-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade OkHttp dependency to 4.3+ #23
Comments
For what it's worth, I tried overriding OkHttp in our local POM to bring it up to 4.3.1 (the latest in the 4.3 branch on Maven Central) and it didn't help. We're still getting the same error. Then again, I didn't think it would work anyway, as I suspect either Duo would need to do the thread shutdown itself, or (more likely) expose an API for the surrounding app to call the shutdown when it shuts down. |
We get the okhttp dependency from retrofit2 which annoyingly hasn't put out a new version for three years now. I'm wary of overriding the okhttp version manually but that might be what we need to do... |
I'm seeing this same issue trying to use 1.1.3 version of Duo Universal SDK. Any idea when this dependency issue will be resolved? The issue I see in building this for the Guacamole project is that the Maven enforcer plugin fails to converge the dependencies:
|
The concern is, we get the okhttp dependency indirectly via retrofit, which is now 3.5 years without an update. Overriding transitive dependency versions is a wonderful way to introduce instability and bugs :) I'll see what we can do, but I'm not loving any of my options. |
Thanks @AaronAtDuo, totally understand the concerns with what you're trying to do. I'll have to see if there's a way I can get Maven Enforcer to bypass that particular check and continue the build, and see what happens. It seems to happen in all of the versions of the Duo Universal SDK for Java that I tried - 1.0.3 and 1.1.1 - 1.1.3, so I'm struggling to find a way to actually use the updated SDK at the moment. |
The current version of
duo_universal_java
(1.1.3) is using OkHttp 3.14.9 under the hood. This version of OkHttp has a known issue with Tomcat applications where its internal thread pool cannot be shut down cleanly because it does not provide an API to signal OkHttp to shut them down. This was supposedly fixed in version 4.3.We have been mandated to Duo as our corporate MFA solution, which we have successfully implemented and deployed to production. However, we are now seeing evidence of the OkHttp thread pool issue in our server logs:
This isn't causing any critical issues for our apps, but it is a nuisance when we need to shutdown or restart an app.
Please investigate updating the OkHttp dependency to 4.3 or later to resolve this issue.
The text was updated successfully, but these errors were encountered: