Error while processing bom: Duplicate key

[DaBalt]

Current Behavior

Hi,
Our process makes daily scans of all our projects, create the SBOM and load it to Dependency Track, Unfortunately, for some projects we are getting errors like this:

ERROR [BomUploadProcessingTask] Error while processing bom java.lang.IllegalStateException: Duplicate key Identity[group=aquasecurity, name=trivy:PkgID, [email protected]] (attempted merging values ComponentProperty{id=1450648, component=pkg:nuget/[email protected], groupName=aquasecurity, propertyName=trivy:PkgID, [email protected], propertyType=STRING, uuid=5e7640f8-2e76-4a09-8817-86cba50e0e05} and ComponentProperty{id=1450649, component=pkg:nuget/[email protected], groupName=aquasecurity, propertyName=trivy:PkgID, [email protected], propertyType=STRING, uuid=701f26af-fc1f-407e-966c-270c7e7325e8}) at java.base/java.util.stream.Collectors.duplicateKeyException(Unknown Source) at java.base/java.util.stream.Collectors.lambda$uniqKeysMapAccumulator$1(Unknown Source) at java.base/java.util.stream.ReduceOps$3ReducingSink.accept(Unknown Source) at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source) at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source) at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source) at org.dependencytrack.persistence.ComponentQueryManager.synchronizeComponentProperties(ComponentQueryManager.java:925) at org.dependencytrack.persistence.QueryManager.synchronizeComponentProperties(QueryManager.java:608) at org.dependencytrack.parser.cyclonedx.util.ModelConverter.convert(ModelConverter.java:613) at org.dependencytrack.parser.cyclonedx.util.ModelConverter.convertComponents(ModelConverter.java:464) at org.dependencytrack.tasks.BomUploadProcessingTask.inform(BomUploadProcessingTask.java:157) at org.dependencytrack.tasks.BomUploadProcessingTaskV2.inform(BomUploadProcessingTaskV2.java:151) at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source)

Already there was one System.ValueTuple loaded in version 4.5.0:

In SBOM there was 4 separate instances of this component:
{ "type": "library", "bom-ref": "684a5aa1-535f-4fd2-ba87-3ca30b505e7c", "name": "System.ValueTuple", "version": "4.5.0", "purl": "pkg:nuget/[email protected]", "properties": [ { "name": "aquasecurity:trivy:PkgType", "value": "nuget" } ] }, }, { "type": "library", "bom-ref": "a895ab7c-cee3-414b-8811-0c7a9f01b968", "name": "System.ValueTuple", "version": "4.5.0", "purl": "pkg:nuget/[email protected]", "properties": [ { "name": "aquasecurity:trivy:PkgType", "value": "nuget" } ] }, { "type": "library", "bom-ref": "b4ace403-0b23-407c-9f9f-9a103de5d6f8", "name": "System.ValueTuple", "version": "4.5.0", "purl": "pkg:nuget/[email protected]", "properties": [ { "name": "aquasecurity:trivy:PkgType", "value": "nuget" } ] }, { "type": "library", "bom-ref": "0ddf76c9-bc51-4287-81b8-4a7690cfde09", "name": "System.ValueTuple", "version": "4.5.0", "purl": "pkg:nuget/[email protected]", "properties": [ { "name": "aquasecurity:trivy:PkgType", "value": "nuget" } ] },

I had the same issue as per other issue, that the API/UI responds with 200 okay response to uploading this SBOM.

Loading this SBOM to empty project looks fine:

Any ideas how to go over that?

Steps to Reproduce

1. One SBOM was loaded to project with one System.ValueTuple in 4.5.0 version defined.
2. New SBOM was loaded to project, 200 message was shown, but the SBOM is not loading with the error described above.

Expected Behavior

The SBOM should be correctly replaced/updated.

Dependency-Track Version

4.11.4

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

13.14

Browser

Microsoft Edge

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported

[nscuro]

This is really odd since we de-duplicate component properties multiple times such that there can't be more than one property for each groupName-propertyName-propertyValue combination.

I can not reproduce this with the component data you provided, by uploading a BOM with those multiple times to the same project.

The fact that there are multiples of those combinations in your case leads me to believe there is some sort of race condition. Are you uploading multiple BOMs to the same project in close succession?

Also, can you please share the component properties for the problematic component in DT? You can find them by clicking on a component in the list, then View Details, and then Properties on the bottom of the Component Details modal. There should not be any duplicate properties.

[turbolocust]

I have a similar issue, yet the stack trace of the exception specifically refers to the LicenseQueryManager:

2024-08-02 07:43:45,014 INFO [BomUploadProcessingTaskV2] Consuming uploaded BOM [bomSerialNumber=08e08436-c806-4460-85b9-301221203475, bomFormat=CycloneDX, bomUploadToken=f451988e-4d54-4f3e-9555-d3853f07ff19, projectName=__redacted__, bomSpecVersion=1.6, projectUuid=4e0d24b4-b3f1-45a2-9489-c604fc0b4aa6, projectVersion=__redacted__, bomVersion=1]
2024-08-02 07:43:45,029 INFO [BomUploadProcessingTaskV2] Consumed 1339 components (1589 before de-duplication), 0 services (0 before de-duplication), and 350 dependency graph entries [bomSerialNumber=08e08436-c806-4460-85b9-301221203475, bomFormat=CycloneDX, bomUploadToken=f451988e-4d54-4f3e-9555-d3853f07ff19, projectName=__redacted__, bomSpecVersion=1.6, projectUuid=4e0d24b4-b3f1-45a2-9489-c604fc0b4aa6, projectVersion=__redacted__, bomVersion=1]
2024-08-02 07:43:45,036 INFO [BomUploadProcessingTaskV2] Processing 1339 components [bomSerialNumber=08e08436-c806-4460-85b9-301221203475, bomFormat=CycloneDX, bomUploadToken=f451988e-4d54-4f3e-9555-d3853f07ff19, projectName=__redacted__, bomSpecVersion=1.6, projectUuid=4e0d24b4-b3f1-45a2-9489-c604fc0b4aa6, projectVersion=__redacted__, bomVersion=1]
2024-08-02 07:43:45,212 INFO [ProjectResource] Project __redacted__ : __redacted__ : __redacted__ updated by odt_****************************MSNV
2024-08-02 07:43:47,301 ERROR [BomUploadProcessingTaskV2] Failed to process BOM [bomUploadToken=f451988e-4d54-4f3e-9555-d3853f07ff19, projectName=__redacted__, projectUuid=4e0d24b4-b3f1-45a2-9489-c604fc0b4aa6, projectVersion=__redacted__]
javax.jdo.JDOUserException: The query returned more than one instance BUT either unique is set to true or only aggregates are to be returned, so should have returned one result maximum
	at org.datanucleus.api.jdo.JDOAdapter.getJDOExceptionForNucleusException(JDOAdapter.java:698)
	at org.datanucleus.api.jdo.JDOQuery.executeInternal(JDOQuery.java:456)
	at org.datanucleus.api.jdo.JDOQuery.executeUnique(JDOQuery.java:360)
	at org.dependencytrack.persistence.LicenseQueryManager.getLicenseByIdOrName(LicenseQueryManager.java:102)
	at org.dependencytrack.persistence.QueryManager.getLicenseByIdOrName(QueryManager.java:624)
	at java.base/java.util.HashMap.computeIfAbsent(Unknown Source)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.resolveAndApplyLicense(BomUploadProcessingTaskV2.java:685)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.processComponents(BomUploadProcessingTaskV2.java:399)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.lambda$processBom$0(BomUploadProcessingTaskV2.java:301)
	at org.dependencytrack.persistence.QueryManager.lambda$runInTransaction$0(QueryManager.java:1433)
	at org.dependencytrack.persistence.QueryManager.runInTransaction(QueryManager.java:1464)
	at org.dependencytrack.persistence.QueryManager.runInTransaction(QueryManager.java:1432)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.processBom(BomUploadProcessingTaskV2.java:296)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.processEvent(BomUploadProcessingTaskV2.java:187)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.inform(BomUploadProcessingTaskV2.java:162)
	at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.datanucleus.store.query.QueryNotUniqueException: The query returned more than one instance BUT either unique is set to true or only aggregates are to be returned, so should have returned one result maximum
	at org.datanucleus.store.query.Query.executeQuery(Query.java:2039)
	at org.datanucleus.store.query.Query.executeWithMap(Query.java:1911)
	at org.datanucleus.api.jdo.JDOQuery.executeInternal(JDOQuery.java:437)
	... 17 common frames omitted

The uploaded BOM represents a container image and is quite big. However, I checked the licenses and could not find any duplicate license with the same name within the same licenses node.

[nscuro]

@turbolocust This is caused by #3957, which is already fixed via #3958. But the fix was not yet released. If this is a more widespread issue we'll definitely look into pushing another bugfix release.

[simonknittel]

Hey!

I may have a similar issue:

Duplicate key Identity[group=syft, name=metadata:license, value=GPL] (attempted merging values ComponentProperty{id=35107, component=pkg:generic/6lowpan, groupName=syft, propertyName=metadata:license, propertyValue=GPL, propertyType=STRING, uuid=9fbb0b4a-68e9-4418-a815-0a4bcad2ce4b} and ComponentProperty{id=35111, component=pkg:generic/6lowpan, groupName=syft, propertyName=metadata:license, propertyValue=GPL, propertyType=STRING, uuid=4a5ea725-396f-4737-8b15-21f0e7de88d1})

Dependency-Track v4.11.5

I generated the SBOM with https://github.com/anchore/syft

[DaBalt]

I've tried to provide you with more detailed SBOM but couldn't replicate the issue.

My fix: I've deleted the System.ValueTuple components and reuploaded the SBOM - it was processed successfully.

Thanks for all the work for all DependencyTrack.

[simonknittel]

If you are looking for a SBOM which causes this, this is mine: sbom.json

My fix: I've deleted the System.ValueTuple components and reuploaded the SBOM - it was processed successfully.

I just tried that. This didn't help in my case.

[DaBalt]

Again, I have similar case to my other SBOM - maybe completely coincidence but this time the problematic component is: System.Security.AccessControl (thinking if the System.* maybe a problem?):

2024-08-19 13:12:49,178 ERROR [BomUploadProcessingTask] Error while processing bom java.lang.IllegalStateException: Duplicate key Identity[group=aquasecurity, name=trivy:PkgID, [email protected]] (attempted merging values ComponentProperty{id=262800, component=pkg:nuget/[email protected], groupName=aquasecurity, propertyName=trivy:PkgID, [email protected], propertyType=STRING, uuid=8fa80e98-6880-425b-84df-a68805251b4f} and ComponentProperty{id=262808, component=pkg:nuget/[email protected], groupName=aquasecurity, propertyName=trivy:PkgID, [email protected], propertyType=STRING, uuid=795405e2-524d-4062-b837-f7554c2dc559}) at java.base/java.util.stream.Collectors.duplicateKeyException(Unknown Source) at java.base/java.util.stream.Collectors.lambda$uniqKeysMapAccumulator$1(Unknown Source) at java.base/java.util.stream.ReduceOps$3ReducingSink.accept(Unknown Source) at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source) at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source) at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source) at org.dependencytrack.persistence.ComponentQueryManager.synchronizeComponentProperties(ComponentQueryManager.java:925) at org.dependencytrack.persistence.QueryManager.synchronizeComponentProperties(QueryManager.java:608) at org.dependencytrack.parser.cyclonedx.util.ModelConverter.convert(ModelConverter.java:613) at org.dependencytrack.parser.cyclonedx.util.ModelConverter.convertComponents(ModelConverter.java:464) at org.dependencytrack.tasks.BomUploadProcessingTask.inform(BomUploadProcessingTask.java:157) at org.dependencytrack.tasks.BomUploadProcessingTaskV2.inform(BomUploadProcessingTaskV2.java:151) at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source)

After removing the problematic Components new issue came (again System.*)

2024-08-19 13:18:17,915 ERROR [BomUploadProcessingTask] Error while processing bom java.lang.IllegalStateException: Duplicate key Identity[group=aquasecurity, name=trivy:PkgID, [email protected]] (attempted merging values ComponentProperty{id=262944, component=pkg:nuget/[email protected], groupName=aquasecurity, propertyName=trivy:PkgID, [email protected], propertyType=STRING, uuid=831bbe17-a26c-40f4-a79e-151085def69d} and ComponentProperty{id=262977, component=pkg:nuget/[email protected], groupName=aquasecurity, propertyName=trivy:PkgID, [email protected], propertyType=STRING, uuid=6a7bc6c4-d9b9-4828-ac40-70ac5552b877}) at java.base/java.util.stream.Collectors.duplicateKeyException(Unknown Source) at java.base/java.util.stream.Collectors.lambda$uniqKeysMapAccumulator$1(Unknown Source) at java.base/java.util.stream.ReduceOps$3ReducingSink.accept(Unknown Source) at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source) at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source) at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)

The same route and the same problem arises - all with System.* components in version 4.5.0, like those:

[BalazsSzaboElypta]

I also experience the duplicate key issue. I'm on the latest DependencyTrack version (v4.11.7) and I have the BOM Processing V2 experimental setup enabled.

As a note, I only get this error for projects I generate the SBOM with anchor/syft tool

[nscuro]

I did a quick smoke test and I can reproduce the issue with @simonknittel's BOM. First upload succeeds, for the second the Duplicate key exception is thrown. But will need to properly debug and isolate this in a test.

For anyone curious, the code in question is here:

dependency-track/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java

Lines 922 to 943 in 3e5ca1f

	// Group properties by group, name, and value. Because CycloneDX supports duplicate
	// property names, uniqueness can only be determined by also considering the value.
	final var existingPropertiesByIdentity = component.getProperties().stream()
	.collect(Collectors.toMap(ComponentProperty.Identity::new, Function.identity()));
	final var incomingPropertiesByIdentity = properties.stream()
	.collect(Collectors.toMap(ComponentProperty.Identity::new, Function.identity()));
	final var propertyIdentities = new HashSet<ComponentProperty.Identity>();
	propertyIdentities.addAll(existingPropertiesByIdentity.keySet());
	propertyIdentities.addAll(incomingPropertiesByIdentity.keySet());
	for (final ComponentProperty.Identity identity : propertyIdentities) {
	final ComponentProperty existingProperty = existingPropertiesByIdentity.get(identity);
	final ComponentProperty incomingProperty = incomingPropertiesByIdentity.get(identity);
	if (existingProperty == null) {
	incomingProperty.setComponent(component);
	pm.makePersistent(incomingProperty);
	} else if (incomingProperty == null) {
	pm.deletePersistent(existingProperty);
	}
	}

It fails on line 925 which means the existing component already has multiple occurences of a property, which should not happen.

[PhilippSieber]

Same issue in our setup:

• dependency-track v4.11.6
• around 20 out of 450 SBOMs generated by Syft v1.11.0 are affected, on different components
• source: container images
• SBOMs generated by cdxgen are not affected
• CycloneDX 1.5 format
• BOM Processing V2 experimental not enabled

[nscuro]

I did some more testing yesterday. I was not able to reproduce it with BOM Processing V2 enabled. I also noted that the Syft BOM shared above has lots of duplicate components, which BOM Processing V2 does a better job of getting rid of.

Upon first import, there were no duplicate properties in the database. During the second import, some components did have duplicates, which leads me to the assumption that properties are unintentionally being added outside of the intended "happy path" (a snippet of which I shared above).

Since that code takes care of de-duplicating properties, there must be another place where properties end up being added without proper de-duplication.

[simonknittel]

I just enabled the experimantal option for v2 processing but still run into the same error.

However, when I delete the component it complains about, the next run it won't complain about that component again but a different one.

First it was pkg:generic/6lowpan, then it was pkg:generic/8021q, now it is pkg:generic/8139too. I can probably continue deleting them until everything passes

[nscuro]

Yeah if there's already duplicate properties it will run into the same issue. But it should not cause new duplicates.

[simonknittel]

I ended up just deleting all components for the affected project (nearly 3000) since deleting one by one was never ending. Now the import processed successfully

[mbxsuite]

It fails on line 925 which means the existing component already has multiple occurences of a property, which should not happen.

I get the same issue within our setup (Duplicate key Identity ... attempted merging values ComponentProperty ....).

Our Jenkins generates multiple Docker images that may share the same components. Multiple sboms of these Images (generated via anchor/syft) are - by chance - pushed in parallel to DT.

So, if there is actually a race condition in deduplication we might need to change our process.

[nscuro]

@mbxsuite Projects in DT are not meant to hold more than one BOM at once. It doesn't do any merging - if you observed that happening before, it was by accident since there's currently no locking on the project level for processing uploaded BOMs.

I think we need to add locking to make this more obvious.

[mbxsuite]

@nscuro

Projects in DT are not meant to hold more than one BOM at once. It doesn't do any merging - if you observed that happening before, it was by accident since there's currently no locking on the project level for processing uploaded BOMs.

I think we need to add locking to make this more obvious.

Ok, I may have described that not exactly enough: It is a single Jenkins Job to build and scan multiple Docker Images in parallel, from each Image one sbom will be generated and uploaded to DT. The Job is not waiting for results from DT. All images contain a c# microservice. Any service/image may contain and use shared nugets (models, etc).

