Closed giselebrito closed 7 months ago
Dear @giselebrito
We assume, that java-api is not provided with version 2.17.2.
We need to analyze your dependencies. In order to analyze the dependencies of your application, you can use the maven dependency plugin.
It allows you to print the effective dependencies of your application. You can execute the plugin via the command line from
the directory where your pom.xml
file is stored with mvn dependency:tree
.
❯ mvn dependency:tree
Furthermore, as sap_java_buildpack
provides java-security
(and java-api
) do you leverage sap_java_buildpack
and if yes, in which version?
And do you leverage this BoM, and if yes in which version?
<dependency>
<groupId>com.sap.cloud.sjb.cf</groupId>
<artifactId>sap-java-buildpack-bom</artifactId>
<type>pom</type>
</dependency>
Thanks a lot!
Question Summary We are upgrading several of our applications using SAP Cloud Security libraries to the latest 2.17.2 to mitigate the vulnerability identified recently. However, when we change to the latest 2.x version, our application fails to start due to an error java.lang.ClassNotFoundException: com.sap.cloud.security.token.validation.XsuaaJkuFactory We are not sure how to proceed as we don't find any configuration / documentation related to the factory class in the usage sample apps.
Could you please advise on any additional configuration we need to do?
Complete stack trace:
pom.xml