Difference Between maven-jira-plugin and jira-maven-plugin

Jira Development Jira Server
, ,
1

Hi everyone,

Our team is trying to remove the log4j 1.2.x dependency in our custom Jira plugins.
We noticed that even when updating the jira-api version to 9.12.1 if we use the maven-jira-plugin with its latest version of 6.3.21, we still get a dependency on log4j 1.x following this trace from our Maven build:

com.atlassian.maven.plugins:maven-jira-plugin:jar:6.3.21 → com.atlassian.maven.plugins:maven-amps-plugin:jar:6.3.21 → com.atlassian.core:atlassian-core:jar:4.0 → log4j:log4j:jar:1.2.7

Looking at https://mvnrepository.com we see there are two artifacts under the com.atlassian.maven.plugins group:

  • maven-jira-plugin (latest version is 6.3.21)
  • jira-maven-plugin (latest version is 8.15.0)

What is the difference between the two plugins and which one should be used to remove the dependency on log4j 1.x?

Thanks for your help ahead of time.

2

Hi,

The officially recognized and supported plugin by Atlassian for Jira plugin development is jira-maven-plugin (so the latest). Therefore, for developing plugins for Jira, you should use jira-maven-plugin.

As for log4j, you can pull log4j version 2.x via jira-core in provided scope.
image

Be careful, log4j will be removed from Jira 10 : Announcing Data Center Platform 7.0. Next step to improve our security posture

May be start to pull the latest log4j on maven

1 Like
3

Thanks for your response @FabienPenchenat .
Follow up question. We’re using Atlassian Plugin SDK 6.3.10, which is bundled with maven 3.2.1.
We’ve switched to using jira-maven-plugin v. 8.14.3. When we use atlas-package, we’re getting 80 counts of the following error:

[WARNING] Error injecting: com.atlassian.maven.plugins.amps.PlatformDependenciesProviderImpl
com.google.inject.ProvisionException: Guice provision errors:

  1. Error injecting: private org.eclipse.aether.spi.log.Logger org.eclipse.aether.internal.impl.DefaultLocalRepositoryProvider.logger
    while locating org.eclipse.aether.internal.impl.DefaultLocalRepositoryProvider

I looked at StakOverflow question that mentions it might be due to a mismatch between the maven used to build the custom plugin vs the maven dependency in the pom.xml. Do you have any suggestions on how to resolve this issue?

Respectfully,
Vasily