Bump classgraph from 4.8.115 to 4.8.125
Bumps classgraph from 4.8.115 to 4.8.125.
Release notes
Sourced from classgraph's releases.
classgraph-4.8.125
Remove a debugging setting which produced a warning on stderr (#568).
classgraph-4.8.124
Allow circumvention of encapsulation in JDK 16+ via jvm-driver, in addition to existing Narcissus support. Details are on README.md page for ClassGraph GitHub project.
classgraph-4.8.123
More compatibility fixes for IBM Semeru.
classgraph-4.8.122
Add support for
ClassGraph.CIRCUMVENT_ENCAPSULATION = true
to work on IBM Semeru, an OpenJDK fork (#563).classgraph-4.8.121
Optimization of reflection code (no functional changes compared to previous release)
classgraph-4.8.120
First version that is fully compatible with JDK 16+
The JDK team decided to switch on strong encapsulation in JDK 16+. That means that ClassGraph cannot find the classpath, if all of the following are true:
- You are running on JDK 16+
- You are using a legacy classloader (rather than the module system)
- The legacy classloader does not expose its classpath via a public field or method
- The classloader is loaded in a different module from your user code
If your ClassGraph code works in JDK versions less than 16 but breaks in JDK 16+ (meaning that ClassGraph can no longer find your classes), you have probably run into this problem.
You can circumvent this restriction by:
- Adding the Narcissus library to your project as an extra dependency (only Linux x86/x64, Windows x86/x64, and Mac OS X x64 are currently supported).
- Setting
ClassGraph.CIRCUMVENT_ENCAPSULATION = true;
before interacting with ClassGraph in any other way (this will load the Narcissus library as ClassGraph's reflection driver).This release of ClassGraph uses Narcissus to silently circumvent all of Java's security mechanisms (visibility/access checks, security manager restrictions, and strong encapsulation), in order to read the classpath from private fields and methods of classloaders. Narcissus is a collaboration between:
- Luke Hutchison (@lukehutch), author of ClassGraph
- Roberto Gentili (@burningwave), author of Burningwave Core and toolfactory/jvm-driver, which is an alternative to Narcissus
JDK 16's strong encapsulation is just the first step of trying to lock down Java's internals, so further restrictions are possible (e.g. it is likely that
setAccessible(true)
will fail in future JDK releases, even within a module, and probably the JNI API will be locked down soon, making Narcissus require a commandline flag to work).Please convince your upstream runtime environment to expose the full classpath from their classloader using a public method or field, otherwise ClassGraph may stop working for your runtime environment in the future.
classgraph-4.8.119
(Skip this release, reflection was broken...)
classgraph-4.8.118
(Skip this release, reflection was broken -- #562, #563).
classgraph-4.8.117
UPDATE: Do not use this release, it caused some regressions -- use ClassGraph-4.8.123+ instead.
... (truncated)
Commits
-
6b54819
[maven-release-plugin] prepare release classgraph-4.8.125 -
d489714
Set CIRCUMVENT_ENCAPSULATION to NONE by default (#568) -
f46eed1
Update README -
451a084
[maven-release-plugin] prepare for next development iteration -
3bfb0bd
[maven-release-plugin] prepare release classgraph-4.8.124 -
012d193
Update to jvm-driver 7.1.5 -
3b07db8
Source > Cleanup -
018f69c
Add jvm-driver as another runtime method for circumventing encapsulation -
ce50c6b
Fix test -
80fa028
Refactoring - Additional commits viewable in compare view