Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63269

Jenkins WAR should not bundle JUnit and Hamcrest libraries

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      jenkins-2.253

      Description

      While working on Jenkinsfile Runner, I have noticed that the Jenkins Core includes JUnit JAR and Hamcrest JARs as transitive dependencies. Looks like it was my mistake in 2017 when I was working on a custom patch for commons-httpclient with vulnerability fix backports. It leads to 350KB of extra libraries, and, which is worse, potentially messes up the classpaths for testing environments and plugins

      Dependency tree:

       [INFO] +- io.jenkins.jenkinsfile-runner:setup:jar:1.0-beta-16-SNAPSHOT:compile
      [INFO] | +- org.jenkins-ci.main:jenkins-core:jar:2.246:compile
      [INFO] | | +- org.jenkins-ci.plugins.icon-shim:icon-set:jar:1.0.5:compile
      [INFO] | | +- org.jenkins-ci.main:remoting:jar:4.5:compile
      ...
      [INFO] | | +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:compile
      [INFO] | | | \- net.sf.ezmorph:ezmorph:jar:1.0.6:compile
      [INFO] | | +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:compile
      [INFO] | | | \- junit:junit:jar:4.13:compile
      [INFO] | | | \- org.hamcrest:hamcrest-core:jar:1.3:compile

      Screenshot of a jenkins.war:

        Attachments

          Activity

          oleg_nenashev Oleg Nenashev created issue -
          oleg_nenashev Oleg Nenashev made changes -
          Field Original Value New Value
          Component/s core [ 15593 ]
          Component/s core [ 21134 ]
          Key INFRA-2696 JENKINS-63269
          Workflow classic default workflow [ 245332 ] JNJira + In-Review [ 245333 ]
          Project Infrastructure [ 10301 ] Jenkins [ 10172 ]
          oleg_nenashev Oleg Nenashev made changes -
          Summary Jenkins WAr bundles JUnit and Hamcrest Jenkins WAR should not bundle JUnit and Hamcrest libraries
          oleg_nenashev Oleg Nenashev made changes -
          Assignee Oleg Nenashev [ oleg_nenashev ]
          oleg_nenashev Oleg Nenashev made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          oleg_nenashev Oleg Nenashev made changes -
          Remote Link This issue links to "https://github.com/jenkinsci/lib-commons-httpclient/pull/2 (Web Link)" [ 25408 ]
          timja Tim Jacomb made changes -
          Status In Progress [ 3 ] In Review [ 10005 ]
          danielbeck Daniel Beck made changes -
          Released As jenkins-2.253
          Resolution Fixed [ 1 ]
          Status In Review [ 10005 ] Resolved [ 5 ]

            People

            Assignee:
            oleg_nenashev Oleg Nenashev
            Reporter:
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: