Nexus-Staging-Maven-Plugin illegal reflective access through XStream usage

[lprimak]

Core Issue

When using the nexus-staging-maven-plugin, an illegal reflective access warning is generated through use of XStream.
Running with MAVEN_OPTS=--illegal-access=debug, the reflective access occurs during XStream initialization. This can be seen here: https://pastebin.com/cHv3G2hM . XStream is aware of the issue and to mitigate it, they have deferred reflective access until absolutely necessary: x-stream/xstream#218 .

Potential Quick Fix
Whether the solution XStream has implemented is sufficient to fix the problem depends on whether the nexus-staging-maven-plugin requires any of the reflective field accesses XStream performs.
As a first start to solve the issue, XStream's version can be updated per this automated PR: sonatype/nexus-maven-plugins#91 It is possible that updating the version of XStream will solve the issue immediately.

Effects on Libraries

When JDK 16 is released this month, illegal reflective access will be denied by default. This presents ramifications to libraries using the nexus-staging-maven-plugin which have a higher JDK build-time requirement even if they are compatible with older JDK versions at runtime. For example, some libraries may want to support record features, and thus require JDK 16.
Changing MAVEN_OPTS=--illegal-access=permit or using .mvn/jvm.config could be a temporary workaround, but at some point this issue will have to be solved. Again, it may be as trivial as incrementing the XStream version.

[lprimak]

Another update: The problem during rc-release does not occur with XStream 1.4.15, but on 1.4.18 which I had upgraded to before performing the release. I have not investigated why the more recent version breaks the release action or which XStream release 1.4.16 to .18 actually broke it. I just know that with 1.4.15 it works nicely without any --add-opens statements.
Will anyone ever fix this problem? The fix is overdue, really. This is a major problem, not a minor one. It affects all users building on JDK 16+.

[nblair]

Hi @lprimak - thanks for opening this issue as well. As I mentioned in #109, this issue appears to be related to the nexus-staging-maven-plugin. We appreciate your input and suggestions on this topic.

Development effort for running the plugin on more contemporary JDKs is not something at present in our short term plans. I'll discuss internally with the team and report back.

[kriegaex]

I am going to attach a couple of issues all related to this problem, exported from Jira. Sorry for the noise, but I think it is important to retain the issues incl. comments.

Development effort for running the plugin on more contemporary JDKs is not something at present in our short term plans.

The current LTS version in Java 17 with next LTS Java 21 around the corner. Java 11 is no longer the current LTS version. How can this not have been in your short-term plan for a long time already?

The impact is huge! Everyone deploying to Maven Central needs this. Are you really expecting everyone to build on Java 11 because of Sonatype?

[kriegaex]

NEXUS-26993, click to expand/collapse.

[NEXUS-26993] Nexus-Staging-Maven-Plugin illegal reflective access through XStream usage Created: 03/10/21  Updated: 05/10/23
Status:	New
Project:	Sonatype Nexus Repository
Component/s:	staging-maven-plugin
Affects Version/s:	None
Fix Version/s:	None

Type:	Bug	Priority:	Major
Reporter:	Anand Beh	Assignee:	Unassigned
Resolution:	Unresolved	Votes:	11
Labels:	lhf, migration-announce, triaged
Remaining Estimate:	Not Specified
Time Spent:	Not Specified
Original Estimate:	Not Specified
Environment:	Mac OS 10.14.6 OpenJDK Zulu15.28+51-CA (build 15.0.1+9) Apache Maven 3.6.3 Nexus-Staging-Maven-Plugin 1.6.8

Issue Links:	Duplicate Relates relates NEXUS-31214 Problems in Nexus Staging Maven Plugi... Closed relates NEXUS-31211 Version 1.6.9 triggers exception: "co... Closed is related to NEXUS-34850 Regression: rc-drop outputs a SEVERE ... New
Last Updated By:	Nicholas Blair
Date of First Response:	19/Mar/21 3:32 PM

Description

Core Issue When using the nexus-staging-maven-plugin, an illegal reflective access warning is generated through use of XStream.  Running with MAVEN_OPTS=--illegal-access=debug, the reflective access occurs during XStream initialization. This can be seen here: https://pastebin.com/cHv3G2hM . XStream is aware of the issue and to mitigate it, they have deferred reflective access until absolutely necessary: x-stream/xstream#218 . Potential Quick Fix Whether the solution XStream has implemented is sufficient to fix the problem depends on whether the nexus-staging-maven-plugin requires any of the reflective field accesses XStream performs. As a first start to solve the issue, XStream's version can be updated per this automated PR: sonatype/nexus-maven-plugins#91 It is possible that updating the version of XStream will solve the issue immediately. Effects on Libraries When JDK 16 is released this month, illegal reflective access will be denied by default. This presents ramifications to libraries using the nexus-staging-maven-plugin which have a higher JDK build-time requirement even if they are compatible with older JDK versions at runtime. For example, some libraries may want to support record features, and thus require JDK 16. Changing MAVEN_OPTS=--illegal-access=permit or using .mvn/jvm.config could be a temporary workaround, but at some point this issue will have to be solved. Again, it may be as trivial as incrementing the XStream version.

Comments

Comment by Udo Höfel [ 03/19/21 ]

I ran into exactly this problem. Changing the MAVEN_OPTS did indeed help, but this certainly would be good to get fixed.

Comment by Anand Beh [ 06/27/21 ]

Just a heads-up on the importance of this issue: JDK 17 will very likely remove the workaround with MAVEN_OPTS. Using --illegal-access will do nothing: https://openjdk.java.net/jeps/403 "With this change, it will no longer be possible for end users to use the --illegal-access option to enable access to internal elements of the JDK."

Comment by Diogo Nunes [ 09/25/21 ]

This has become a problem, we can't publish to maven now!

Comment by Juan Jose Fidalgo Moran [ 09/26/21 ]

I can't deploy either to Maven Central using Nexus Staging Maven plugin on Java 17,   [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy (injected-nexus-deploy) on project theicenet-cryptography: Execution injected-nexus-deploy of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy failed: An API incompatibility was encountered while executing org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy: java.lang.ExceptionInInitializerError: null Is there any plan to fix the illegal reflective access issue on Java 17?. As far as I'm aware, there is not any valid workaround for Java 17.

Comment by Juan Jose Fidalgo Moran [ 09/26/21 ]

For the time being, until this issue is properly fixed at plugin level, I got Nexus Staging Maven plugin working on Java 17 with the workaround, export MAVEN_OPTS="--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED"

Comment by Grégory Van den Borre [ 09/26/21 ]

Thank you Juan Jose Fidalgo Moran, i can confirm this workaround make possible to deploy on maven central with java 17

Comment by Alexander Kriegisch [ 09/26/21 ]

I just tried and for me it works like this, without any MAVEN_OPTS: <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>1.6.8</version> <extensions>true</extensions> <configuration> <!-- (...) --> </configuration> <dependencies> <!-- TODO: Remove after OSSRH-66257, NEXUS-26993 are fixed, possibly via https://github.com/sonatype/nexus-maven-plugins/pull/91 --> <dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> <version>1.4.15</version> </dependency> </dependencies> </plugin>

Comment by Alexander Kriegisch [ 10/08/21 ]

Update for my previous comment: Staging without release is what I tested before and which was working. But a command like mvn nexus-staging:rc-release -DstagingRepositoryId=myId-1234 failed again on JDK 17, so in that case the XStream update is not enough. Here is a console log: $ mvn nexus-staging:rc-release -DstagingRepositoryId=orgaspectj-1112 [INFO] Scanning for projects... [INFO] Inspecting build with total of 1 modules... [INFO] Installing Nexus Staging features: [INFO] ... total of 1 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin [INFO] [INFO] ------------------< org.aspectj:org.eclipse.jdt.core >------------------ [INFO] Building JDT Core for AspectJ 1.9.8.RC1 [INFO] --------------------------------[ jar ]--------------------------------- [INFO] [INFO] --- nexus-staging-maven-plugin:1.6.8:rc-release (default-cli) @ org.eclipse.jdt.core --- [INFO] + Using server credentials "ossrh" from Maven settings. Security framework of XStream not explicitly initialized, using predefined black list on your own risk. [INFO] * Connected to Nexus at https://oss.sonatype.org:443/, is version 2.14.20-02 and edition "Professional" [INFO] RC-Releasing staging repository with IDs=[orgaspectj-1112] [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 6.065 s [INFO] Finished at: 2021-10-08T09:44:39+02:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:rc-release (default-cli) on project org.eclipse.jdt.core: Execution default-cli of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:rc-release failed: No converter available [ERROR] ---- Debugging information ---- [ERROR] message : No converter available [ERROR] type : java.util.Arrays$ArrayList [ERROR] converter : com.thoughtworks.xstream.converters.reflection.ReflectionConverter [ERROR] message[1] : Unable to make field protected transient int java.util.AbstractList.modCount accessible: module java.base does not "opens java.util" to unnamed module @6a638c79 [ERROR] ------------------------------- Looking at the error message part that says module java.base does not "opens java.util" to unnamed module @6a638c79, it looks as if despite the XStream version bump we still need to manually open modules. Please get this fixed ASAP. Thank you.

Comment by Alexander Kriegisch [ 10/20/21 ]

Another update: The problem during rc-release does not occur with XStream 1.4.15, but on 1.4.18 which I had upgraded to before performing the release. I have not investigated why the more recent version breaks the release action or which XStream release 1.4.16 to .18 actually broke it. I just know that with 1.4.15 it works nicely without any --add-opens statements. Will anyone ever fix this problem? The fix is overdue, really. This is a major problem, not a minor one. It affects all users building on JDK 16+.

Comment by Laird Nelson [ 11/12/21 ]

Can confirm on JDK 17 that this is a problem, and that upgrading xstream to exactly 1.4.15 (a now-outdated version itself!) solves the issue. Upgrading xstream beyond this version causes this issue to fail again.

Comment by Alexander Kriegisch [ 11/26/21 ]

Despite XStream 1.4.15, suddenly I am having problems again when not using --add-opens for MAVEN_OPTS as described in this comment. I do not know why it worked before. Maybe I had forgotten to remove the custom Maven options before testing. This issue still needs to be fixed, and it was open for way too long.

Comment by Lenny Primak [ 11/26/21 ]

Agreed. This is a serious issue and needs to be fixed

Comment by Alexander Kriegisch [ 02/03/22 ]

It has been almost a year since this serious issue has been raised, and it does not even have an assignee yet, not to mention meaningful feedback. Pretty please, Sonatype. Java 16 introduced the problem, Java 17 has been around for a while and as LTS is here to stay. Java 18 is due next month, AFAIR.

Comment by Gili Tzabari [ 02/12/22 ]

This issue should be fixed by sonatype/nexus-maven-plugins#91

Comment by Alexander Kriegisch [ 02/13/22 ]

No, it is not. Plugin version 1.6.9 is completely broken, worse than 1.6.8.

Comment by Lenny Primak [ 02/14/22 ]

1.6.10 is also completely broken.  While releasing using maven release plugin: [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.10:deploy (injected-nexus-deploy) on project flowlogix: Execution injected-nexus-deploy of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.10:deploy failed: Nexus connection problem to URL [ https://oss.sonatype.org/ ]: XPP3 pull parser library not present. Specify another driver. For example: new XStream(new DomDriver()): org.xmlpull.mxp1.MXParser -> [Help 1]

Comment by Alexander Kriegisch [ 02/14/22 ]

Yes, I created NEXUS-31214 for it. It would be funny, if it was not so sad: 1.6.8 did not work ever since JDK 16 was released 11 months ago, but at least could be tricked into working with additional plugin dependencies and JVM options. 1.6.9 could deploy (with errors), but not release. 1.6.10 does not work at all, I cannot even do a simple rc-list. It seems as if each release makes matters worse rather than better. Instead of burning release numbers, a little bit of basic pre-release testing would be helpful. Assuming that an integration test suite actually does exist, maybe someone just accidentally built with `-DskipTests`. Shit happens, no problem. We are all human, after all. But please, fix it ASAP. Thank you so much.

Comment by Garret Wilson [ 02/14/22 ]

Could someone give me a summary of what plugin we are supposed to be using? In a GitHub pull request, someone alluded to some newer plugin? You are probably aware of how different staging is for Nexus Repository Manager 3 … I'm running into all these staging errors that everyone else is with Java 17. But is there a newer staging plugin we should be using, and which doesn't have all these bugs? If so, I'll be happy to switch to it. Where is the official documentation about the preferred plugin, and how to migrate from the old plugin? Because surely Sonatype wouldn't be letting this plugin just sit here for months breaking with the latest LTS Java version if this is the preferred plugin to use, would they?

Comment by Gili Tzabari [ 02/14/22 ]

Garret, My understanding is that Maven Central runs Nexus v2 whereas commercial customers use Nexus v3. https://github.com/sonatype/nexus-maven-plugins/ is designed for Nexus v2 so this is the correct plugin to use.

Comment by Garret Wilson [ 02/14/22 ]

Gili, thanks for clarifying. Wow, speechless that they would leave us in the lurch like this. And Maven is one of the cornerstones of modern artifact deployment. Incredible.

Comment by Lenny Primak [ 02/26/22 ]

1.6.12 version of the plugins is working for me now. I have successfully released a module with it

Comment by Alexander Kriegisch [ 04/01/22 ]

A month ago Nicholas Blair said in this comment: Upgrading xstream and guava will be addressed in the next release of the plugin, expected within the next 2 weeks. I'm going to close this issue, NEXUS-31301 and NEXUS-26993 will be open to track those efforts.{quote} So may I ask where we are with this and how much longer people deploying to OSSRH and releasing to Maven Central will need to switch to outdated Java versions after their builds and use special Java options just to deploy? This is a big issue, not some small detail or corner case. This affects everyone who wants to deploy to OSSRH, the biggest and most important Maven repository on this planet.

Comment by Gili Tzabari [ 08/17/22 ]

Does version 1.6.13 fix this issue? It seems to work for me.

Comment by Gili Tzabari [ 08/17/22 ]

I stand corrected. Per https://issues.sonatype.org/browse/NEXUS-31214?focusedCommentId=1193423&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1193423 we still get the following error: [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release (default-cli) on project aspectj-maven-plugin: Execution default-cli of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release failed: No converter available [ERROR] ---- Debugging information ---- [ERROR] message : No converter available [ERROR] type : java.util.Arrays$ArrayList [ERROR] converter : com.thoughtworks.xstream.converters.reflection.ReflectionConverter [ERROR] message[1] : Unable to make field protected transient int java.util.AbstractList.modCount accessible: module java.base does not "opens java.util" to unnamed module @2924f1d8 Can someone from Sonatype please update us on the status of this ticket?

Comment by Stefano Cordio [ 08/17/22 ]

1.6.13 seems to work properly with Java 17 (originally from NEXUS-27902)

Comment by Alexander Kriegisch [ 08/17/22 ]

No, it does not work properly, like I said in this NEXUS-31214 comment already. Quoting myself: Without MAVEN_OPTS=--add-opens=java.base/java.util=ALL-UNNAMED, I get the good old: [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release (default-cli) on project aspectj-maven-plugin: Execution default-cli of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release failed: No converter available [ERROR] ---- Debugging information ---- [ERROR] message : No converter available [ERROR] type : java.util.Arrays$ArrayList [ERROR] converter : com.thoughtworks.xstream.converters.reflection.ReflectionConverter [ERROR] message[1] : Unable to make field protected transient int java.util.AbstractList.modCount accessible: module java.base does not "opens java.util" to unnamed module @2924f1d8

Comment by Lenny Primak [ 08/17/22 ]

just to clarify what @kriegaex is saying, the plugin does not work for the specific goals of 'rc-release' and it's complement goals release:prepare and release:perform work fine

Comment by Nicholas Blair [ 08/17/22 ]

I've been getting a few notifications on this ticket so I just wanted to chime in and acknowledge the requests. At present this item is not in our planned work in the short term; I'll see where this falls in priority and have our team assess what can be done.

Comment by Gili Tzabari [ 08/22/22 ]

For what it's worth, rc-drop is broken too. I just filed this bug report: https://issues.sonatype.org/browse/NEXUS-34850

Comment by Alexander Kriegisch [ 08/26/22 ]

There are so many related issues already. Do we really need a new one for every single plugin release and every goal? Besides: You can't view this issue It may have been deleted or you don't have permission to view it.

Comment by Joe Tom [X] (Inactive) [ 08/26/22 ]

(I've adjusted 34850 to be public, new tickets default to private on this project in case containing any sensitive information)

Generated at Mon May 15 05:51:34 UTC 2023 by Alexander Kriegisch using
Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.