We don't push different sboms to a same project. Every docker image/microservice has it's own DT Project, so do the base projects that are scanned by CycloneDX.

[nscuro]

@mbxsuite OK, in that case you should be good process-wise. Now to address the issue at hand, do you have BOM Processing V2 enabled in the settings? If not, give it a try, as it appears to resolve this issue for new projects.

As mentioned by @simonknittel though, it doesn't repair existing projects. I guess we need a solution for that still, as I don't think forcing users to delete components is acceptable.

[mbxsuite]

@nscuro I did both, enabled V2 now and we were able to delete the projects.

Loooking at the issue, we stumbled across the naming of the detected components. Is it intended that the nuget package's name is used instead of the package id to identify it?

ComponentProperty {
  component=pkg:nuget/**NAME**@0.1.2+Branch.master.Sha.123456789abcdef
}

vs

ComponentProperty {
  component=pkg:nuget/**com.corp.package**@0.1.2+Branch.master.Sha.123456789abcdef
}

[nscuro]

Where is that output from?

If it is from a log of some kind, the reason why Components are printed like this is just historic behavior - the toString method is implemented to return the PURL if it's available:

dependency-track/src/main/java/org/dependencytrack/model/Component.java

Lines 875 to 889 in 7ce8e04

	@Override
	public String toString() {
	if (getPurl() != null) {
	return getPurl().canonicalize();
	} else {
	StringBuilder sb = new StringBuilder();
	if (getGroup() != null) {
	sb.append(getGroup()).append(" : ");
	}
	sb.append(getName());
	if (getVersion() != null) {
	sb.append(" : ").append(getVersion());
	}
	return sb.toString();
	}

[mbxsuite]

I see. .... Origin was the Stacktrace of this issue, when analysing Docker->layer -> dll -> nuget-package

The Github Purl package utilizes a "name", whereas c# / nuget world differentiates between a name and package id. There was no inherent requirement in our project to have the "name" unique, which led DT to seeing multiple different packages with similar Purls.

We have now set names to equal the package ids and will see how this will behave. Thanks for the insight.

[raikpi]

We are facing the same issue with 4.11.4

java.lang.IllegalStateException: Duplicate key Identity[group=syft, name=cpe23, value=cpe:2.3:a:org.sonatype.oss:jcip:1.0-1:*:*:*:*:*:*:*] (attempted merging values ComponentProperty{id=1732855, component=pkg:maven/com.github.stephenc.jcip/[email protected], groupName=syft, propertyName=cpe23, propertyValue=cpe:2.3:a:org.sonatype.oss:jcip:1.0-1:*:*:*:*:*:*:*, propertyType=STRING, uuid=83dba955-dd1f-47dc-99bc-7c5400ea0ead} and ComponentProperty{id=1732865, component=pkg:maven/com.github.stephenc.jcip/[email protected], groupName=syft, propertyName=cpe23, propertyValue=cpe:2.3:a:org.sonatype.oss:jcip:1.0-1:*:*:*:*:*:*:*, propertyType=STRING, uuid=c37a79cf-125b-4f96-854c-9a2359d89afe})                                                                                                                                                   at java.base/java.util.stream.Collectors.duplicateKeyException(Unknown Source)
        at java.base/java.util.stream.Collectors.lambda$uniqKeysMapAccumulator$1(Unknown Source)
        at java.base/java.util.stream.ReduceOps$3ReducingSink.accept(Unknown Source)
        at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source)
        at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
        at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
        at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
        at org.dependencytrack.persistence.ComponentQueryManager.synchronizeComponentProperties(ComponentQueryManager.java:925)
        at org.dependencytrack.persistence.QueryManager.synchronizeComponentProperties(QueryManager.java:608)
        at org.dependencytrack.parser.cyclonedx.util.ModelConverter.convert(ModelConverter.java:613)
        at org.dependencytrack.parser.cyclonedx.util.ModelConverter.convertComponents(ModelConverter.java:464)
        at org.dependencytrack.tasks.BomUploadProcessingTask.inform(BomUploadProcessingTask.java:157)
        at org.dependencytrack.tasks.BomUploadProcessingTaskV2.inform(BomUploadProcessingTaskV2.java:151)
        at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)```

[nscuro]

I'll add a mechanism to v4.12 that will "auto-repair" this.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.