Affected version: all
Description:
MavenArchiver.loadOptionalProperties() at line 622 catches both IllegalArgumentException and IOException and ignores them:
private static Properties loadOptionalProperties(final InputStream inputStream) {
Properties properties = new Properties();
if (inputStream != null) {
try (InputStream in = inputStream) {
properties.load(in);
} catch (IllegalArgumentException | IOException ex) {
// ignore and return empty properties
}
}
return properties;
}
If the /META-INF/maven/.../pom.properties resource exists on the classpath but is corrupt (e.g., truncated, malformed encoding), the error is silently swallowed and an empty Properties object is returned. This causes the plugin version to resolve as null, which may produce different behavior (e.g., "Maven Archiver" vs "Maven Archiver 3.7.0") without any indication of the underlying data corruption.
Raising as low priority since this is a classpath resource packaged with the library itself (not user-supplied), but silent data loss is never ideal.
Affected version: all
Description:
MavenArchiver.loadOptionalProperties()at line 622 catches bothIllegalArgumentExceptionandIOExceptionand ignores them:If the
/META-INF/maven/.../pom.propertiesresource exists on the classpath but is corrupt (e.g., truncated, malformed encoding), the error is silently swallowed and an empty Properties object is returned. This causes the plugin version to resolve asnull, which may produce different behavior (e.g., "Maven Archiver" vs "Maven Archiver 3.7.0") without any indication of the underlying data corruption.Raising as low priority since this is a classpath resource packaged with the library itself (not user-supplied), but silent data loss is never ideal.