NEXUS-31301, click to expand/collapse.

[NEXUS-31301] Deprecated method call used in nexus-staging-maven-plugin causes failures with newer guava. Created: 02/22/22  Updated: 05/10/23
Status:	New
Project:	Sonatype Nexus Repository
Component/s:	staging-maven-plugin
Affects Version/s:	2.15.0
Fix Version/s:	None

Type:	Bug	Priority:	Major
Reporter:	Rich Seddon	Assignee: Unassigned
Resolution:	Unresolved	Votes:	4
Labels:	migration-announce, regression, supportant

Issue Links:	Relates relates NEXUS-31214 Problems in Nexus Staging Maven Plugi... Closed is related to NEXUS-23594 Deprecated method call used in nexus-... New
Last Updated By:	Nicholas Blair
Date of First Response:	23/Feb/22 6:43 AM
Team:	NXRM - Mad Max
Sprint:	Mad Max To Be Groomed
Notability:	3
Impact:	2

Description

The nexus-staging-ant-tasks makes a deprecated call to com.google.common.base.Stopwatch(). From the JavaDoc: /** * Creates (but does not start) a new stopwatch using {@link System#nanoTime} * as its time source. * * @deprecated Use {@link Stopwatch#createUnstarted()} instead. This * constructor is scheduled to be removed in Guava release 17.0. */ @Deprecated public Stopwatch() { this(Ticker.systemTicker()); } So that should be changed to: Stopwatch watch = Stopwatch.createUnstarted(); Without this change, if a newer guava library is on the classpath you'll see this failure:   [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.11:deploy-staged-repository (default-cli) on project standalone-pom: Execution default-cli of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.11:deploy-staged-repository failed: An API incompatibility was encountered while executing org.sonatype.plugins:nexus-staging-maven-plugin:1.6.11:deploy-staged-repository: java.lang.IllegalAccessError: tried to access method com.google.common.base.Stopwatch.<init>()V from class com.sonatype.nexus.staging.client.internal.StagingWorkflowV3ServiceImpl

Comments

Comment by Alexander Kriegisch [ 02/26/22 ]

I see the same error with both mvn deploy (indirectly calls org.sonatype.plugins:nexus-staging-maven-plugin:1.6.12:deploy if <extensions>true</extensions> is active (without that option it works now), org.sonatype.plugins:nexus-staging-maven-plugin:1.6.12:rc-list (both with and without the extentions option). BTW, the source code quote from above it severely outdated. The constructor is not just deprecated. Since February 2014, it has been package-scoped already. That is 8 years, a very long time to upgrade a dependency. The change has been official since Guava 17.0 and Nexus Staging Maven uses Guava 31.0.1.

Comment by Alexander Kriegisch [ 04/01/22 ]

A month ago Nicholas Blair said in this comment: Upgrading xstream and guava will be addressed in the next release of the plugin, expected within the next 2 weeks. I'm going to close this issue, NEXUS-31301 and NEXUS-26993 will be open to track those efforts. So may I ask where we are with this and how much longer people deploying to OSSRH and releasing to Maven Central will need to switch to outdated Java versions after their builds and use special Java options just to deploy? This is a big issue, not some small detail or corner case. This affects everyone who wants to deploy to OSSRH, the biggest and most important Maven repository on this planet.

Generated at Mon May 15 05:52:45 UTC 2023 by Alexander Kriegisch using
Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.

NEXUS-27902, click to expand/collapse.

[NEXUS-27902] nexus-staging-maven-plugin not working with java 16 Created: 06/11/21  Updated: 05/10/23
Status:	New
Project:	Sonatype Nexus Repository
Component/s:	staging-maven-plugin
Affects Version/s:	None
Fix Version/s:	None

Type:	Bug	Priority:	Major
Reporter:	Galder Zamarreño	Assignee:	Unassigned
Resolution:	Unresolved	Votes:	14
Labels:	migration-announce, triaged

Issue Links:	Duplicate Relates is related to NEXUS-28982 nexus-staging-maven-plugin fails on J... New is related to NEXUS-27627 Nexus Staging Maven plugin deploys ar... Open
Last Updated By:	Nicholas Blair
Date of First Response:	17/Jun/21 1:04 AM

Description

Seeing "Unable to make field private final java.util.Comparator java.util.TreeMap.comparator accessible: module java.base does not "opens java.util" to unnamed module" error with latest 1.6.8 version:   [INFO] --- nexus-staging-maven-plugin:1.6.8:deploy (injected-nexus-deploy) @ qollider --- 2095[INFO] Performing local staging (local stagingDirectory="/home/runner/work/qollider/qollider/target/nexus-staging/staging")... 2096[INFO] + Using server credentials "ossrh" from Maven settings. 2097[INFO] ------------------------------------------------------------------------ 2098[INFO] BUILD FAILURE 2099[INFO] ------------------------------------------------------------------------ 2100[INFO] Total time: 17.489 s 2101[INFO] Finished at: 2021-06-11T12:55:37Z 2102[INFO] ------------------------------------------------------------------------ 2103Error: Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy (injected-nexus-deploy) on project qollider: Execution injected-nexus-deploy of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy failed: An API incompatibility was encountered while executing org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8:deploy: java.lang.ExceptionInInitializerError: null 2104Error: ----------------------------------------------------- 2105Error: realm = extension>org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8 2106Error: strategy = org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy 2107Error: urls[0] = file:/home/runner/.m2/repository/org/sonatype/plugins/nexus-staging-maven-plugin/1.6.8/nexus-staging-maven-plugin-1.6.8.jar 2108Error: urls[1] = file:/home/runner/.m2/repository/org/sonatype/nexus/maven/nexus-common/1.6.8/nexus-common-1.6.8.jar 2109Error: urls[2] = file:/home/runner/.m2/repository/org/sonatype/plexus/plexus-sec-dispatcher/1.4/plexus-sec-dispatcher-1.4.jar 2110Error: urls[3] = file:/home/runner/.m2/repository/org/sonatype/plexus/plexus-cipher/1.7/plexus-cipher-1.7.jar 2111Error: urls[4] = file:/home/runner/.m2/repository/com/google/guava/guava/14.0.1/guava-14.0.1.jar 2112Error: urls[5] = file:/home/runner/.m2/repository/org/sonatype/nexus/nexus-client-core/2.14.3-02/nexus-client-core-2.14.3-02.jar 2113Error: urls[6] = file:/home/runner/.m2/repository/org/sonatype/nexus/plugins/nexus-restlet1x-model/2.14.3-02/nexus-restlet1x-model-2.14.3-02.jar 2114Error: urls[7] = file:/home/runner/.m2/repository/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar 2115Error: urls[8] = file:/home/runner/.m2/repository/com/intellij/annotations/9.0.4/annotations-9.0.4.jar 2116Error: urls[9] = file:/home/runner/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar 2117Error: urls[10] = file:/home/runner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.7/xstream-1.4.7.jar 2118Error: urls[11] = file:/home/runner/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar 2119Error: urls[12] = file:/home/runner/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar 2120Error: urls[13] = file:/home/runner/.m2/repository/joda-time/joda-time/2.2/joda-time-2.2.jar 2121Error: urls[14] = file:/home/runner/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar 2122Error: urls[15] = file:/home/runner/.m2/repository/commons-beanutils/commons-beanutils-core/1.8.3/commons-beanutils-core-1.8.3.jar 2123Error: urls[16] = file:/home/runner/.m2/repository/org/sonatype/sisu/siesta/siesta-client/1.7/siesta-client-1.7.jar 2124Error: urls[17] = file:/home/runner/.m2/repository/org/sonatype/sisu/siesta/siesta-common/1.7/siesta-common-1.7.jar 2125Error: urls[18] = file:/home/runner/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar 2126Error: urls[19] = file:/home/runner/.m2/repository/com/sun/jersey/jersey-core/1.17.1/jersey-core-1.17.1.jar 2127Error: urls[20] = file:/home/runner/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar 2128Error: urls[21] = file:/home/runner/.m2/repository/com/sun/jersey/jersey-client/1.17.1/jersey-client-1.17.1.jar 2129Error: urls[22] = file:/home/runner/.m2/repository/com/sun/jersey/contribs/jersey-apache-client4/1.17.1/jersey-apache-client4-1.17.1.jar 2130Error: urls[23] = file:/home/runner/.m2/repository/org/sonatype/sisu/siesta/siesta-jackson/1.7/siesta-jackson-1.7.jar 2131Error: urls[24] = file:/home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.3.1/jackson-annotations-2.3.1.jar 2132Error: urls[25] = file:/home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.3.1/jackson-core-2.3.1.jar 2133Error: urls[26] = file:/home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.1/jackson-databind-2.3.1.jar 2134Error: urls[27] = file:/home/runner/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.3.1/jackson-jaxrs-json-provider-2.3.1.jar 2135Error: urls[28] = file:/home/runner/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.3.1/jackson-jaxrs-base-2.3.1.jar 2136Error: urls[29] = file:/home/runner/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.3.1/jackson-module-jaxb-annotations-2.3.1.jar 2137Error: urls[30] = file:/home/runner/.m2/repository/org/apache/httpcomponents/httpclient/4.3.5/httpclient-4.3.5.jar 2138Error: urls[31] = file:/home/runner/.m2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar 2139Error: urls[32] = file:/home/runner/.m2/repository/org/apache/httpcomponents/httpcore/4.3.2/httpcore-4.3.2.jar 2140Error: urls[33] = file:/home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.7/jcl-over-slf4j-1.7.7.jar 2141Error: urls[34] = file:/home/runner/.m2/repository/org/sonatype/spice/zapper/spice-zapper/1.3/spice-zapper-1.3.jar 2142Error: urls[35] = file:/home/runner/.m2/repository/org/fusesource/hawtbuf/hawtbuf-proto/1.9/hawtbuf-proto-1.9.jar 2143Error: urls[36] = file:/home/runner/.m2/repository/org/fusesource/hawtbuf/hawtbuf/1.9/hawtbuf-1.9.jar 2144Error: urls[37] = file:/home/runner/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar 2145Error: urls[38] = file:/home/runner/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.15/plexus-interpolation-1.15.jar 2146Error: urls[39] = file:/home/runner/.m2/repository/ch/qos/logback/logback-core/1.1.2/logback-core-1.1.2.jar 2147Error: urls[40] = file:/home/runner/.m2/repository/ch/qos/logback/logback-classic/1.1.2/logback-classic-1.1.2.jar 2148Error: Number of foreign imports: 1 2149Error: import: Entry[import from realm ClassRealm[maven.api, parent: null]] 2150Error: 2151Error: -----------------------------------------------------: Unable to make field private final java.util.Comparator java.util.TreeMap.comparator accessible: module java.base does not "opens java.util" to unnamed module @70228253 2152Error: -> [Help 1] 2153Error: 2154Error: To see the full stack trace of the errors, re-run Maven with the -e switch. 2155Error: Re-run Maven using the -X switch to enable full debug logging. 2156Error: 2157Error: For more information about the errors and possible solutions, please read the following articles: 2158Error: [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginContainerException 2159Error: Process completed with exit code 1.

Comments

Comment by ted kang [ 08/06/21 ]

I have the same issue. This issue was not occurred when Performing a Snapshot Deployment But issue occurs when Performing a Release Deployment   Environment jdk : oracle64-1.8.0.181   Here is my build failure log realm = extension>org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8 strategy = org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy urls[0] = file:/Users/kakao/.m2/repository/org/sonatype/plugins/nexus-staging-maven-plugin/1.6.8/nexus-staging-maven-plugin-1.6.8.jar urls[1] = file:/Users/kakao/.m2/repository/org/sonatype/nexus/maven/nexus-common/1.6.8/nexus-common-1.6.8.jar urls[2] = file:/Users/kakao/.m2/repository/org/sonatype/plexus/plexus-sec-dispatcher/1.4/plexus-sec-dispatcher-1.4.jar urls[3] = file:/Users/kakao/.m2/repository/org/sonatype/plexus/plexus-cipher/1.7/plexus-cipher-1.7.jar urls[4] = file:/Users/kakao/.m2/repository/com/google/guava/guava/14.0.1/guava-14.0.1.jar urls[5] = file:/Users/kakao/.m2/repository/org/sonatype/nexus/nexus-client-core/2.14.3-02/nexus-client-core-2.14.3-02.jar urls[6] = file:/Users/kakao/.m2/repository/org/sonatype/nexus/plugins/nexus-restlet1x-model/2.14.3-02/nexus-restlet1x-model-2.14.3-02.jar urls[7] = file:/Users/kakao/.m2/repository/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar urls[8] = file:/Users/kakao/.m2/repository/com/intellij/annotations/9.0.4/annotations-9.0.4.jar urls[9] = file:/Users/kakao/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar urls[10] = file:/Users/kakao/.m2/repository/com/thoughtworks/xstream/xstream/1.4.7/xstream-1.4.7.jar urls[11] = file:/Users/kakao/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar urls[12] = file:/Users/kakao/.m2/repository/xpp3/xpp3_min/1.1.4c/xpp3_min-1.1.4c.jar urls[13] = file:/Users/kakao/.m2/repository/joda-time/joda-time/2.2/joda-time-2.2.jar urls[14] = file:/Users/kakao/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar urls[15] = file:/Users/kakao/.m2/repository/commons-beanutils/commons-beanutils-core/1.8.3/commons-beanutils-core-1.8.3.jar urls[16] = file:/Users/kakao/.m2/repository/org/sonatype/sisu/siesta/siesta-client/1.7/siesta-client-1.7.jar urls[17] = file:/Users/kakao/.m2/repository/org/sonatype/sisu/siesta/siesta-common/1.7/siesta-common-1.7.jar urls[18] = file:/Users/kakao/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jar urls[19] = file:/Users/kakao/.m2/repository/com/sun/jersey/jersey-core/1.17.1/jersey-core-1.17.1.jar urls[20] = file:/Users/kakao/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar urls[21] = file:/Users/kakao/.m2/repository/com/sun/jersey/jersey-client/1.17.1/jersey-client-1.17.1.jar urls[22] = file:/Users/kakao/.m2/repository/com/sun/jersey/contribs/jersey-apache-client4/1.17.1/jersey-apache-client4-1.17.1.jar urls[23] = file:/Users/kakao/.m2/repository/org/sonatype/sisu/siesta/siesta-jackson/1.7/siesta-jackson-1.7.jar urls[24] = file:/Users/kakao/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.3.1/jackson-annotations-2.3.1.jar urls[25] = file:/Users/kakao/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.3.1/jackson-core-2.3.1.jar urls[26] = file:/Users/kakao/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.1/jackson-databind-2.3.1.jar urls[27] = file:/Users/kakao/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.3.1/jackson-jaxrs-json-provider-2.3.1.jar urls[28] = file:/Users/kakao/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.3.1/jackson-jaxrs-base-2.3.1.jar urls[29] = file:/Users/kakao/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.3.1/jackson-module-jaxb-annotations-2.3.1.jar urls[30] = file:/Users/kakao/.m2/repository/org/apache/httpcomponents/httpclient/4.3.5/httpclient-4.3.5.jar urls[31] = file:/Users/kakao/.m2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar urls[32] = file:/Users/kakao/.m2/repository/org/apache/httpcomponents/httpcore/4.3.2/httpcore-4.3.2.jar urls[33] = file:/Users/kakao/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.7/jcl-over-slf4j-1.7.7.jar urls[34] = file:/Users/kakao/.m2/repository/org/sonatype/spice/zapper/spice-zapper/1.3/spice-zapper-1.3.jar urls[35] = file:/Users/kakao/.m2/repository/org/fusesource/hawtbuf/hawtbuf-proto/1.9/hawtbuf-proto-1.9.jar urls[36] = file:/Users/kakao/.m2/repository/org/fusesource/hawtbuf/hawtbuf/1.9/hawtbuf-1.9.jar urls[37] = file:/Users/kakao/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar urls[38] = file:/Users/kakao/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.15/plexus-interpolation-1.15.jar urls[39] = file:/Users/kakao/.m2/repository/ch/qos/logback/logback-core/1.1.2/logback-core-1.1.2.jar urls[40] = file:/Users/kakao/.m2/repository/ch/qos/logback/logback-classic/1.1.2/logback-classic-1.1.2.jar Number of foreign imports: 1 import: Entry[import from realm ClassRealm[maven.api, parent: null]]----------------------------------------------------- at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:184) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:78) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:567) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: java.lang.ExceptionInInitializerError at com.thoughtworks.xstream.XStream.setupConverters (XStream.java:807) at com.thoughtworks.xstream.XStream.<init> (XStream.java:574) at com.thoughtworks.xstream.XStream.<init> (XStream.java:496) at com.thoughtworks.xstream.XStream.<init> (XStream.java:465) at com.thoughtworks.xstream.XStream.<init> (XStream.java:411) at com.thoughtworks.xstream.XStream.<init> (XStream.java:378) at org.sonatype.nexus.client.internal.rest.NexusXStreamFactory.createForXml (NexusXStreamFactory.java:34) at org.sonatype.nexus.client.internal.rest.NexusXStreamFactory.createAndConfigureForXml (NexusXStreamFactory.java:54) at org.sonatype.nexus.client.rest.jersey.NexusClientFactoryImpl.createFor (NexusClientFactoryImpl.java:117) at org.sonatype.nexus.maven.staging.remote.RemoteNexus.createNexusClient (RemoteNexus.java:189) at org.sonatype.nexus.maven.staging.remote.RemoteNexus.<init> (RemoteNexus.java:102) at org.sonatype.nexus.maven.staging.deploy.strategy.AbstractStagingDeployStrategy.createRemoteNexus (AbstractStagingDeployStrategy.java:54) at org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.deployPerModule (StagingDeployStrategy.java:70) at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute (DeployMojo.java:192) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:78) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:567) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field private final java.util.Comparator java.util.TreeMap.comparator accessible: module java.base does not "opens java.util" to unnamed module @27aae97b at java.lang.reflect.AccessibleObject.checkCanSetAccessible (AccessibleObject.java:357) at java.lang.reflect.AccessibleObject.checkCanSetAccessible (AccessibleObject.java:297) at java.lang.reflect.Field.checkCanSetAccessible (Field.java:177) at java.lang.reflect.Field.setAccessible (Field.java:171) at com.thoughtworks.xstream.core.util.Fields.locate (Fields.java:39) at com.thoughtworks.xstream.converters.collections.TreeMapConverter.<clinit> (TreeMapConverter.java:50) at com.thoughtworks.xstream.XStream.setupConverters (XStream.java:807) at com.thoughtworks.xstream.XStream.<init> (XStream.java:574) at com.thoughtworks.xstream.XStream.<init> (XStream.java:496) at com.thoughtworks.xstream.XStream.<init> (XStream.java:465) at com.thoughtworks.xstream.XStream.<init> (XStream.java:411) at com.thoughtworks.xstream.XStream.<init> (XStream.java:378) at org.sonatype.nexus.client.internal.rest.NexusXStreamFactory.createForXml (NexusXStreamFactory.java:34) at org.sonatype.nexus.client.internal.rest.NexusXStreamFactory.createAndConfigureForXml (NexusXStreamFactory.java:54) at org.sonatype.nexus.client.rest.jersey.NexusClientFactoryImpl.createFor (NexusClientFactoryImpl.java:117) at org.sonatype.nexus.maven.staging.remote.RemoteNexus.createNexusClient (RemoteNexus.java:189) at org.sonatype.nexus.maven.staging.remote.RemoteNexus.<init> (RemoteNexus.java:102) at org.sonatype.nexus.maven.staging.deploy.strategy.AbstractStagingDeployStrategy.createRemoteNexus (AbstractStagingDeployStrategy.java:54) at org.sonatype.nexus.maven.staging.deploy.strategy.StagingDeployStrategy.deployPerModule (StagingDeployStrategy.java:70) at org.sonatype.nexus.maven.staging.deploy.DeployMojo.execute (DeployMojo.java:192) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:78) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:567) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)

Comment by Niklas Fischer [ 09/06/21 ]

for a temporary workaround, set the environment variable`JDK_JAVA_OPTIONS` to `--illegal-access=warn` ``` export JDK_JAVA_OPTIONS='--illegal-access=warn' mvn release:perform ```

Comment by Thomas Scheffler [ 09/29/21 ]

The temporary workaround does only work with Java 16. Java 17 needs a fix for this.

Comment by ben.song [ 09/29/21 ]

Works: `maven -v` Apache Maven 3.8.2 (ea98e05a04480131370aa0c110b8c54cf726c06f) Maven home: /usr/local/Cellar/maven/3.8.2/libexec Java version: 11.0.12, vendor: Homebrew, runtime: /usr/local/Cellar/openjdk@11/11.0.12/libexec/openjdk.jdk/Contents/Home Default locale: zh_CN_#Hans, platform encoding: UTF-8 OS name: "mac os x", version: "10.15.7", arch: "x86_64", family: "mac"

Comment by Galder Zamarreño [ 10/07/21 ]

@ben.song works what? Your output shows you're using Java 11, which is not what this issue is about. If you try to run Maven with Java 16 the plugin doesn't work.

Comment by Peter Verhas [ 10/14/21 ]

I ran into this with Java 17 today.

Comment by Galder Zamarreño [ 10/14/21 ]

I see xstream master still has the same code: https://github.com/x-stream/xstream/blob/master/xstream/src/java/com/thoughtworks/xstream/core/util/Fields.java#L40, so maybe the only way around this is to go and set up Maven toolchains. It's Ok locally but then you'd have to also adjust CI, e.g. https://blog.bmarwell.de/en/testing-maven-with-toolchain-and-github-actions Not ideal :\

Comment by Galder Zamarreño [ 10/15/21 ]

One other potential option for Java 17, as hinted in x-stream/xstream#262 (comment) might be to do: export JDK_JAVA_OPTIONS='--add-opens java.base/java.util=ALL-UNNAMED' I have not tried this yet...

Comment by Philip Graf [ 10/30/21 ]

Setting JDK_JAVA_OPTIONS to the following value worked for me when releasing with Java 17: export JDK_JAVA_OPTIONS='--add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED'

Comment by Mark Raynsford [ 11/02/21 ]

Just another "me too": I've run into this on JDK 17 whilst attempting to migrate ~80 or so projects to Java 17.

Comment by Stefano Cordio [ 04/22/22 ]

This seems to be fixed with nexus-staging-maven-plugin:1.6.13, I just completed a release without workarounds on Azul Zulu 17.

Comment by Alexander Kriegisch [ 08/17/22 ]

No, it does not work properly, like I said in this NEXUS-31214 comment already. Quoting myself: Without MAVEN_OPTS=--add-opens=java.base/java.util=ALL-UNNAMED, I get the good old: [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release (default-cli) on project aspectj-maven-plugin: Execution default-cli of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release failed: No converter available [ERROR] ---- Debugging information ---- [ERROR] message : No converter available [ERROR] type : java.util.Arrays$ArrayList [ERROR] converter : com.thoughtworks.xstream.converters.reflection.ReflectionConverter [ERROR] message[1] : Unable to make field protected transient int java.util.AbstractList.modCount accessible: module java.base does not "opens java.util" to unnamed module @2924f1d8

Generated at Mon May 15 05:53:22 UTC 2023 by Alexander Kriegisch using
Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.

NEXUS-31214, click to expand/collapse.

[NEXUS-31214] Problems in Nexus Staging Maven Plugin 1.6.10 Created: 02/14/22  Updated: 03/29/23  Resolved: 02/28/22
Status:	Closed
Project:	Sonatype Nexus Repository
Component/s:	staging-maven-plugin
Affects Version/s:	None
Fix Version/s:	None

Type:	Bug	Priority:	Blocker
Reporter:	Alexander Kriegisch	Assignee:	Nicholas Blair
Resolution:	Fixed	Votes:	8
Labels:	PO-approved, regression, supportant
Remaining Estimate:	Not Specified
Time Spent:	Not Specified
Original Estimate:	Not Specified

Issue Links:	Relates relates NEXUS-31221 nexus-m2settings-maven-plugin:1.6.10 ... New is related to NEXUS-26993 Nexus-Staging-Maven-Plugin illegal re... New is related to NEXUS-31301 Deprecated method call used in nexus-... New is related to NEXUS-31211 Version 1.6.9 triggers exception: "co... Closed
Last Updated By:	Alexandre Santos
Date of First Response:	14/Feb/22 12:37 PM
Story Points:	2
Team:	NXRM - Optimus
Sprint:	NXRM Immortals Sprint 29
Notability:	2
Aha Concept:	non-concept
Impact:	2

