Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot fix file (duplicate entry: META-INF/DEPENDENCIES)

See original GitHub issue

When executing the scanner I receive the following error:

$ ./log4j2-scan --fix  /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133
This command will remove JndiLookup.class from log4j2-core binaries. Are you sure [y/N]? y
Logpresso CVE-2021-44228 Vulnerability Scanner 1.5.0 (2021-12-15)
Scanning directory: /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133
[*] Found CVE-2021-44228 vulnerability in /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133/jdbcserver.jar, log4j 2.13.1
[*] Found CVE-2021-44228 vulnerability in /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133/oauthservice.jar, log4j 2.13.1

Error: Cannot fix file (duplicate entry: META-INF/DEPENDENCIES). rollback original file /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133/jdbcserver.jar
Error: Cannot fix file (duplicate entry: META-INF/INDEX.LIST). rollback original file /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133/oauthservice.jar

the jar file itself is a valid zip:

$ unzip -t /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133/jdbcserver.jar
[...]
No errors detected in compressed data of /opt/tableau/tableau_server/packages/bin.20211.21.0617.1133/jdbcserver.jar.

any idea what needs to be changed? thanks!

Issue Analytics

State:
Created 2 years ago
Comments:8 (3 by maintainers)

Top GitHub Comments

1reaction

AliakseiKiryanau1commented, Dec 15, 2021

@xeraph , tested with 1.6.1 - everything is working 😃

Fixed: /opt/workfusion/wf_installer/sources/automl-model-management-service-10.2.4.11.jar
Fixed: /opt/workfusion/wf_installer/sources/worker-management-service-10.2.4.10.jar
Fixed: /opt/workfusion/wf_installer/sources/secure-file-migration-10.2.4.6.jar
Fixed: /opt/workfusion/wf_installer/sources/automl-gateway-service-10.2.4.11.jar
Fixed: /opt/workfusion/wf_installer/sources/ocr-rest-10.2.4.9.jar
Fixed: /opt/workfusion/wf_installer/sources/manual_task_renderer-10.2.4.5.jar
Fixed: /opt/workfusion/wf_installer/sources/bot-manager-10.2.4.7.jar
Fixed: /opt/workfusion/wf_installer/sources/task-dispatcher-service-10.2.4.10.jar
Fixed: /opt/workfusion/wf_installer/sources/ocr-worker-10.2.4.9.jar
Fixed: /opt/workfusion/wf_installer/sources/automl-model-service-10.2.4.11.jar
Fixed: /opt/workfusion/wf_installer/sources/sqc-rest-10.2.4.6.war
Fixed: /opt/workfusion/wf_installer/sources/loader-security-properties-10.2.4.6.jar
Fixed: /opt/workfusion/wf_installer/sources/workspace-10.2.4.11.jar
Fixed: /opt/workfusion/wf_installer/sources/workfusion-10.2.4.12.war
Fixed: /opt/workfusion/shared/minio/data/vds-models/information-extraction-generic-se-20/10.2.4.12/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/information-extraction-generic-se-30/10.2.4.12/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/binary-classification-generic-se-20/10.2.4.12/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/multi-class-classification-generic-se-20/10.2.4.12/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/presentation-information-extraction/10.2.4.12/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/presentation-company-classification-model/10.2.4.12/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/python-signature-detection-model/1.0.5/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/clustering-model/1.0.1/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/checkbox-detection-model/1.0.5/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/custom-classification/1.1/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/custom-ie/1.1/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/ensemble-multi-classification-primary/10.3.0.38-develop/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/ensemble-multi-classification-s1/10.3.0.38-develop/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/minio/data/vds-models/ensemble-multi-classification-s2/10.3.0.38-develop/lib/vds-hypermodel-app.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/wf-dependencies/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/wf-dependencies/org/apache/logging/log4j/log4j-core/2.13.3/log4j-core-2.13.3.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/org/apache/logging/log4j/log4j-core/2.10.0/log4j-core-2.10.0.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/org/apache/logging/log4j/log4j-core/2.13.3/log4j-core-2.13.3.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/workfusion/ml/vds-hypermodel-app/10.2.4.12/vds-hypermodel-app-10.2.4.12.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/workfusion/ml/vds-hypermodel-app/10.3.0.38-develop/vds-hypermodel-app-10.3.0.38-develop.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/workfusion/spa/ct/worker-app/10.2.4.12/worker-app-10.2.4.12.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/workfusion/ocr/ocr-worker/10.2.4.9/ocr-worker-10.2.4.9.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/workfusion/model/signature-detection-ml-sdk/1.0.5/signature-detection-ml-sdk-1.0.5.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/workfusion/clustering/clustering-ml-sdk/1.0.1/clustering-ml-sdk-1.0.1.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/workfusion/checkbox-detection-ml-sdk/1.0.5/checkbox-detection-ml-sdk-1.0.5.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/wf/example/custom-classification/1.1/custom-classification-1.1.jar
Fixed: /opt/workfusion/shared/nexus/sonatype-work/nexus/storage/workers/com/wf/example/custom-ie/1.1/custom-ie-1.1.jar
Fixed: /opt/workfusion/tmp/workers/com/workfusion/spa/ct/worker-app/10.2.4.12/worker-app-10.2.4.12.jar
Fixed: /opt/workfusion/vds-data/workers/app/com.workfusion.ocr/ocr-worker/10.2.4.9/worker.jar
Fixed: /opt/workfusion/vds-data/workers/app/com.workfusion.spa.ct/worker-app/10.2.4.12/worker.jar
Fixed: /opt/workfusion/vds-data/workers/app/com.workfusion.ml/vds-hypermodel-app/10.2.4.12/worker.jar
Fixed: /opt/workfusion/wf-sec-storage/loader-security-properties.jar
Fixed: /opt/workfusion/wf-sec-storage/secure-file-migration.jar
Fixed: /opt/workfusion/task-dispatcher-service/task-dispatcher-service.jar
Fixed: /opt/workfusion/worker-management-service/worker-management-service.jar
Fixed: /opt/workfusion/automl-model-service/automl-model-service.jar
Fixed: /opt/workfusion/automl-model-management-service/automl-model-management-service.jar
Fixed: /opt/workfusion/automl-gateway-service/automl-gateway-service.jar
Fixed: /opt/workfusion/workspace/workspace.jar
Fixed: /opt/workfusion/manual-task-renderer/manual-task-renderer.jar
Fixed: /opt/workfusion/bot-manager/bot-manager.jar
Fixed: /opt/workfusion/ocr/ocr-rest.jar
Fixed: /opt/workfusion/elasticsearch/lib/log4j-core-2.11.1.jar
Fixed: /opt/workfusion/elasticsearch/bin/elasticsearch-sql-cli-7.15.1.jar
Fixed: /opt/workfusion/workfusion/webapps/workfusion.war
Fixed: /opt/workfusion/workfusion/webapps/workfusion/WEB-INF/lib/log4j-core-2.13.3.jar
Fixed: /opt/workfusion/sqc/webapps/sqc-rest.war
Fixed: /opt/workfusion/sqc/webapps/sqc-rest/WEB-INF/lib/log4j-core-2.13.3.jar
Fixed: /opt/workfusion/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-tcp-6.2.1-java/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.2.1/logstash-input-tcp-6.2.1.jar
Fixed: /opt/workfusion/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-jdbc-5.4.0/lib/org/apache/logging/log4j/log4j-core/2.9.1/log4j-core-2.9.1.jar
Fixed: /opt/workfusion/logstash/logstash-core/lib/jars/log4j-core-2.14.0.jar

Scanned 68026 directories and 208768 files
Found 65 vulnerable files
Found 0 potentially vulnerable files
Found 0 mitigated files
Fixed 65 vulnerable files
Completed in 1669.33 seconds

0reactions

xeraphcommented, Dec 15, 2021

@AliakseiKiryanau1 Wow…! Thank you for test report!

Top Results From Across the Web

Gradle duplicate entry error: META-INF/MANIFEST.MF (Or ...

This issue is happening because of duplicate dependencies. Check for multiple dependencies in the Gradle app.

java.util.zip.ZipException: duplicate entry: META-INF ... - GitHub

I have successfully been using sbt-assembly in my project for months now and recently it started complaining about duplicate entries for a ...

Add build dependencies - Android Developers

To add a dependency to your project, specify a dependency configuration such as implementation in the dependencies block of your module's build.gradle file....

Dependencies - Verint ForeSee

Duplicate files copied in APK META-INF/DEPENDENCIES The files contained in the META-INF folder do not affect app function and can be excluded.

META-INF/version duplicate error when using Proguard

Caused by: java.io.IOException: Please correct the above warnings first. at proguard.InputReader.execute(InputReader.java:149) at proguard.