Affected version: 4.0.0-beta-5+
Description:
BuildHelper.getPlugin() at line 85 delegates to the private getPlugin(PluginContainer, String) at line 110:
private static Plugin getPlugin(PluginContainer container, String pluginGa) {
if (container == null) {
return null;
}
Map<String, Plugin> pluginsAsMap = container.getPluginsAsMap();
return pluginsAsMap.get(pluginGa); // NPE if pluginsAsMap is null
}
PluginContainer.getPluginsAsMap() is not documented as guaranteed non-null by the Maven API specification. If a model implementation returns null from this method, line 115 throws NPE.
This affects discoverJavaRelease() which is called during every manifest creation — a null here would crash all JAR/WAR/EAR archive generation.
Impact: Unlikely with standard Maven model implementations, but a ticking bomb if the API contract varies or a non-standard model is used.
Affected version: 4.0.0-beta-5+
Description:
BuildHelper.getPlugin()at line 85 delegates to the privategetPlugin(PluginContainer, String)at line 110:PluginContainer.getPluginsAsMap()is not documented as guaranteed non-null by the Maven API specification. If a model implementation returnsnullfrom this method, line 115 throws NPE.This affects
discoverJavaRelease()which is called during every manifest creation — a null here would crash all JAR/WAR/EAR archive generation.Impact: Unlikely with standard Maven model implementations, but a ticking bomb if the API contract varies or a non-standard model is used.