[Red Hat JIRA] (WFLY-14287) NoClassDefFoundError: Failed to link org/bouncycastle/openpgp/PGPEncryptedDataList: org/bouncycastle/util/Iterable

Wednesday, 20 January 2021

    [
https://issues.redhat.com/browse/WFLY-14287?page=com.atlassian.jira.plugi...
] 

Radoslav Ivanov commented on WFLY-14287:
----------------------------------------

[~brian.stansberry], thanks for the reply and detailed explanation. I pretty well
understand those about foodprint, independence, compatibility, etc. So I will understand
if you reject changes.

Anyway, I would like to share some food for thought in a scenario and hopefully we can
find a solution for it in the future. Let say we have a critical CVE-2020-28052 in
bouncycastle. It is tricky to not update the private (duplicate) older version until you
get a newer WildFly (WF). Sometimes, for security reasons WF users may take the risk to
depend on a private module and update it (after some regression testing) instead of
running on vulnerable along with another updated version of bouncycastle.

...
 NoClassDefFoundError: Failed to link
org/bouncycastle/openpgp/PGPEncryptedDataList: org/bouncycastle/util/Iterable

------------------------------------------------------------------------------------------------------------------

                 Key: WFLY-14287
                 URL: https://issues.redhat.com/browse/WFLY-14287
             Project: WildFly
          Issue Type: Bug
    Affects Versions: 21.0.1.Final
            Reporter: Radoslav Ivanov
            Assignee: Sudeshna Sur
            Priority: Major

 Could you please add missing dependencies in Bouncycastle modules?
 Problem (we got):
 {code:java}
 Caused by: java.lang.NoClassDefFoundError: Failed to link
org/bouncycastle/openpgp/PGPEncryptedDataList (Module "org.bouncycastle.bcpg"
version 1.66.00.0 from local module loader @1d1f7216 (finder: local module finder
@423e4cbb (roots:
/data/avoka/transact/manager/server/modules,/data/avoka/transact/manager/server/modules/system/layers/base))):
org/bouncycastle/util/Iterable
 {code}

 Solution (adding dependency from bcpg to bcprov modules solves the issue):
 {code:java}
  modules\system\layers\base\org\bouncycastle\bcpg\main\module.xml{code}
 {code:java}
 <dependencies>
    <module name="org.bouncycastle.bcprov" export="true"
services="export"/>
 </dependencies>
 {code}

--
This message was sent by Atlassian Jira
(v8.13.1#813001)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006