Stream: IG creation
Topic: Java 10 and Illegal reflective access operation
Chris Moesel (Jul 18 2018 at 20:59):
It seems that if you run the IG publisher jar with Java 10, you'll get the following error:
WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.apache.poi.util.DocumentHelper (file:/Users/mayt/cimpl/shr-cli/out/fhir/guide/org.hl7.fhir.igpublisher.jar) to method com.sun.org.apache.xerces.internal.util.SecurityManager.setEntityExpansionLimit(int) WARNING: Please consider reporting this to the maintainers of org.apache.poi.util.DocumentHelper WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release
This seems to be related to this bug in Apache POI: https://bz.apache.org/bugzilla/show_bug.cgi?id=62151
This issue seems to be harmless (since it appears that it's just a "warning" for now), but it leads to the question: Is Java 10 not recommended? Should we be sticking to Java 8?
Grahame Grieve (Jul 18 2018 at 21:55):
don't know. Would an update of POI make any difference?
Chris Moesel (Jul 18 2018 at 22:41):
Based on that bug report (linked above), it sounds like the POI team hasn't really done anything about it yet, and might not at all -- but it's hard to tell because the submitter posted two issues at the same time. The relevant bit in the response seems to be:
The latter I don't know how we can fix. For security reasons, we need to tell the built-in Java XML parser to turn on non-default settings to increase the parsing security. I don't believe that there's a public API for doing that, only the private ones.
Are you able to find any Java 9 advice on how to turn on the XML security features with the built-in xml parser using only public calls in Java 9?
That being the case, it's probably not worth the effort to update POI. If you (and everyone else) are using Java 8, it sounds like it might be unwise for us to try Java 10 during pre-ballot crunch time.
Last updated: Apr 12 2022 at 19:14 UTC
