Jira logs include package Scanner warnings related to atlassian-secrets and password-cipher.
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
The atlassian-jira.log file contains warnings related to atlassian-secrets and password-cipher, which may indicate the presence of duplicate packages across various classes.
1
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jarEnvironment
Jira 9.12.x, 10.1.x, 10.2.x, 10.3.x
Diagnosis
The entries in the atlassian-jira.log will appear in the following format, and no additional symptoms should be evident. :
atlassian-jira.log
1
2
3
4
5
6
7
8
9
10
11
12
13
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-api-5.0.4.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: password-cipher-base-1.4.0.jar and atlassian-secrets-store-5.0.4.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: atlassian-secrets-api-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.protocol' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.utils' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.secrets.tomcat.cipher' with different versions. Files: atlassian-secrets-store-5.0.4.jar and password-cipher-base-1.4.0.jar
JIRA-Bootstrap WARN [o.twdata.pkgscanner.ExportPackageListBuilder] Package Scanner found duplicates for package 'com.atlassian.db.config.password' with different versions. Files: password-cipher-api-1.4.0.jar and atlassian-secrets-api-5.0.4.jarCause
Atlassian Package Scanner plays a crucial role in preventing conflicts that can occur when .jar files contain identical packages, irrespective of their version differences. When users upgrade to Jira Software Data Center 9.x or Jira Service Management Data Center 5.x and later, the Atlassian Package Scanner will notify them of any packages with matching content provided by multiple .jar files.
This situation arises because Embedded Crowd is still transitioning to the new platform version and continues to utilize password-cipher, while Jira has already adopted atlassian-secrets but must still support password-cipher for backward compatibility. Since atlassian-secrets incorporates password-cipher, the Atlassian Package Scanner detects these instances. However, because the content is identical, the resulting warnings can generally be disregarded (note that duplicated lines appear due to the presence of .jar files in both /lib and atlassian-jira/WEB-INF/lib). These warnings can be disregarded, as they will not affect the performance of Jira.
Was this helpful?