New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An illegal reflective access operation has occurred #2793
Comments
This happens intermittently too using the latest docker image |
We will upgrade the library when it is available. However, this issue is from a dependency: FasterXML/jackson-modules-base#37 |
Is there a way to get round this issue in the meantime? It seems the issue with the dependency is ongoing... I too am getting this error when using the latest docker image |
I've run scans using the latest docker image and do not see the warning. @calebwhitt to be clear - this is a warning not an error. Disabling afterburner had an impact in some very quick tests I ran of ~10-15 seconds in the update process... We can't use blackbird as we still support Java 8. For now - I'm okay with ignoring the warning... However, we will continue to monitor... |
It'll only come up if it actually does some JSON processing. Purge the database to guarantee reproduction. Is it possible to do a layered jar or something in the plugin definition so Java 8 uses Afterburner and 9+ uses Blackbird? |
@jeremylong apologies yes, this is a warning rather than an error. The warning appears consistently for me because I am using the Docker SDK for Python to execute the dependency-check. How are we able to suppress this warning? |
@calebwhitt to suppress it, you need to start the JVM with options to allow that specific module reflection: |
Having the same problem with
On Mac OSX. I think it'd be best to either resolve this issue with changes from FasterXML and/or make the suppression that's required be automatically included in the launch script. |
@benjsmi it is impossible to get this warning in 1.8, as it doesn't have modules. |
I face this issue too
|
same issue version 6.2.1 |
As stated previously when the dependencies are available to resolve the warning we will upgrade. However, we are waiting a solution in the faster xml afterburner library. That being said - this is a warning that can, at the moment, be safely ignored. |
Just to note that with Java 17 (the new LTS) this is now an error. However, it doesn't actually happen when you run it, so I guess it's just ignored or avoided internally (afterburner catches the exception or something). A full purge run took 1:27 on Java 17 and 1:26 on Java 11, so any speed-up seems to be irrelevant anyway. |
I'm seeing this error with the new Dependency Check 7.0.0 on Java 11.0.14. |
This is still a problem when running check on the latest dependency-check-maven 7.0.1:
It's worth looking at swapping detecting the java version and using Afterburner when running on older versions or using Blackbird when running on JDK 11 or above. https://github.com/FasterXML/jackson-modules-base/tree/master/blackbird |
I'm also seeing this in |
@jeremylong Sorry to be bothering with this but, since Java 17 is something people are starting to slowly migrate to, is there any forecast to when the DependencyCheck plugin will have this issue solved without us having to resort to the Thank you in advance for any answer and keep up the amazing work on this plugin. |
Thanks for ping me on this one: #4905 |
Describe the bug
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.fasterxml.jackson.module.afterburner.util.MyClassLoader (file:/C:/Users/me/.m2/repository/com/fasterxml/jackson/module/jackson-module-afterburner/2.11.2/jackson-module-afterburner-2.11.2.jar) to method java.lang.ClassLoader.findLoadedClass(java.lang.String)
WARNING: Please consider reporting this to the maintainers of com.fasterxml.jackson.module.afterburner.util.MyClassLoader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Version of dependency-check used
The problem occurs using version 6.0.0 of the maven plugin
To Reproduce
Steps to reproduce the behavior:
Expected behavior
No warnings about reflective access violations
Additional context
Upstream issue: FasterXML/jackson-modules-base#37
Options:
The text was updated successfully, but these errors were encountered: