#11570 closed defect (fixed)
Error updating log4j plugin under JavaWebStart
Reported by: | SergeyAstakhov | Owned by: | team |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | Plugin | Version: | tested |
Keywords: | webstart log4j | Cc: |
Description
Environment:
Java Web Start 10.72.2.14
Using JRE version 1.7.0_72-b14 Java HotSpot(TM) 64-Bit Server VM
Windows 8.1
---
Exception:
ОШИБКА: org.openstreetmap.josm.plugins.PluginDownloadException: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES. Причина: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES
org.openstreetmap.josm.plugins.PluginDownloadException: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES
at org.openstreetmap.josm.plugins.PluginDownloadTask.download(PluginDownloadTask.java:146)
at org.openstreetmap.josm.plugins.PluginDownloadTask.realRun(PluginDownloadTask.java:169)
at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:93)
at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:161)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES
at java.util.zip.ZipOutputStream.putNextEntry(Unknown Source)
at java.util.jar.JarOutputStream.putNextEntry(Unknown Source)
at com.sun.deploy.net.HttpDownloadHelper.decompressWrite(Unknown Source)
at com.sun.deploy.net.HttpDownloadHelper.download(Unknown Source)
at com.sun.deploy.cache.Cache$6.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.cache.Cache.downloadResourceToCache(Unknown Source)
at com.sun.deploy.cache.DeployFileOutputStream.close(Unknown Source)
at java.io.FilterOutputStream.close(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.close(Unknown Source)
at org.openstreetmap.josm.plugins.PluginDownloadTask.download(PluginDownloadTask.java:137)
... 8 more
Attachments (0)
Change History (4)
comment:1 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
follow-up: 3 comment:2 by , 2 years ago
@Don-vip: Do you remember why you excluded "META-INF/maven/*"
?
I was looking at downloading non-svn jar files and processing them to find any vulnerabilities. Some tools use the pom.xml files to parse dependencies quickly. I can use the OWASP dependency checker, which seems to check the actual file content.
EDIT: It looks like the OWASP dependency checkers detects the usage of packages, but does not know the version. So it isn't very helpful without the pom files.
follow-up: 4 comment:3 by , 2 years ago
Replying to taylor.smock:
@Don-vip: Do you remember why you excluded
"META-INF/maven/*"
?
Likely because it's not needed at runtime for JOSM so I didn't see the need to keep them. It was simpler to delete everything in META-INF except manifest and SPI files.
comment:4 by , 2 years ago
Replying to Don-vip:
Likely because it's not needed at runtime for JOSM so I didn't see the need to keep them. It was simpler to delete everything in META-INF except manifest and SPI files.
OK. Good to know. I'll go ahead and make a patch so that it is easier to run vulnerability checkers in the future. I'll open a separate ticket for that.
Fixed in 31281/osm.