New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.4.18 breaks nexus-staging-maven-plugin 1.6.7 #263
Labels
Comments
zqfan
added a commit
to TencentCloud/tencentcloud-sdk-java
that referenced
this issue
Aug 30, 2021
eventhough 1.4.18 is a security fix to xstream, and we should upgrade it, but unfortunately it breaks nexus-staging-maven-plugin 1.6.7. [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy (injected-nexus-deploy) on project tencentcloud-sdk-java: Execution injected-nexus-deploy of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy failed: Nexus connection problem to URL [https://oss.sonatype.org/ ]: org.sonatype.nexus.rest.model.StatusResourceResponse -> [Help 1] * 8a4d7af * #148 * x-stream/xstream#263
This is by design. If the nexus staging plugin does not initialize the Security Framework for its own needs, XStream will now only marshal the types on its own whitelist. It cannot know, what types the nexus staging plugin its using. The authors of the plugin had 9 years time to do this as recommended. |
kohlschuetter
added a commit
to kohlschuetter/nexus-public
that referenced
this issue
Dec 20, 2021
kohlschuetter
added a commit
to kohlschuetter/nexus-public
that referenced
this issue
Dec 20, 2021
@zqfan FYI |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using nexus-staging-maven-plugin 1.6.7, it indirectly requires xstream 1.4.7, but xstream 1.4.7 has security issue, so I have to bump it to 1.4.17, and it works fine.
But recently github complains a new security alert which ask me to upgrade xstream to 1.4.18, but then nexus-staging-maven-plugin failed with message:
[ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy (injected-nexus-deploy) on project tencentcloud-sdk-java: Execution injected-nexus-deploy of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy failed: Nexus connection problem to URL [https://oss.sonatype.org/ ]: org.sonatype.nexus.rest.model.StatusResourceResponse -> [Help 1]
after revert it back to xstream 1.4.17, then it works again.
The text was updated successfully, but these errors were encountered: