Related Documents
Document Properties
Last Modified21-Jul-2020
Added to KB20-Jul-2020
Public AccessEveryone
Doc TypeGuidelines, Concepts & Cookbooks
ProductICM 7.10

Guide - Security Update of Libraries

Product Version


Product To Version



1 Introduction

Several libraries with vulnerabilities were updated and can potentially break the implementation.

LibraryOld VersionNew Version

2 Migration

2.1 Version Conflict

In case of version conflicts of underlying and custom libraries, the version must be defined explicitly. The build.gradle can contain the following block:

versionRecommendation {
    provider {
        // thirdparty.version to resolve version conflicts of custom cartridges
        properties('thirdparty', file('thirdparty.version')) {}

Example version file to resolve version conflict for library "error_prone_annotations".


2.2 Class Collision Check Failed

Some libraries can contain resources which have the same name. To exclude such resources, a configuration of the task must be adapted:

* What went wrong:
Execution failed for task ':<assembly>:checkClassCollisions'.
> There are class collisions in your dependencies
   > Collision between io.github.classgraph:classgraph:4.6.32 and net.bytebuddy:byte-buddy:1.9.10
      > META-INF.versions.9.module-info
build.gradle of assembly
// verify whole server classpath to be collision-free
checkClassCollisions {
    allCartridges = true
    ignore 'META-INF.versions.\\d+.module-info' // ignore module-info.class files in META-INF/**cd


The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources