Hi All,
We have recently had this build issue come up in our deployment pipeline which states the following -
Rule - CQRules:CQBP-84
Issue - The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code.
This is being reported at below file locations -
Netcentric:accesscontroltool-package:3.0.9 |
Netcentric:accesscontroltool-package:3.0.9 |
The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code. Detected in biz.netcentric.cq.tools.actool.dumpservice.impl.DumpServiceImpl$1 contained in /apps/netcentric/actool/install/accesscontroltool-bundle-3.0.9.jar.
The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code. Detected in biz.netcentric.cq.tools.actool.authorizableinstaller.impl.AuthInstallerUserManagerPrefetchingImpl$1 contained in /apps/netcentric/actool/install/accesscontroltool-bundle-3.0.9.jar.
The weird part is the issue has started showing up recently (It was not there in our last build done on Sept 08, 2023)
Any ideas on how to troubleshoot this issue? As far as I can tell the netcentric jar is using Query interface and thus lies beyond our custom application codebase.
@aanchal-sikka, @arunpatidar, @EstebanBustamante, @Jörg_Hoh, @Harwinder-singh,
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Hello @Rohan_Garg
The issue has been reported on https://github.com/Netcentric/accesscontroltool/issues/671
The fix is currently in review https://github.com/apache/jackrabbit-oak/pull/1121
Should be available in next version of netcentric tool
Hello @Rohan_Garg
The issue has been reported on https://github.com/Netcentric/accesscontroltool/issues/671
The fix is currently in review https://github.com/apache/jackrabbit-oak/pull/1121
Should be available in next version of netcentric tool
Can the AEM code quality pipeline be fixed to not randomly fail builds due to new issues it finds with existing dependency packages that haven't been changed since the last build?
In our case, the server we're deploying to is running some older version of jackrabbit oak-core: 1.22.13. This issue looks like it was introduced in 1.56.0, which means somehow the cloud pipeline is scanning against the latest versions of packages that don't even apply to the server that's being deployed to. This is a serious issue with the code quality pipeline.
Adobe is continuously enhancing the platform. Once they update CM rules, they would expect the code to comply as per the latest ones.
I agree to your point, that there should be some notification sent in advance, to cross-verify our code against the upcoming rules updates. May be a pipeline that has early updates and can be used to verify code.
Thanks @aanchal-sikka. I am still facing the issue today. Do we need to update anything from our end or is it Adobe's fix? Our CI pipelines are failing with the same issue. Could you please advise
File Location | Line Number | Issue | Type | Severity | Effort | Rule | Tags | Documentation | |||
adobe/consulting:acs-aem-commons-content:5.3.4 | 0 | The product interface org.apache.jackrabbit.api.JackrabbitSession annotated with @ProviderType should not be implemented by custom code. Detected in com.adobe.acs.commons.wrap.jackrabbit.JackrabbitSessionIWrap contained in /apps/acs-commons/install/acs-aem-commons-bundle-5.3.4.jar. | Bug | Critical | 30m | CQRules:CQBP-84 | cqsoftwarequality | https://www.adobe.com/go/aem_cmcq_cqbp-84_en |
Hello @gmalagondla
Please monitor the updates via following link
Adobe won't be able to fix the code, unless they lower the priority of the rule. I have no idea, if thats possible.
Thanks @aanchal-sikka for the quick response.
Hi,
Was anyone able to fix this issue?
I tried using the latest accesscontrol version 3.0.9 but had no luck with this issue.
Please let me know if anyone was able to fix this.