After large update to my codebase Jasper studio plugin on my STS/Eclipse stopped working. The main problem is that I'm not able to open jrxml files anymore. If I try that, only a blank empty page opens up in my STS, when before my code was updated, I was able to see the full jrxml layout editor.
After very long investigation, I was able to get jrxml editor working again, but in quite laboursome fashion. To be able to use the editor I have to roll back my old pom.xml to the version it was before the major codebase update. Of course my application won't work with the old pom.xml, but at least I can use jasper studio editor with it. Switching between these pom.xml files is just so time consuming due to many side-effects of that, that I would love to find a better solution.
Here's a list of those dependencies that got updated during my the major code update:
-jackson databind 2.6.3 --> 2.7.3.
-jackson core 2.6.3 --> 2.7.3.
-jackson annotations 2.6.3 --> 2.7.3.
-jackson-datatype-hibernate4 2.6.3 --> 2.7.3.
-jackson-datatype-joda 2.6.3 --> 2.7.3.
-waffle 1.6. --> 1.8.1
-spring-security.version 3.2.4.--> 4.0.4.RELEASE
-org.springframework.version 4.1.6.--> 4.2.5.RELEASE
I'm suspecting that some of these are not compatible with the current version of jasper plugin?
There seems to be a security issue with the Jackson Versions prior to 2.7.4.
Since it seems that Jasperreports is not compatible with Jackson 2.7.*, we are not able to fix the security issue in our application.
Please update your dependency to Jackson to a recent, fixed version.
As far as the Jackson dependencies are concerned, we are not using the Jackson Dataformat XML artifact against whom the CVE was reported.
And although we are compiling our library against version 2.1.4, I think there should be no issue if in your application, you simply use a newer version of Jackson, such as 2.7.4.
Have you tried it and it did not work? What was the error?
No, I did not try it yet due to the other compatibility issues with Apache POI 3.15.
I just checked the dependencies and bugreports against them and saw that issue here which I interpreted such, that jasperreports is not compatible with 2.7.x releases of jackson libraries.
The POM file of jasperreports defines a dependency against jackson 2.1.4 - thats february 2013. If you think there is no problem with compatibility, then it shouldn't be one if you update your dependency to a security-fixed version ;-)
Since you have all the automated testcases running with your build-chain, it should be far easier for you to check if everything works with the new jackson library version than it is for us.
I was away from this project for a year, but now that I came back, I was finally able to re-try to fix these problems.
Unfortunately the issue still remains.
This time I even re-installed the whole development environment from scratch. Especially my STS is now 3.9.1. and JasperStudio plugin is now of version 6.4.3.
I tried with the latest jackson 2.9.2., no luck.
The error message I can see is java.lang.LinkageError. Because of that I also tried to update log4j to latest version - no luck.
I noticed that there's a ton of questions related to this LinkageError problem in various forums since many years back, but it seems none of the discussions lead to proper solution. After years of waiting it would be about time to fix this problem in jasper studio. Until then, I can only use jasper studio if I roll back my project dependencies to older version, which reduces development speed dramatically as I would constantly need to switch between old and new dependencies and restarting STS always in between, sometimes even many times.
java.lang.LinkageError: loader constraint violation: when resolving method "org.apache.log4j.spi.LoggingEvent.<init>(Ljava/lang/String;Lorg/apache/log4j/Category;Lorg/apache/log4j/Priority;Ljava/lang/Object;Ljava/lang/Throwable;)V" the class loader (instance of java/net/FactoryURLClassLoader) of the current class, org/apache/log4j/Category, and the class loader (instance of org/eclipse/osgi/internal/loader/EquinoxClassLoader) for the method's defining class, org/apache/log4j/spi/LoggingEvent, have different Class objects for the type org/apache/log4j/Category used in the signature
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)