Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Latest 1.13.2 throws NoSuchFieldError: USE_FAST_DOUBLE_PARSER

See original GitHub issue

Our JDBC driver has recently upgraded to the latest v1.13.2 release as we require the latest updates to fasterxml.jackson.core:jackson-databind as component Azure Devops governance reported as a vulnerability. However it looks like the latest has references to undefined USE_FAST_DOUBLE_PARSER.

The following is a test we have federated authentication which worked in prev releases:

        try {
            final PublicClientApplication clientApplication = PublicClientApplication.builder(fedauthClientId)
                    .executorService(Executors.newFixedThreadPool(1)).authority(stsurl).build();
            final CompletableFuture<IAuthenticationResult> future = clientApplication
                    .acquireToken(UserNamePasswordParameters.builder(Collections.singleton(spn + "/.default"),
                            azureUserName, azurePassword.toCharArray()).build());

            final IAuthenticationResult authenticationResult = future.get();

            secondsBeforeExpiration = TimeUnit.MILLISECONDS
                    .toSeconds(authenticationResult.expiresOnDate().getTime() - new Date().getTime());
            accessToken = authenticationResult.accessToken();
        } catch (Exception e) {
            fail(e.getMessage());
        }

This now results in:

org.opentest4j.AssertionFailedError: java.lang.NoSuchFieldError: USE_FAST_DOUBLE_PARSER

Issue Analytics

State:
Created a year ago
Comments:11 (5 by maintainers)

Top GitHub Comments

1reaction

Avery-Dunncommented, Nov 1, 2022

Hello @lilgreenbird : In our recent 1.13.3 release we’re now using version 2.13.4.2 of jackson-databind, which is a version that has the security fix and is compatible with other 2.13 versions of jackson-core

You should be able to upgrade to 1.13.3 of MSAL Java to solve this USE_FAST_DOUBLE_PARSER issue and the security vulnerability. Closing this issue, feel free to reopen/leave a comment if you’re still running into issues.

1reaction

Avery-Dunncommented, Oct 21, 2022

This is the first time that we’ve had these sorts of issues where jackson-databind/jackson-core where out of sync enough to cause problems, and since we only use jackson-databind we’ve let jackson-core be a transient dependency.

It seems like the root cause of the issue is that jackson-databind has kind of a soft requirement for version 2.14 of jackson-core, which means that Maven grabs jackson-core 2.13 to satisfy azure-core then we run into this issue. Since all of the jackson’s 2.14 releases so far are just release candidates, I believe Maven will prefer the latest 2.13 release instead of any of the 2.14’s.

Since neither of our projects relies on jackson-core the best option would be for azure-core to update their project to use one of the 2.14 release candidates. It looks like they’ve started creating PRs to update their use of jackson, but I’m not sure what they’re release schedule is: https://github.com/Azure/azure-sdk-for-java/pull/31559

I’ll try to figure out when they’re planning a release with these dependencies updated. If it seems like it’ll be soon then I think it’d be best to let that solve this issue, otherwise we’ll add jackson-core as a dependency in MSAL Java and we’ll probably get a hotfix out sometime next week.