-
Bug
-
Resolution: Unresolved
-
Major
-
None
The Apache Commons HttpClient has been deprecated for a while and removed from Jenkins. See e.g. [this ticket](https://issues.jenkins.io/browse/JENKINS-69990?jql=project%20%3D%20JENKINS%20AND%20component%20%3D%20checkmarx-plugin) for a similar issue with another plug-in.
Due to this, notifications back to Phabricator/Phorge now fail with the following Exception:
java.lang.ClassNotFoundException: org.apache.commons.httpclient.HttpMethod at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:476) at jenkins.util.URLClassLoader2.findClass(URLClassLoader2.java:35) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) Caused: java.lang.NoClassDefFoundError: org/apache/commons/httpclient/HttpMethod at com.uber.jenkins.phabricator.PhabricatorNotifier.getUberallsClient(PhabricatorNotifier.java:303) at com.uber.jenkins.phabricator.PhabricatorNotifier.perform(PhabricatorNotifier.java:136) at jenkins.tasks.SimpleBuildStep.perform(SimpleBuildStep.java:123) at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:101) at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:71) at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829)
E.g. in such a step:
post {
always {
script {
step([$class: 'PhabricatorNotifier', commentOnSuccess: false, commentWithConsoleLinkOnFailure: true])
}
}
}
A plug-in exists for version 3.x of httpclient, but not for the version 4.x used by this plug-in.
Additional resources that may be of interest:
[JENKINS-70253] Plug-in still depends on deprecated (and removed) Apache Commons HttpClient
David Raison
added a comment - ai the ticket must have been auto-assigned. Note that I also opened a ticket over at the Uber github account and a question at we.phorge.it.
David Raison
added a comment - ai the ticket must have been auto-assigned. Note that I also opened a ticket over at the Uber github account and a question at we.phorge.it . ai if you would prefer, we can configure Jira so that it does not automatically assign new Phabricator plugin issues to you. Reply in this issue if that is what you prefer.
Aiden Scandella
added a comment - Hi Mark,
That would be great, as I don't have maintainer permissions on this repository anymore so I couldn't help with any issues.
Thanks,
Aiden
Aiden Scandella
added a comment - Hi Mark,
That would be great, as I don't have maintainer permissions on this repository anymore so I couldn't help with any issues.
Thanks,
Aiden Done ai. I also removed you as the assignee on other open issues with the phabricator plugin. I suspect that a person using the plugin will need to adopt it if they want this fixed. See the "Adopt a plugin" instructions and the "Improve a plugin" tutorial.
Valerio
added a comment - Just to recap, somebody is needed to do one of these things on the Jenkins plugin:
- update the plugin to use Commons HttpClient 3.x to the Apache HttpComponents Client 4.x API plugin
- update the plugin to use Java 11 native HTTP client
- declare an explicit dependency on the Commons HttpClient 3.x API plugin.
If I understand correctly, this is the repository:
Valerio
added a comment - Just to recap, somebody is needed to do one of these things on the Jenkins plugin:
update the plugin to use Commons HttpClient 3.x to the Apache HttpComponents Client 4.x API plugin
update the plugin to use Java 11 native HTTP client
declare an explicit dependency on the Commons HttpClient 3.x API plugin.
If I understand correctly, this is the repository:
https://github.com/jenkinsci/phabricator-plugin bozzy you've correctly listed the options. Are you interested in doing one or more of those actions?
The "Adopt a plugin" instructions and the "Improve a plugin" tutorial will guide you on those steps.
Ling
added a comment - There is already a fix merged in upstream (#356) but no one got a chance or knew how to publish a new release (#358). Can somebody familiar with the process help to publish a new release?
Ling
added a comment - There is already a fix merged in upstream ( #356 ) but no one got a chance or knew how to publish a new release ( #358 ). Can somebody familiar with the process help to publish a new release? derkuci the options are listed in the earlier comment by bozzy. You can take any one of those actions to resolve the issue. Asking others to maintain a plugin that matters to you is rarely successful. If it matters to you, adopt it, fix the security vulnerability, merge the change to the Jenkins repository, and publish the release.
Ling
added a comment - In general I agree with you, and I do contribute to open source in various ways, but this logic doesn't really cover all cases. In this particular case, I don't know Java, and we don't use Java in our projects. I did copy/paste the procedures others shared and build a jpi file for our own use, but I won't be comfortable publishing a release for the public.
Ling
added a comment - In general I agree with you, and I do contribute to open source in various ways, but this logic doesn't really cover all cases. In this particular case, I don't know Java, and we don't use Java in our projects. I did copy/paste the procedures others shared and build a jpi file for our own use, but I won't be comfortable publishing a release for the public. 
I don't work on this project / at this company anymore and haven't been a maintainer for quite a few years.