[JEP-231] Commons Digester Library Removal

Introduction

The Jenkins weekly release 2.297 features the removal of the Commons Digester Library from its core dependencies. The change is described in the community as JEP-231: Remove commons-digester dependency from Jenkins Core.

The Apache Commons Digester included as a dependency of Jenkins Core is old and poorly maintained. Digester and its dependencies have been a source of a number of security vulnerabilities. Therefore, the Jenkins community has decided to remove it from the Jenkins Core.

Some plugins will require to be upgraded, or uninstalled to operate properly after the core upgrade.

When there is an issue related to this change, you might see LinkageError or a ClassNotFoundException in the logs.

FATAL: org/apache/commons/digester/Rule
java.lang.ClassNotFoundException: org.apache.commons.digester.Rule
	at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1394)
	at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1349)
	at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1095)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
Caused: java.lang.NoClassDefFoundError: org/apache/commons/digester/Rule
	at jenkins.plugins.maveninfo.extractor.MavenInfoExtractor.<clinit>(MavenInfoExtractor.java:41)
	at jenkins.plugins.maveninfo.extractor.MavenInfoEnvironment.tearDown(MavenInfoEnvironment.java:41)
	at hudson.model.AbstractBuild$AbstractBuildExecution.tearDownBuildEnvironments(AbstractBuild.java:556)
	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:520)
	at hudson.model.Run.execute(Run.java:1912)
	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543)
	at hudson.model.ResourceController.execute(ResourceController.java:100)
	at hudson.model.Executor.run(Executor.java:433)
Finished: FAILURE

Environment

Resolution

Review the official announcement from the Jenkins project and the up to date list of impacted plugins.

The Groovy script below can be executed under Manage Jenkins -> Script Console to disclosure which actions you might need to take before the upgrade.

import hudson.util.VersionNumber

def plugins = [
        'subversion': [version: new VersionNumber('2.14.1'), status: 'incompatible', fix: 'https://github.com/jenkinsci/subversion-plugin/pull/254'],
        'cvs': [version: new VersionNumber('2.19'), status: 'incompatible', fix: 'https://github.com/jenkinsci/cvs-plugin/pull/55'],
        'maven-info': [version: new VersionNumber('0.3.0'), status: 'incompatible', fix: 'https://github.com/jenkinsci/maven-info-plugin/pull/9'],
        'clover': [version: new VersionNumber('4.12.0'), status: 'incompatible', fix: 'https://github.com/jenkinsci/clover-plugin/pull/24'],
        'emma': [version: new VersionNumber('1.31'), status: 'incompatible', fix: 'https://github.com/jenkinsci/emma-plugin/pull/11'],
        'cloverphp': [version: new VersionNumber('0.6'), status: 'incompatible', fix: 'https://github.com/jenkinsci/cloverphp-plugin/pull/10'],
        'clearcase': [version: new VersionNumber('1.6.7'), status: 'incompatible', fix: 'https://github.com/jenkinsci/clearcase-plugin/pull/41'],
        'teamconcert': [version: new VersionNumber('2.4.0'), status: 'incompatible', fix: 'https://github.com/jenkinsci/teamconcert-plugin/pull/20'],
        'vs-code-metrics': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/vs-code-metrics-plugin/pull/5'],
        'BlameSubversion': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/BlameSubversion-plugin/pull/5'],
        'javatest-report': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/javatest-report-plugin/pull/4'],
        'plasticscm-plugin': [version: new VersionNumber('3.6'), status: 'incompatible', fix: 'https://github.com/jenkinsci/plasticscm-plugin/pull/40'],
        'clearcase-ucm-plugin': [version: new VersionNumber('1.7.3'), status: 'incompatible', fix: 'https://github.com/jenkinsci/clearcase-ucm-plugin/pull/5'],
        'vectorcast-coverage': [version: new VersionNumber('0.17'), status: 'incompatible', fix: 'https://github.com/jenkinsci/vectorcast-coverage-plugin/pull/4'],
        'zos-connector': [version: new VersionNumber('2.3.5'), status: 'incompatible', fix: 'https://github.com/jenkinsci/zos-connector-plugin/pull/13'],
        'vss': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/vss-plugin/pull/8'],
        'genexus': [version: new VersionNumber('1.10'), status: 'incompatible', fix: 'https://github.com/jenkinsci/genexus-plugin/pull/15'],
        'dimensionsscm': [version: new VersionNumber('0.9.1'), status: 'incompatible', fix: 'https://github.com/jenkinsci/dimensionsscm-plugin/pull/21'],
        'synergy': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/synergy_scm-plugin/pull/17'],
        'config-rotator': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/config-rotator-plugin/pull/3'],
        'harvest': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/harvest-plugin/pull/5'],
        'plasticscm-mergebot': [version: new VersionNumber('0.15'), status: 'incompatible', fix: 'https://github.com/jenkinsci/plasticscm-mergebot-plugin/pull/3'],
        'cmvc': [version: null, status: 'incompatible', fix: 'https://github.com/jenkinsci/cmvc-plugin/pull/3'],
        'svn-release-mgr': [version: null, status: 'obsolete', fix: ''],
        'cpptest': [version: null, status: 'obsolete', fix: ''],
        'tfs': [version: null, status: 'obsolete', fix: ''],
        'CFLint': [version: null, status: 'obsolete', fix: 'https://github.com/jenkinsci/CFLint-plugin/pull/3'],
        'script-scm': [version: null, status: 'obsolete', fix: ''],
        'rtc': [version: null, status: 'obsolete', fix: ''],
        'cocoemma': [version: null, status: 'obsolete', fix: ''],
        'jwsdp-sqe': [version: null, status: 'obsolete', fix: ''],
        'PUCM': [version: null, status: 'obsolete', fix: ''],
        'purecm-plugin': [version: null, status: 'obsolete', fix: '']
]

println "------------------------- Legend -------------------------"
println "obsolete: The plugin should not be used anymore. No test was performed at all."
println "incompatible: The plugin is not compatible."
println "------------------------- List of issues -------------------------"

Jenkins.get().pluginManager.plugins.findAll({plugins.containsKey(it.shortName)}).each {
    def pluginIssue = plugins.get(it.shortName)

    if (pluginIssue.version == null || it.isOlderThan(pluginIssue.version)) {
        print "[WARNING] '${it.displayName}' status is ${pluginIssue.status}"
        if (pluginIssue.version) {
            print " but there is new version with a fix ${pluginIssue.version}"
        } else if (!pluginIssue.fix.isEmpty()) {
            print " but there is PR with the fix ${pluginIssue.fix}"
        }
        println()
    }
}

println "-------------------------"

Have more questions?

0 Comments

Please sign in to leave a comment.