Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maven 3.8.1 update causes warning #16233

Closed
fwgreen opened this issue Apr 4, 2021 · 6 comments · Fixed by #16249
Closed

Maven 3.8.1 update causes warning #16233

fwgreen opened this issue Apr 4, 2021 · 6 comments · Fixed by #16249
Assignees
@famod
Labels
area/maven kind/bug Something isn't working
Milestone
1.13.5.Final

Comments

@fwgreen
Copy link

fwgreen commented Apr 4, 2021

Maven was recently updated from 3.6.3 to 3.8.1 to address a security vulnerability. As a result, this warning now comes up on startup...

2021-04-04 19:02:43,763 WARN  [io.qua.boo.res.mav.BootstrapMavenContext] (main) Settings problem encountered at /Users/francois/Libraries/Java/apache-maven/conf/settings.xml, line 164, column 16: org.apache.maven.settings.io.SettingsParseException: Unrecognised tag: 'blocked' (position: START_TAG seen ...</url>\r\n      <blocked>... @164:16) 
        at org.apache.maven.settings.io.DefaultSettingsReader.read(DefaultSettingsReader.java:87)
        at org.apache.maven.settings.building.DefaultSettingsBuilder.readSettings(DefaultSettingsBuilder.java:182)
        at org.apache.maven.settings.building.DefaultSettingsBuilder.build(DefaultSettingsBuilder.java:104)
        at io.quarkus.bootstrap.resolver.maven.BootstrapMavenContext.getEffectiveSettings(BootstrapMavenContext.java:252)
        at io.quarkus.bootstrap.resolver.maven.BootstrapMavenContext.isOffline(BootstrapMavenContext.java:218)
        at io.quarkus.bootstrap.resolver.maven.BootstrapMavenContext.newRepositorySystem(BootstrapMavenContext.java:648)
        at io.quarkus.bootstrap.resolver.maven.BootstrapMavenContext.getRepositorySystem(BootstrapMavenContext.java:223)
        at io.quarkus.bootstrap.resolver.maven.MavenArtifactResolver.<init>(MavenArtifactResolver.java:125)
        at io.quarkus.bootstrap.BootstrapAppModelFactory.getAppModelResolver(BootstrapAppModelFactory.java:192)
        at io.quarkus.bootstrap.BootstrapAppModelFactory.resolveAppModel(BootstrapAppModelFactory.java:305)
        at io.quarkus.bootstrap.app.QuarkusBootstrap.bootstrap(QuarkusBootstrap.java:163)
        at io.quarkus.deployment.dev.DevModeMain.start(DevModeMain.java:143)
        at io.quarkus.deployment.dev.DevModeMain.main(DevModeMain.java:63)
Caused by: org.codehaus.plexus.util.xml.pull.XmlPullParserException: Unrecognised tag: 'blocked' (position: START_TAG seen ...</url>\r\n      <blocked>... @164:16) 
        at org.apache.maven.settings.io.xpp3.SettingsXpp3Reader.checkUnknownElement(SettingsXpp3Reader.java:149)
        at org.apache.maven.settings.io.xpp3.SettingsXpp3Reader.parseMirror(SettingsXpp3Reader.java:920)
        at org.apache.maven.settings.io.xpp3.SettingsXpp3Reader.parseSettings(SettingsXpp3Reader.java:1416)
        at org.apache.maven.settings.io.xpp3.SettingsXpp3Reader.read(SettingsXpp3Reader.java:1544)
        at org.apache.maven.settings.io.xpp3.SettingsXpp3Reader.read(SettingsXpp3Reader.java:566)
        at org.apache.maven.settings.io.xpp3.SettingsXpp3Reader.read(SettingsXpp3Reader.java:595)
        at org.apache.maven.settings.io.DefaultSettingsReader.read(DefaultSettingsReader.java:83)
        ... 12 more

Quarkus 1.12.1
Java 16
@fwgreen fwgreen added the kind/bug Something isn't working label Apr 4, 2021
@quarkus-bot
Copy link

quarkus-bot bot commented Apr 4, 2021

/cc @quarkusio/devtools

@srisatya12
Copy link

@fwgreen Sir I want work on this issue .

@famod
Copy link
Member

famod commented Apr 5, 2021

@srisatya1197 Thanks for your offer (really appreciated!) but I have already started to work on this in general, including an update of the Quarkus CI.
See also this discussion I have just started: https://groups.google.com/g/quarkus-dev/c/A-cm9pvviiE

/cc @aloubyansky

@famod famod self-assigned this Apr 5, 2021
@cescoffier
Copy link
Member

The issue is about a change in mavne blocking insecure repositories by default. Check that all your repositories are in https (<--- s) and not http

@famod famod mentioned this issue Apr 5, 2021
Merged
@gastaldi gastaldi linked a pull request Apr 6, 2021 that will close this issue
Update to Maven 3.8.1 and use mvnw consequently in GH workflows #16249
Merged
@danielefranceschi
Copy link

Also happens with openjdk11 (using the maven:3-openjdk-11 docker image in Gitlab CI)

@gsmet gsmet added this to the 1.13.5.Final milestone May 21, 2021
@geoand
Copy link
Contributor

geoand commented Jun 16, 2021
edited
Loading

I ran into this locally as well and all I had to do was comment out the

    <mirror>
      <id>maven-default-http-blocker</id>
      <mirrorOf>external:http:*</mirrorOf>
      <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
      <url>http://0.0.0.0/</url>
      <blocked>true</blocked>
    </mirror>

block in my /path/to/maven/conf/settings.xml file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@famod famod

Labels
area/maven kind/bug Something isn't working
Projects
None yet
Milestone
1.13.5.Final
Development

Successfully merging a pull request may close this issue.

Update to Maven 3.8.1 and use mvnw consequently in GH workflows
7 participants
@cescoffier @gsmet @geoand @fwgreen @danielefranceschi @famod @srisatya12