Skip to content

[MNG-8176] Restrict classloader for Maven 4 plugins#1336

Merged
gnodet merged 1 commit intoapache:masterfrom
gnodet:plugin-v4-classloader
Aug 12, 2024
Merged

[MNG-8176] Restrict classloader for Maven 4 plugins#1336
gnodet merged 1 commit intoapache:masterfrom
gnodet:plugin-v4-classloader

Conversation

@gnodet
Copy link
Copy Markdown
Contributor

@gnodet gnodet commented Dec 7, 2023

No description provided.

rmannibucau
rmannibucau reviewed Dec 7, 2023
View reviewed changes
Comment thread maven-core/src/main/resources/META-INF/maven/extension.xml Outdated
@gnodet gnodet force-pushed the plugin-v4-classloader branch from 9955de3 to ad1094e Compare December 7, 2023 09:14
@gnodet gnodet force-pushed the plugin-v4-classloader branch from ad1094e to 41cbe0c Compare June 25, 2024 20:26
@gnodet gnodet force-pushed the plugin-v4-classloader branch from 41cbe0c to a0f8397 Compare June 25, 2024 20:31
@gnodet gnodet marked this pull request as ready for review June 25, 2024 20:31
@gnodet gnodet requested a review from cstamas June 27, 2024 05:29
@gnodet gnodet added this to the 4.0.0-beta-4 milestone Jun 27, 2024
@gnodet gnodet changed the title Restrict classloader for Maven 4 plugins [MNG-8176] Restrict classloader for Maven 4 plugins Jul 6, 2024
@gnodet gnodet modified the milestones: 4.0.0-beta-4, 4.0.0 Jul 6, 2024
@gnodet gnodet requested a review from rmannibucau August 12, 2024 09:53
rmannibucau
rmannibucau approved these changes Aug 12, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@rmannibucau rmannibucau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be great to get rid of slf4j but clearly a big step forward

@gnodet
Copy link
Copy Markdown
Contributor Author

gnodet commented Aug 12, 2024

Would be great to get rid of slf4j but clearly a big step forward

The plan would be to allow some customization by the plugin later, so that they can add/remove packages and fine tune their class loader. In most cases, slf4j is not a problem.

@rmannibucau
Copy link
Copy Markdown
Contributor

rmannibucau commented Aug 12, 2024

In most cases, slf4j is not a problem.

Well, from my perspective we decided to use maven.api logging api and let the mojo use or not another API/binding/solution so there is no more reason to let slf4j leak (or then we should let leak other stuff too).
Slf4j was not a problem until it became and the choice was to give more guarantees to the mojo writers so default is probably better not having it and use tuning options to let it pass in unsafe mode.

But just my 2 cts indeed.

@gnodet gnodet merged commit 2a709dc into apache:master Aug 12, 2024
@gnodet gnodet deleted the plugin-v4-classloader branch September 30, 2024 14:54
@jira-importer
Copy link
Copy Markdown

jira-importer commented Jul 7, 2025

Resolve #9683

@jira-importer jira-importer mentioned this pull request Oct 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cstamas cstamas cstamas approved these changes

@rmannibucau rmannibucau rmannibucau approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.0.0-beta-4

Development

Successfully merging this pull request may close these issues.

4 participants

@gnodet @rmannibucau @jira-importer @cstamas