Java 18 compatibility #423
Comments
|
See https://openjdk.java.net/jeps/411 Try -Djava.security.manager=allow To continue to allow it, its off by default with 18. |
|
Sure, works as a workaround, but IMHO it would be desirable if the plugin worked out-of-the-box, wouldn't it? |
|
plugin is written in groovy, its still using it based off that stack (the groovy ant code). I checked groovy github and last they have on it is some prep work preparing to deprecate it so it really would hinge on them. |
|
Closing issue, updated readme to note considerations such as this. Groovy has no fix yet. They reverted the code they were applying and noted it will be sometime in the future done some other way. Unfortunately this plugin is limited by their speed at getting compliant with java and there are work arounds which are now directly noted with link to details in groovy. |
|
Thanks for the update! |
|
Is there a groovy issue open for this? I wasn't able to find one. |
|
I've just been annoyed by this yet again and thought it would be useful to put everything I could find here, because I think this issue is lacking in good information. The error generated by spotbugs-maven-plugin isn't caused by spotbugs, it's caused by groovy using the security manager to prevent System.exit from working. I don't think that issue is ever going to be fixed, and the groovy team don't look like they are very keen on keeping up with JDK developments. :( My preferred workaround is to make the spotbugs-maven-plugin fork and then specify the system property for it (preferred because this way limits the workaround to only affecting spotbugs-maven-plugin): <plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.7.3.4</version>
<configuration>
<fork>true</fork>
<effort>Max</effort>
<xmlOutput>true</xmlOutput>
<excludeFilterFile>${basedir}/findbugsFilterFile.xml</excludeFilterFile>
<jvmArgs>-Djava.security.manager=allow</jvmArgs>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>1.12.0</version>
</plugin>
</plugins>
</configuration>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin> |
|
Please report to groovy then. There is nothing we can do here. As documented and as you lay this out as well. Issue is with groovy. Work around is otherwise documented and works.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Yaytay ***@***.***>
Sent: Tuesday, April 11, 2023 4:25:02 AM
To: spotbugs/spotbugs-maven-plugin ***@***.***>
Cc: Jeremy Landis ***@***.***>; State change ***@***.***>
Subject: Re: [spotbugs/spotbugs-maven-plugin] Java 18 compatibility (Issue #423)
I've just been annoyed by this yet again and thought it would be useful to put everything I could find here, because I think this issue is lacking in good information.
This is all my understanding, and if it's wrong I'd be grateful if one of the maintainers of this repo could correct it:
The error generated by spotbugs-maven-plugin isn't caused by spotbugs, it's caused by groovy using the security manager to prevent System.exit from working.
The note regarding this problem for this plugin can be found here: https:/spotbugs/spotbugs-maven-plugin#groovy
The note regarding this problem from the groovy team can be found here: https://groovy-lang.org/releasenotes/groovy-4.0.html#Groovy4.0releasenotes-4.0.2
The JEP for removing the security manager is https://openjdk.org/jeps/411
Finally, the 5 year old bug in the JDK that groozy are waiting for it here: https://bugs.openjdk.org/browse/JDK-8199704
I don't think that issue is ever going to be fixed, and the groovy team don't look like they are very keen on keeping up with JDK developments. :(
—
Reply to this email directly, view it on GitHub<#423 (comment)>, or unsubscribe<https:/notifications/unsubscribe-auth/AAHODI7SKESG4OQ66LFEP33XAUIN5ANCNFSM5T7BCRWA>.
You are receiving this because you modified the open/close state.Message ID: ***@***.***>
|
|
The issue is not with Groovy per se, it is with Ant, which this mojo explicitly uses to run SpotBugs for some reason (merely using a Groovy utility to prepare the Ant usage). I filed apache/ant#200 to deal with this upstream, though it would be better to drop the Ant dependency and either fork via As far as I can tell the workaround is just to configure the mojo to |
Thanks for this insight, although I am seeing the opposite: |
I can confirm that this ( |
|
Should be reopened once apache/ant@689b6ea is released. |
|
@jglick I know you mentioned this project does this strangely using ant. If you know groovy well enough and think you could figure out how to get it off that, it would be a great help. I didn't write the original code but am basically by myself with this. I'd love to dump ant and also not seeing why it was written this way. In fact, I cannot even understand the rational for why it was originally written in groovy either. But its groovy now so any improvements would be greatly appreciated. I'll eventually try to do so myself but I don't work on groovy enough to be super slick about it :) |
|
Well, at any rate just updating to 1.10.14 (once it is released) ought to fix this issue. |
|
https://ant.apache.org/ released yesterday |
|
fixed on 'spotbugs' branch now. |
Hi there,
running the spotbugs-maven-plugin (v4.6.0.0) on Maven 3.8.4 under Java 18 ends up with the following exception:
Any ideas?
The text was updated successfully, but these errors were encountered: