Protect / Sync: Brute_Force_Protection class not found

[jeherve]

I ran into this error on a site running Jetpack Boost, Jetpack Protect, Jetpack Social, and Jetpack. The Protect module is enabled on the site.

The error appears to be triggered during a log in attempt.

An error of type E_ERROR was caused in line 49 of the file /wp-content/plugins/jetpack-boost/jetpack_vendor/automattic/jetpack-sync/src/modules/class-protect.php. Error message: Uncaught Error: Class 'Automattic\Jetpack\Waf\Brute_Force_Protection\Brute_Force_Protection' not found in /wp-content/plugins/jetpack-boost/jetpack_vendor/automattic/jetpack-sync/src/modules/class-protect.php:49
Stack trace:
#0 /wp-includes/class-wp-hook.php(308): Automattic\Jetpack\Sync\Modules\Protect->maybe_log_failed_login_attempt(Array)
#1 /wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters('', Array)
#2 /wp-includes/plugin.php(517): WP_Hook->do_action(Array)
#3 /wp-content/plugins/jetpack/modules/protect.php(404): do_action('jpp_log_failed_...', Array)
#4 /wp-includes/class-wp-hook.php(310): Jetpack_Protect_Module->log_failed_attempt('admin')
#5 /wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters('', Array)
#6 /wp-includes/plugin.php(51

[jeherve]

cc @nateweller Since you had worked on #29842, I was wondering if you had ideas as to the turn of events that would lead to that error?

Thank you!

[nateweller]

Interesting. My initial assumption is that Boost has the latest version of the Sync package, so it is being used by the autoloader (.../jetpack-boost/jetpack_vendor/automattic/jetpack-sync/...).

Boost does not depend on the WAF package, and the Sync package only lists the WAF pack as a dev dependency to avoid loops/conflicts.

I'll look into this further, to see if we can configure things differently to avoid cases like this.