https://bz.apache.org/bugzilla/show_bug.cgi?id=63739
Bug ID: 63739
Summary: Automatic-Module-Names in embedded jars are
language-level invalid
Product: Tomcat 9
Version: unspecified
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Component: Packaging
Assignee: dev@tomcat.apache.org
Reporter: rob.pl...@dai.co.uk
Target Milestone: -----
Hi this is a follow-up to 63555, to resolve which Automatic-Module-Names were
introduced into the MANIFEST.MF from 9.0.24.
Unfortunately, those module names are not valid because they contain hyphens.
Module descriptor files (module-info.java) are compiled into Java classes and
simply won't be able to reference them. It's rather like if a package name in a
.jar had hyphens in it; the package could not be used in an import.
This renders Tomcat impossible to use with the Java module system from 9.0.24,
a significantly more adverse situation than what the automatic module names are
supposed to address, as it blocks future CVE security patches.
There is some good advice on the matter here:
https://sormuras.github.io/blog/2018-11-16-invalid-automatic-module-names.html
Example invalid values from Tomcat 9.0.24:
Automatic-Module-Name: org.apache.tomcat-embed-core
Automatic-Module-Name: org.apache.tomcat-embed-jasper-el
What I would expect:
Automatic-Module-Name: org.apache.tomcat.embed.core
Automatic-Module-Name: org.apache.tomcat.embed.jasper.el
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
