-
Notifications
You must be signed in to change notification settings - Fork 40.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack #38833
Comments
spring-projects-issues
added
the
status: waiting-for-triage
An issue we've not yet triaged
label
Dec 15, 2023
philwebb
changed the title
getSigners() info is lost for signed jars when using the new loader implementation
getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack
Dec 15, 2023
philwebb
added
type: regression
A regression from a previous release
and removed
status: waiting-for-triage
An issue we've not yet triaged
labels
Dec 15, 2023
Thanks for the analysis @lburja. Hopefully fixed for the next release. |
ndwnu
pushed a commit
to ndwnu/nls-routing-map-matcher
that referenced
this issue
Apr 10, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.apache.maven.plugins:maven-surefire-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.springframework.boot:spring-boot-starter-parent](https://spring.io/projects/spring-boot) ([source](https://github.com/spring-projects/spring-boot)) | parent | patch | `3.2.0` -> `3.2.1` | --- ### Release Notes <details> <summary>spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)</summary> ### [`v3.2.1`](https://github.com/spring-projects/spring-boot/releases/tag/v3.2.1) [Compare Source](spring-projects/spring-boot@v3.2.0...v3.2.1) #### 🐞 Bug Fixes - HibernateJpaAutoConfiguration should be applied before DataSourceTransactionManagerAutoConfiguration [#​38880](spring-projects/spring-boot#38880) - META-INF entries are duplicated under BOOT-INF/classes causing "Conflicting persistence unit definitions" error [#​38862](spring-projects/spring-boot#38862) - logging.include-application-name has no effect when using log4j2 [#​38847](spring-projects/spring-boot#38847) - Pulsar authentication param properties cause IllegalStateException with Pulsar Client 3.1.0 [#​38839](spring-projects/spring-boot#38839) - Child context created with SpringApplicationBuilder runs parents runners [#​38837](spring-projects/spring-boot#38837) - getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack [#​38833](spring-projects/spring-boot#38833) - TestContainers parallel initialization doesn't work properly [#​38831](spring-projects/spring-boot#38831) - Zip file closed exceptions can be thrown due to StaticResourceJars closing jars from cached connections [#​38770](spring-projects/spring-boot#38770) - Multi-byte filenames in zip files can cause an endless loop in ZipString.hash [#​38751](spring-projects/spring-boot#38751) - Gradle task "bootJar" fails with "Failed to get permissions" when using Gradle 8.6-milestone-1 [#​38741](spring-projects/spring-boot#38741) - Custom binding converters are ignored when working with collection types [#​38734](spring-projects/spring-boot#38734) - WebFlux and resource server auto-configuration may fail due to null authentication manager [#​38713](spring-projects/spring-boot#38713) - It is unclear that Docker Compose services have not been started as one or more is already run...
ndwlocatieservices
added a commit
to ndwnu/nls-routing-map-matcher
that referenced
this issue
Apr 16, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.apache.maven.plugins:maven-surefire-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.springframework.boot:spring-boot-starter-parent](https://spring.io/projects/spring-boot) ([source](https://github.com/spring-projects/spring-boot)) | parent | patch | `3.2.0` -> `3.2.1` | --- ### Release Notes <details> <summary>spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)</summary> ### [`v3.2.1`](https://github.com/spring-projects/spring-boot/releases/tag/v3.2.1) [Compare Source](spring-projects/spring-boot@v3.2.0...v3.2.1) #### 🐞 Bug Fixes - HibernateJpaAutoConfiguration should be applied before DataSourceTransactionManagerAutoConfiguration [#​38880](spring-projects/spring-boot#38880) - META-INF entries are duplicated under BOOT-INF/classes causing "Conflicting persistence unit definitions" error [#​38862](spring-projects/spring-boot#38862) - logging.include-application-name has no effect when using log4j2 [#​38847](spring-projects/spring-boot#38847) - Pulsar authentication param properties cause IllegalStateException with Pulsar Client 3.1.0 [#​38839](spring-projects/spring-boot#38839) - Child context created with SpringApplicationBuilder runs parents runners [#​38837](spring-projects/spring-boot#38837) - getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack [#​38833](spring-projects/spring-boot#38833) - TestContainers parallel initialization doesn't work properly [#​38831](spring-projects/spring-boot#38831) - Zip file closed exceptions can be thrown due to StaticResourceJars closing jars from cached connections [#​38770](spring-projects/spring-boot#38770) - Multi-byte filenames in zip files can cause an endless loop in ZipString.hash [#​38751](spring-projects/spring-boot#38751) - Gradle task "bootJar" fails with "Failed to get permissions" when using Gradle 8.6-milestone-1 [#​38741](spring-projects/spring-boot#38741) - Custom binding converters are ignored when working with collection types [#​38734](spring-projects/spring-boot#38734) - WebFlux and resource server auto-configuration may fail due to null authentication manager [#​38713](spring-projects/spring-boot#38713) - It is unclear that Docker Compose services have not been started as one or more is already run...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
After upgrading to Spring Boot 3.2, my application stops working, until I add the
<loaderImplementation>CLASSIC</loaderImplementation>
configuration to therepackage
Maven goal.The particularity of my application, is that one of the jars is a security library which is signed (the library recuperates the signature via
Class::getSigners()
to verify it when initializing). In previous versions of Spring Boot,requiresUnpack
used to do the trick:Now, the application only works by reverting to the CLASSIC loader implementation.
By debugging the application, I see the following differences between the two cases:
In the CLASSIC loader, the library is loaded via
LaunchedURLClassLoader
using the schemefile:/...
and the signers are correctly returned:
In the new loader, the library is loaded via
LaunchedClassLoader
using the schemejar:file:/...
and the signers are lost:
It would be desirable that the
getSigners()
info of signed jars is preserved by the loader, when using therepackage
Maven goal.The text was updated successfully, but these errors were encountered: