang.invoke.DirectMethodHandle.makePreparedLambdaForm(DirectMethodHandle.java:231)
at java.lang.invoke.DirectMethodHandle.preparedLambdaForm(DirectMethodHandle.java:194)
at java.lang.invoke.DirectMethodHandle.preparedLambdaForm(DirectMethodHandle.java:183)
at java.lang.invoke.DirectMethodHandle.make(DirectMethodHandle.java:89)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodCommon(MethodHandles.java:1660)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodNoSecurityManager(MethodHandles.java:1617)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodForConstant(MethodHandles.java:1802)
at java.lang.invoke.MethodHandles$Lookup.linkMethodHandleConstant(MethodHandles.java:1751)
at java.lang.invoke.MethodHandleNatives.linkMethodHandleConstant(MethodHandleNatives.java:477)
at com.google.common.cache.CacheBuilder.<clinit>(CacheBuilder.java:240)
at ua.com.fielden.platform.classloader.TgSystemClassLoader.<init>(TgSystemClassLoader.java:33)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.SystemClassLoaderAction.run(ClassLoader.java:2220)
at java.lang.SystemClassLoaderAction.run(ClassLoader.java:2204)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1450)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1430)
Caused by: java.lang.IllegalStateException: recursive invocation
at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1444)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1430)
at sun.invoke.util.BytecodeDescriptor.parseMethod(BytecodeDescriptor.java:47)
at sun.invoke.util.BytecodeDescriptor.parseMethod(BytecodeDescriptor.java:41)
at java.lang.invoke.MethodType.fromMethodDescriptorString(MethodType.java:1068)
at java.lang.invoke.BoundMethodHandle$Factory.makeCbmhCtor(BoundMethodHandle.java:818)
at java.lang.invoke.BoundMethodHandle$Factory.makeCtors(BoundMethodHandle.java:763)
at java.lang.invoke.BoundMethodHandle$SpeciesData.initForBootstrap(BoundMethodHandle.java:361)
at java.lang.invoke.BoundMethodHandle$SpeciesData.<clinit>(BoundMethodHandle.java:426)
at java.lang.invoke.BoundMethodHandle.<clinit>(BoundMethodHandle.java:830)
at java.lang.invoke.LambdaForm.createIdentityForms(LambdaForm.java:1778)
at java.lang.invoke.LambdaForm.<clinit>(LambdaForm.java:1833)
at java.lang.invoke.DirectMethodHandle.makePreparedLambdaForm(DirectMethodHandle.java:231)
at java.lang.invoke.DirectMethodHandle.preparedLambdaForm(DirectMethodHandle.java:194)
at java.lang.invoke.DirectMethodHandle.preparedLambdaForm(DirectMethodHandle.java:183)
at java.lang.invoke.DirectMethodHandle.make(DirectMethodHandle.java:89)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodCommon(MethodHandles.java:1660)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodNoSecurityManager(MethodHandles.java:1617)
at java.lang.invoke.MethodHandles$Lookup.getDirectMethodForConstant(MethodHandles.java:1802)
at java.lang.invoke.MethodHandles$Lookup.linkMethodHandleConstant(MethodHandles.java:1751)
at java.lang.invoke.MethodHandleNatives.linkMethodHandleConstant(MethodHandleNatives.java:477)
at com.google.common.cache.CacheBuilder.<clinit>(CacheBuilder.java:240)
at ua.com.fielden.platform.classloader.TgSystemClassLoader.<init>(TgSystemClassLoader.java:33)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.SystemClassLoaderAction.run(ClassLoader.java:2220)
at java.lang.SystemClassLoaderAction.run(ClassLoader.java:2204)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1450)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1430)
The Modern Java branch of TG stopped using a custom system class loader, which should make it possible to upgrade to 32.0.1-jre.
Expected outcome
More stable and secure version of Guava.
The text was updated successfully, but these errors were encountered:
Description
Need to update Guava dependency from
31.1-jre
to32.0.1-jre
due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976A problem with upgrade for the Java 8 branch
It was observed that Guava
32.0.0-jre
and32.0.1-jre
exhibit a new and erroneous behaviour when executing a Java program with a custom system class loader that instantiatescom.google.common.cache.Cache
in its constructor.A but report has been submitted with Google Guava google/guava#6565
Here is a stack trace:
The Modern Java branch of TG stopped using a custom system class loader, which should make it possible to upgrade to
32.0.1-jre
.Expected outcome
More stable and secure version of Guava.
The text was updated successfully, but these errors were encountered: