I am using grails-xss-sanitizer in my grails application in v3.2.11. When I tried to upgrade my application to the latest 3.3.4. It reported below issue:
[2018-04-11 11:16:37,627] [main] ERROR o.s.b.SpringApplication - Application startup failed java.lang.NoClassDefFoundError: org/springframework/boot/context/embedded/FilterRegistrationBean at grails.plugin.xss.sanitizer.XssSanitizerGrailsPlugin$_doWithSpring_closure1.doCall(XssSanitizerGrailsPlugin.groovy:38) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1427) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034) at groovy.lang.Closure.call(Closure.java:418) at groovy.lang.Closure.call(Closure.java:412) at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759) at grails.spring.BeanBuilder.beans(BeanBuilder.java:588) at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:531) at org.grails.plugins.DefaultGrailsPlugin.doWithRuntimeConfiguration(DefaultGrailsPlugin.java:559) at org.grails.plugins.AbstractGrailsPluginManager.doRuntimeConfiguration(AbstractGrailsPluginManager.java:167) at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:171) at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:272) at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:122) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525) at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360) at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) at grails.boot.GrailsApp.run(GrailsApp.groovy:84) at grails.boot.GrailsApp.run(GrailsApp.groovy:393) at grails.boot.GrailsApp.run(GrailsApp.groovy:380) at grails.boot.GrailsApp$run.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:136) at com.the41.fraudnet.Application.main(Application.groovy:28) Caused by: java.lang.ClassNotFoundException: org.springframework.boot.context.embedded.FilterRegistrationBean at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 34 common frames omitted
FAILURE: Build failed with an exception.
- What went wrong: Execution failed for task ':bootRun'.
Process 'command '/opt/jdk1.8.0_131/bin/java'' finished with non-zero exit value 1
I saw in grails 3.3.x upgrade notes:
Spring Boot 1.5.x - supported in grails 3.3.x
Spring Boot 1.5.x removes a number of deprecated classes, notably several of the classes within the org.springframework.boot.context.embedded package.
If your application is referencing any of the classes within this package you will need to alter your imports to use org.springframework.boot.web.servlet instead.
All classes in the org.springframework.boot.context.web package have been deprecated and relocated per the Spring Boot 1.4 Release Notes.
And xss-sanitizer plugin is using the classes defined in package "org.springframework.boot.context.embedded"
So, Is there any plans on the upgrade of xss-sanitizer plugin for grails 3.3.x or any workaround for this issue?
There is no reasonable workaround to this other than to upgrade the plugin.
It appears that the plugin is being upgraded; see source here https://github.com/rpalcolea/grails-xss-sanitizer/blob/master/gradle.properties that references grails version 3.3.0. You may also want to track or comment on this issue: https://github.com/rpalcolea/grails-xss-sanitizer/issues/1 since it describes the problem that you are seeing.