Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClassNotFoundException: org.owasp.shim.Java8Shim after update to 20240325.1 #329

Open
veita opened this issue Mar 27, 2024 · 6 comments
Open

ClassNotFoundException: org.owasp.shim.Java8Shim after update to 20240325.1 #329

veita opened this issue Mar 27, 2024 · 6 comments

Comments

@veita
Copy link

veita commented Mar 27, 2024

After update to 20240325.1 there occur exceptions ClassNotFoundException: org.owasp.shim.Java8Shim.

I could not find documentation about which additional libraries have to be included on which Java platform such that things work properly. It seems that both java8-shim and java10-shim libraries are needed with Java 21, which seems odd.

Java version: OpenJDK Runtime Environment Temurin-21.0.2+13
@rombert
Copy link

rombert commented Mar 27, 2024

You should add both libraries to your app, the right one will be selected at runtime based on the version of Java you're using.

@casewalker casewalker mentioned this issue Apr 11, 2024
Merged
@randomalgorithm01
Copy link

randomalgorithm01 commented Apr 12, 2024
edited
Loading

@rombert @mikesamuel

Can you kindly explain the use of this dependencies 8shim and 10shim. I originally thought the library has code that will compile in 11+ and this dependency act as adapter for older jdk. But from above it seems to be a problem in 21 jdk too.

I tried new html sanitizer version as a dependency in a large project without classnotfound exceptions (open jdk 11)

Can you kindly explain need of this jar and when to add as dependency

@randomalgorithm01
Copy link

randomalgorithm01 commented Apr 15, 2024
edited
Loading

@rombert a reply would be very helpful here.

@mebigfatguy
Copy link

Would be nice if these classes were loaded dynamically rather than statically. Why would i need to supply Java8-shim if i am not running on java8?

@jlczuk
Copy link

jlczuk commented Jun 17, 2024
edited
Loading

This issue has been open for some time now. I am hitting this as well. All I did was update my version to 2024-325.1.

It wasn't clear to me what the suggested solution was until I looked at the linked PR. If we are required to add new dependencies, it really should be pointed out in the release and in the README.

Apparently we should be adding these two dependencies, which I would prefer if the sanitizer JAR simply included the classes in itself.

I added the following to my gradle dependencies. Just one more thing to keep track of I suppose.

'com.googlecode.owasp-java-html-sanitizer:java8-shim:20240325.1',
'com.googlecode.owasp-java-html-sanitizer:java11-shim:20240325.1'

Also not that this release is a breaking change. All one needs to do is update one's build to the new release and the build will fail. Thank you for identifying in the release notes that Guava is no longer a dependency.

@theigl
Copy link

theigl commented Nov 27, 2024

Requiring both shims on the classpath makes the library unusable with the Java module system because of split-packages. Compilation fails with the following error:

module XYZ reads package org.owasp.shim from both java10.shim and java8.shim

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rombert @mebigfatguy @veita @theigl @jlczuk @randomalgorithm01