Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-75276

potential licence issue due to shaded ASM dep in byte-buddy

    • 2.17.0-386.vcb_b_037da_0d62

      As discovered by https://github.com/jenkinsci/jackson2-api-plugin/pull/267#pullrequestreview-2612797731 the byte-buddy library uses a shaded asm dependency.

       

      As such the licence for ASM in not in the licences section of byte-buddy`'s pom.xml does not contain the BSD 3 clause licence in use by ASM.
      As the jacksone-api plugin also includes this byte-buddy the plugin is likely to be affected also in the same way as detailed here

      Steps to reproduce

      1. Start a jenkins server (hpi:run will not work) and install the jackson2-api plugin
      2. go to ${JENKINS_URL}/plugin/jackson2-api/wrapper/thirdPartyLicenses

      Expected Results

      The list of licences contains the ASM licence (BSD 3 clause) for ASM.

      Actual Results

      Only MIT and ASL is listed.

          [JENKINS-75276] potential licence issue due to shaded ASM dep in byte-buddy

          James Nord added a comment -

          James Nord added a comment - https://github.com/jenkinsci/jackson2-api-plugin/pull/268

            Unassigned Unassigned
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: