Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-26993

Nexus-Staging-Maven-Plugin illegal reflective access through XStream usage

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: staging-maven-plugin
    • Labels:
    • Environment:
      Mac OS 10.14.6
      OpenJDK Zulu15.28+51-CA (build 15.0.1+9)
      Apache Maven 3.6.3
      Nexus-Staging-Maven-Plugin 1.6.8

      Description

       

      Core Issue

      When using the nexus-staging-maven-plugin, an illegal reflective access warning is generated through use of XStream. 

      Running with MAVEN_OPTS=--illegal-access=debug, the reflective access occurs during XStream initialization. This can be seen here: https://pastebin.com/cHv3G2hM . XStream is aware of the issue and to mitigate it, they have deferred reflective access until absolutely necessary: https://github.com/x-stream/xstream/pull/218 .

      Potential Quick Fix

      Whether the solution XStream has implemented is sufficient to fix the problem depends on whether the nexus-staging-maven-plugin requires any of the reflective field accesses XStream performs.

      As a first start to solve the issue, XStream's version can be updated per this automated PR: https://github.com/sonatype/nexus-maven-plugins/pull/91 It is possible that updating the version of XStream will solve the issue immediately.

      Effects on Libraries

      When JDK 16 is released this month, illegal reflective access will be denied by default. This presents ramifications to libraries using the nexus-staging-maven-plugin which have a higher JDK build-time requirement even if they are compatible with older JDK versions at runtime. For example, some libraries may want to support record features, and thus require JDK 16.

      Changing MAVEN_OPTS=--illegal-access=permit or using .mvn/jvm.config could be a temporary workaround, but at some point this issue will have to be solved. Again, it may be as trivial as incrementing the XStream version.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              A248 Anand Beh
              Last Updated By:
              Alexander Kriegisch Alexander Kriegisch
              Votes:
              11 Vote for this issue
              Watchers:
              20 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title