Description

After the Jackson problems in 1.6.9 were fixed in 1.6.10, I still cannot use the plugin: $ mvn -DskipTests -P release-sign-artifacts nexus-staging:rc-list [INFO] --- nexus-staging-maven-plugin:1.6.10:rc-list (default-cli) @ aspectj-maven-plugin --- [INFO] + Using server credentials "ossrh" from Maven settings. [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 13.952 s [INFO] Finished at: 2022-02-14T08:32:36+07:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.10:rc-list (default-cli) on project aspectj-maven-plugin: Nexus connection problem: Nexus connection problem to URL [https://s01.oss.sonatype.org/ ]: XPP3 pull parser library not present. Specify another driver. For example: new XStream(new DomDriver()): org.xmlpull.mxp1.MXParser -> [Help 1] To me it looks as if nobody tests the plugin before releasing it. I might be wrong of course, but how can problems like in 1.6.9 and 1.6.10 stay undetected? If you look into XStream 1.4.19's POM, you see <dependency> <groupId>xpp3</groupId> <artifactId>xpp3_min</artifactId> <optional>true</optional> </dependency> If Nexus Staging Maven Plugin actively uses the optional XPP3, it should declare it as a dependency. In the XStream parent POM, you see the version used: <version.xpp3>1.1.4c</version.xpp3> But even if I add XPP version as a plugin dependency, the next problem occurs: $ mvn -e -DskipTests -P release-sign-artifacts nexus-staging:rc-list [INFO] --- nexus-staging-maven-plugin:1.6.10:rc-list (default-cli) @ aspectj-maven-plugin --- [INFO] + Using server credentials "ossrh" from Maven settings. [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 6.393 s [INFO] Finished at: 2022-02-14T09:10:18+07:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.10:rc-list (default-cli) on project aspectj-maven-plugin: Nexus connection problem: Nexus connection problem to URL [https://s01.oss.sonatype.org/ ]: org.sonatype.nexus.rest.model.StatusResourceResponse -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.10:rc-list (default-cli) on project aspectj-maven-plugin: Nexus connection problem: Nexus connection problem to URL [https://s01.oss.sonatype.org/ ]: org.sonatype.nexus.rest.model.StatusResourceResponse at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:972) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:568) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: org.apache.maven.plugin.MojoExecutionException: Nexus connection problem: Nexus connection problem to URL [https://s01.oss.sonatype.org/ ]: org.sonatype.nexus.rest.model.StatusResourceResponse at org.sonatype.nexus.maven.staging.workflow.AbstractStagingActionMojo.createStagingWorkflowService (AbstractStagingActionMojo.java:97) at org.sonatype.nexus.maven.staging.workflow.AbstractStagingActionMojo.execute (AbstractStagingActionMojo.java:52) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:972) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:568) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: java.lang.IllegalArgumentException: Nexus connection problem to URL [https://s01.oss.sonatype.org/ ]: org.sonatype.nexus.rest.model.StatusResourceResponse at org.sonatype.nexus.maven.staging.remote.RemoteNexus.createNexusClient (RemoteNexus.java:207) at org.sonatype.nexus.maven.staging.remote.RemoteNexus.<init> (RemoteNexus.java:102) at org.sonatype.nexus.maven.staging.workflow.AbstractStagingActionMojo.createStagingWorkflowService (AbstractStagingActionMojo.java:93) at org.sonatype.nexus.maven.staging.workflow.AbstractStagingActionMojo.execute (AbstractStagingActionMojo.java:52) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:972) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:568) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: org.sonatype.nexus.rest.model.StatusResourceResponse at com.thoughtworks.xstream.security.NoTypePermission.allows (NoTypePermission.java:26) at com.thoughtworks.xstream.mapper.SecurityMapper.realClass (SecurityMapper.java:74) at com.thoughtworks.xstream.mapper.MapperWrapper.realClass (MapperWrapper.java:125) at com.thoughtworks.xstream.mapper.CachingMapper.realClass (CachingMapper.java:47) at com.thoughtworks.xstream.core.util.HierarchicalStreams.readClassType (HierarchicalStreams.java:29) at com.thoughtworks.xstream.core.TreeUnmarshaller.start (TreeUnmarshaller.java:135) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal (AbstractTreeMarshallingStrategy.java:32) at com.thoughtworks.xstream.XStream.unmarshal (XStream.java:1421) at com.thoughtworks.xstream.XStream.unmarshal (XStream.java:1399) at com.thoughtworks.xstream.XStream.fromXML (XStream.java:1284) at org.sonatype.nexus.client.internal.rest.XStreamXmlProvider.readFrom (XStreamXmlProvider.java:83) at com.sun.jersey.api.client.ClientResponse.getEntity (ClientResponse.java:565) at com.sun.jersey.api.client.ClientResponse.getEntity (ClientResponse.java:517) at com.sun.jersey.api.client.WebResource.handle (WebResource.java:684) at com.sun.jersey.api.client.WebResource.access$200 (WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.get (WebResource.java:507) at org.sonatype.nexus.client.rest.jersey.JerseyNexusClient.getStatus (JerseyNexusClient.java:147) at org.sonatype.nexus.client.internal.rest.AbstractNexusClient.initializeConnection (AbstractNexusClient.java:86) at org.sonatype.nexus.client.rest.jersey.JerseyNexusClient.<init> (JerseyNexusClient.java:90) at org.sonatype.nexus.client.rest.jersey.NexusClientFactoryImpl.createFor (NexusClientFactoryImpl.java:125) at org.sonatype.nexus.maven.staging.remote.RemoteNexus.createNexusClient (RemoteNexus.java:193) at org.sonatype.nexus.maven.staging.remote.RemoteNexus.<init> (RemoteNexus.java:102) at org.sonatype.nexus.maven.staging.workflow.AbstractStagingActionMojo.createStagingWorkflowService (AbstractStagingActionMojo.java:93) at org.sonatype.nexus.maven.staging.workflow.AbstractStagingActionMojo.execute (AbstractStagingActionMojo.java:52) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:972) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293) at org.apache.maven.cli.MavenCli.main (MavenCli.java:196) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:568) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) I have no idea why it cannot connect. The web UI on that URL is available, I can log in normally. Reverting to 1.6.8 with an explicit XStream 1.4.15 plugin dependency also makes it work again. So it is not anything like a temporary server problem. Probably as a plugin maintainer you know better what an XStream ForbiddenClassException means, but I guess you need to add at least org.sonatype.nexus.rest.model.StatusResourceResponse to the list of permitted classes, maybe several more if you want to cover all plugin goals.

Comments

Comment by Gili Tzabari [ 02/14/22 ]

Sonatype team, please see https://stackoverflow.com/questions/30812293/com-thoughtworks-xstream-security-forbiddenclassexception/67288175#67288175 for how to fix the ForbiddenClassException in the plugin.

Comment by Alexander Kriegisch [ 02/15/22 ]

Stack Overflow is nice, but there is also the official XStream security framework documentation.

Comment by Nicholas Blair [ 02/15/22 ]

Version 1.6.11 is now available and addresses the issues reported with the nexus-staging:rc-list command.

Comment by Vincent A Cicirello [ 02/15/22 ]

Version 1.6.11 fails with a different error: Error: Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.11:deploy (injected-nexus-deploy) on project jpt: Execution injected-nexus-deploy of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.11:deploy failed: An API incompatibility was encountered while executing org.sonatype.plugins:nexus-staging-maven-plugin:1.6.11:deploy: java.lang.IllegalAccessError: class com.sonatype.nexus.staging.client.internal.StagingWorkflowV3ServiceImpl tried to access method 'void com.google.common.base.Stopwatch.<init>()' (com.sonatype.nexus.staging.client.internal.StagingWorkflowV3ServiceImpl and com.google.common.base.Stopwatch are in unnamed module of loader org.codehaus.plexus.classworlds.realm.ClassRealm @4012d5bc)

Comment by David Pilato [ 02/16/22 ]

I'm seeing the same problem as Vincent.  It fails with Java 17 FWIW.

Comment by Vincent A Cicirello [ 02/16/22 ]

I meant to include in my prior comment that this was with Java 11. Also, in case it's helpful, here's the behavior I've seen with the most recent few versions: 1.6.8: Most recent version that successfully deploys for me. 1.6.9: No error messages locally, but I've had to log into oss.sonatype.org to manually close and release staging repositories. 1.6.10: Locally, during deploy, I get the same error as Alexander reported for an rc-list, and nothing gets to staging (so worse than 1.6.9). 1.6.11: Locally, during deploy, I get the error message in my previous comment. However, in some sense there is improvement over 1.6.9 and 1.6.10 in that if I log into oss.sonatype.org, the staging repository was closed already, but not released.

Comment by Gili Tzabari [ 02/16/22 ]

The error that Vincent mentioned is very worrisome. First, I'm surprised to see JPMS-related errors coming out of a Maven plugin. Second, I tried adding JPMS support to my own Maven plugin a few years back and discovered that (at the time) it was technically impossible to do so. Maven plugins must run on the classpath, end of story. The Maven committers were aware of this limitation and had no plans to fix it (cost/benefit was too high). So first question: what is on the module path that we're suddenly getting JPMS errors? (I haven't had time to reproduce this locally yet. I'm super busy at work. Sorry)

Comment by Nicholas Blair [ 02/16/22 ]

I appreciate the patience from everyone while we try to sort this out. It's evident a fair bit of technical debt has accrued with this plugin that we hadn't accounted for.  At this time, it's best to avoid 1.6.9/1.6.10/1.6.11 releases of the plugin. We are triaging this internally and will see it through to completion. I can't provide an ETA on completion date until we dive deeper.

Comment by Roberto Gentili [ 02/18/22 ]

I'm seeing the same problem as Vincent and David with the version 1.6.11 and Java 17, but I have a suggestion for plugin developers which can help to solve the illegal access issue: take a look here on how to export all modules at runtime without any jvm parameters

Comment by Rich Seddon [ 02/22/22 ]

I opened an issue here specifically for the StopWatch() issue:  NEXUS-31301

Comment by Lenny Primak [ 02/26/22 ]

I just tried to release with the release plugin version 1.6.12 and it works without any workarounds. Good progress.

Comment by Alexander Kriegisch [ 02/26/22 ]

Thanks for the notification. I had not even noticed that there has been a new release for 3 days already. I wonder why no developer updated the relevant issues here and on GitHub in order to notify users and ask them to re-test. Talking about re-testing: One of the plugin goals that failed for me on JDK 16+ despite making others work with extra plugin dependencies and system properties on the command line, was rc-release. I have a habit of deploying without automatic release and then decide to release manually. The thing is, I am only deploying to Sonatype OSSRH, which means that as soon as I release, my test artifact will be on Maven Central forever, even though I just want to test something with a fake release version. Does anybody here happen to know if I can somehow manually delete a released artifact from Central again when I am logged into Nexus with my account qualified for deploying and releasing under the corresponding group ID? I somehow want to test this without forcing some dummy release on one of my OSS artifacts, confusing users.

Comment by Alexander Kriegisch [ 02/26/22 ]

Lenny Primak, I also cannot confirm that you said it works without workarounds. The stopwatch issue NEXUS-31301 still occurs on 1.6.12, I tried on JDK 17. So I am still stuck on 1.6.8 with workarounds. I do not know what you tried, but it must have been different from my use case with mvn deploy. If I deactivate the <extensions>true</extensions> option, I can deploy, but then next when using goal rc-list, the stopwatch error occurs again. So avoiding certain plugin options is not a solution. The problem must be solved at the root cause.

Comment by Lenny Primak [ 02/26/22 ]

As I said above, I only tested releasing with the maven release plugin which uses staging plugin. That works with no workarounds on Java 17.  the rest of the functionality I did not test.

Comment by Nicholas Blair [ 02/28/22 ]

Apologies for not relaying the information here; yes release 1.6.12 addresses the original reported issue by reverting both xstream (sonatype/nexus-maven-plugins#99 and guava (https://github.com/sonatype/nexus-maven-plugins/pull/100). Upgrading xstream and guava will be addressed in the next release of the plugin, expected within the next 2 weeks. I'm going to close this issue, NEXUS-31301 and NEXUS-26993 will be open to track those efforts.

Comment by Robert von Burg [ 08/17/22 ]

We are now in September, 7 months later. What is the status? I can't deploy to Maven due to this issue...

Comment by Gili Tzabari [ 08/17/22 ]

Robert, Though I have not seen any updates in JIRA, I tried the latest version (1.6.13) and it works perfectly for me on JDK 18. Give it a try and let us know if it works. (I am not affiliated with Sonatype)

Comment by Alexander Kriegisch [ 08/17/22 ]

Gili, Robert, sorry to disappoint you, but 1.6.13 does not work in all cases, see my old comment here. Maybe the goals you use happen to work, but mine do not.

Comment by Robert von Burg [ 08/17/22 ]

Hi Gili, Hi Alexander. I couldn't switch to JDK 11, as my code is JDK17. But i did manage to get it working, by setting the following environment variable: MAVEN_OPTS=--add-opens=java.base/java.util=ALL-UNNAMED

Comment by Alexander Kriegisch [ 08/17/22 ]

That is a workaround, not a solution. Unfortunately, it worked when I just wanted to test if it would, and I released an artifact to Central a minute ago which should never have been released. I thought that I could interrupt with Ctrl-C while waiting for the process to complete. But after I interrupted rc-release locally, the artifact was still released. Sorry for the off-topic question, but is there any way to ask Sonatype to remove the artifact? It was just a random developer version, but unfortunately of a popular Maven plugin, because OSSRH is the only "test system" I have for the old Nexus version.

Comment by Gili Tzabari [ 08/17/22 ]

Hi Alex, What output do you get for rc-release on version 1.6.13 with JDK 18? You are right that I did not test rc-release, but rc-open, rc-drop, and rc-close all work fine for me. Do any of them fail on your end?

Comment by Alexander Kriegisch [ 08/17/22 ]

Well, without MAVEN_OPTS=--add-opens=java.base/java.util=ALL-UNNAMED, I get the good old: [ERROR] Failed to execute goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release (default-cli) on project aspectj-maven-plugin: Execution default-cli of goal org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13:rc-release failed: No converter available [ERROR] ---- Debugging information ---- [ERROR] message : No converter available [ERROR] type : java.util.Arrays$ArrayList [ERROR] converter : com.thoughtworks.xstream.converters.reflection.ReflectionConverter [ERROR] message[1] : Unable to make field protected transient int java.util.AbstractList.modCount accessible: module java.base does not "opens java.util" to unnamed module @2924f1d8

Comment by Robert von Burg [ 08/17/22 ]

Hello Alexander, yes, that is the error i got as well, which is why i now use the add-opens. It would be great if there would be a proper solution though.

Comment by Gili Tzabari [ 08/17/22 ]

I agree. This is a legitimate bug. It seems to be covered by https://issues.sonatype.org/browse/NEXUS-26993. Can we please move the conversation over there? I doubt anyone from Sonatype will respond to a closed issue.

Comment by Alexander Kriegisch [ 08/17/22 ]

Gili, I commented in that issue long ago already. The thing is that instead of really fixing this issue, about half a dozen bugs have been created for each baby step of fixing this. Instead of prematurely closing bugs which are not really resolved, Sonatype should keep the original one open, collect all the comments there for reference, and quickly close duplicates. Instead, we have a chaotic situation with this bunch of bugs I am tracking in order to be able to respond wherever there is traffic.

Generated at Mon May 15 06:20:20 UTC 2023 by Alexander Kriegisch using
Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.

[lprimak]

Just FYI due to this and many other reasons I stopped using the staging plugin.
the regular deploy plugin works with central and the rest of functionality can be done with the following script: https://github.com/lprimak/infra/blob/main/scripts/nexus/maven-central-release.sh

[kriegaex]

@lprimak, while this is nice, it also requires infrastructure, e.g. on Windows probably something like Git Bash. Usually, this is not what my IDE uses. Furthermore, even though this approach might work, it speaks volumes that Maven Central users start creating shell scripts using curl, because they cannot use the Maven plugin produced by the same company producing Nexus, which is used to host Maven Central.

[michael-o]

NO ONE NEEDS THIS PLUGIN, SERIOUSLY. The regular Maven Deploy Plugin does the required job.

[kriegaex]

@michael-o, of course the plugin is not needed for the deployment as such. But it facilitates closing and releasing the staging repository as well, which I like as a feature. I do not like to either call curl or log into the Nexus GUI in order to do so. The nice thing about this plugin is that it enables users to do everything from within Maven. I use it for all my OSS projects.

Therefore, I am pushing this issue. Nexus Staging Maven Plugin's right to exist - adding the value I described above - should be justified by making it work on current JDKs.

[michael-o]

@michael-o, of course the plugin is not needed for the deployment as such. But it facilitates closing and releasing the staging repository as well, which I like as a feature. I do not like to either call curl or log into the Nexus GUI in order to do so. The nice thing about this plugin is that it enables users to do everything from within Maven. I use it for all my OSS projects.

Therefore, I am pushing this issue. Nexus Staging Maven Plugin's right to exist - adding the value I described above - should be justified by making it work on current JDKs.

So what you rather need is a post-deploy close and release process, right?

[kriegaex]

Sure, @michael-o. This is also described in the issues I linked to. E.g., expand NEXUS-31214 from my post above and scroll to the end of the description. There you will see that it is e.g. about the rc-release goal. This plugin does not want to steal any fame from Maven Deploy, it is meant to add value when releasing something on Maven Central, which it does.

[michael-o]

Sure, @michael-o. This is also described in the issues I linked to. E.g., expand NEXUS-31214 from my post above and scroll to the end of the description. There you will see that it is e.g. about the rc-release goal. This plugin does not want to steal any fame from Maven Deploy, it is meant to add value when releasing something on Maven Central, which it does.

Though, I still don't understand why it is so hard to log in into Nexus UI and perform these two steps...

[lprimak]

@michael-o the whole point of automation is to automate the whole process. I want a complete release in one click and one UI is Jenkins is it for me. I don’t want to log into Jenkins and then check if it built and wait and then log onto nexus then find the appropriate repo then more clicks.

You see where I am going? :)
Automation is key.

[michael-o]

@michael-o the whole point of automation is to automate the whole process. I want a complete release in one click and one UI is Jenkins is it for me. I don’t want to log into Jenkins and then check if it built and wait and then log onto nexus then find the appropriate repo then more clicks.

You see where I am going? :) Automation is key.

Yes, but the example was Maven Central and for that, I consider it irrelevant, IMHO. Since you have Nexus Pro with staging capabalilites, I guess you should reach out to support, no?

[lprimak]

No I have an OSS project in central. I still want to automate it just the same.

[kriegaex]

Though, I still don't understand why it is so hard to log in into Nexus UI and perform these two steps...

It is not hard, just tedious and requiring extra manual steps, which kind of defeats the idea of an automated build pipeline or at least a build tool called from the console or an IDE. That you of all people don't get that as someone contributing to so many Maven plugins, is a mystery to me.

It is not hard to call javac or javadoc or a jar tool from the console either. So why use Maven in the first place? 😉

[michael-o]

Though, I still don't understand why it is so hard to log in into Nexus UI and perform these two steps...

It is not hard, just tedious and requiring extra manual steps, which kind of defeats the idea of an automated build pipeline or at least a build tool called from the console or an IDE. That you of all people don't get that as someone contributing to so many Maven plugins, is a mystery to me.

It is not hard to call javac or javadoc or a jar tool from the console either. So why use Maven in the first place? 😉

If I'd get paid to use javac(1), I would.

[kriegaex]

If I'd get paid to use javac(1), I would.

Is that so? Then, good for you.

As for myself: Firstly, I don't get paid for OSS development. Secondly, even if that was the case, I would try to automate, automate, automate, because that is what smart developers do and get paid for. Remember the "e" words, efficiency and effectiveness?

Last but not least, I don't believe what you just wrote, and I would be very surprised if you believed it yourself. You are far too smart and hardly jaded enough to make your own life as a developer more complicated than necessary, even if someone would pay you to be a stupid robot. It would just not be you, Michael.

[lprimak]

Also the person authorized to kick off releases may not be authorized for the sonatype UI, so sharing credentials could be a big barrier.

[nblair]

I've invited @kishlaynikesh, a Product Manager for the Maven Central Publisher experience, to comment on the future for publishing to Maven Central.

[lprimak]

thank oyou!

[kishlaynikesh]

From Maven Central standpoint, nexus-staging-maven-plugin will not be needed once the new publisher staging workflow is made available by early July timeframe. However, it can still be used by a Nxrm2 user locally, but not useful for anything central publishing related. Hope this helps with better clarity.

[lprimak]

Thanks for the info.
Do you have any design goal / document so the community can prepare for this?
Is it CLI, new Rest service, is anything in NXRM itself changes? Any incompatibilities with current workflow?

[kriegaex]

Hope this helps with better clarity.

@kishlaynikesh: Actually, no. I understand that the Maven plugin will no longer be needed, but you did not give any description of how else I would be able to perform steps of the staging workflow from Maven (other users might be more interested in Gradle, but I am being egoistic here, focusing on Maven). A sneak peek would be helpful, just like @lprimak said.

[kishlaynikesh]

High level change summary:
There will be a new Maven plugin launched along with the new Staging workflow. Users can interface with the REST service directly or utilize the Maven plugin for ease. Documentation will also be made available for both paths.

User Migration to new workflow:
We will be inviting the existing users to migrate to take advantage of the new plugin and the new workflow once it is released. Current workflow/service will then remain active for a limited time to allow everyone to make/test required changes with the new user interface and APIs.

[lprimak]

Thanks!

So the question becomes "is the current NXRM rest service going away?"
i.e. is NXRM changing in an incompatible way?

What is the new maven plugin going to look like? i.e. can I release a all open repos belonging to a profile?

[kishlaynikesh]

@lprimak Nexus Repository 2 instance(used for content publishing on Maven Central) is to be decommissioned. The new publisher interface isn’t going to be a Nexus Repository instance.

Regarding the requirement “release all open repos belonging to a profile using the new Maven plugin” is under design/development. We can confirm near to the release date if that will also be available with the launch version.

[nblair]

Thank you @kishlaynikesh and the community for joining in the conversation! So to summarize, Sonatype will be offering new capabilities to publish to Maven Central this year.

I intend to close this ticket as "not planned."

[cowwoc]

Be sure to let us know (comment on this issue) once the new offering comes out. Thank you.

[sebhoss]

@kishlaynikesh @nblair did something change here? The guide at https://central.sonatype.org/publish/publish-maven/ still recommends the staging plugin

[nblair]

It looks like we dropped the ball on updating this thread. Yes, that link still points to the older form of publishing to maven central. There is a new process that should be leveraged instead. Starting with https://central.sonatype.org/register/central-portal/ to register, then https://central.sonatype.org/publish/publish-portal-maven/ provides documentation on a new plugin to use instead.

[sebhoss]

ooh nice - thanks a lot!

[kriegaex]

Yes, that link still points to the older form of publishing to maven central. There is a new process that should be leveraged instead.

What you call "older" is still the current standard process, if I understand the docs correctly. Given the fact, that I cannot log into the new portal with my Nexus credentials, it also means that I cannot use the future process and new Maven plugin yet without redundantly re-registering, which I will not do. The new way of publishing is also still called "early access", i.e. for now 95% of existing users still have to deal with the Nexus Staging Maven Plugin (or an equivalent Gradle plugin, if any), unless of course they abandon that plugin and use Maven Deploy and then promote the deployed artifacts manually via Nexus.

Update: Checking the old issues in #110 (comment) again, it is going on 3 years now that the plugin issues with more recent JDKs have been unresolved. The first of those 4 issues is from 2021-03-10. Add on top the time from early access to general availability of the new process, and you get the picture of customer experience for the developer community using Maven Central. Sorry to complain (again), but this is unacceptable.

[jodastephen]

Downgrading xstream within the nexus plugin allowed a release to complete while running Maven on Java SE 21 in Circle CI:

          <plugin>
            <groupId>org.sonatype.plugins</groupId>
            <artifactId>nexus-staging-maven-plugin</artifactId>
            <version>1.6.8</version>
            <extensions>true</extensions>
            <dependencies>
              <dependency>
                <groupId>com.thoughtworks.xstream</groupId>
                <artifactId>xstream</artifactId>
                <version>1.4.15</version>
              </dependency>
            </dependencies>
          </plugin>

[cowwoc]

For what it's worth, I ended up migrating off nexus-staging-maven-plugin and my headaches went away :)

My deployment requirements are more complex than most projects in that I need to upload native binaries from different computers into the same staging environment before cutting a release. The maven-deploy-plugin doesn't handle this out of the box so I had to use curl and the Nexus REST API to fill in the gaps.

Anyone who is interested in doing the same, see https://github.com/cowwoc/requirements.java/blob/master/.github/workflows/deploy_to_maven_central.yml and https://github.com/cowwoc/requirements.java/blob/master/pom.xml. Feel free to ask me any questions that you might have.