The type java.io.ObjectInputStream cannot be resolved. It is indirectly referenced from required .class files

user3891270 picture user3891270 · May 1, 2016 · Viewed 112.3k times · Source

I have downloaded Eclipse and tried to create a sample servlet program but I got following error

The type java.io.ObjectInputStream cannot be resolved. It is indirectly referenced from required .class files

I have configured build path correctly. I am using Java 8 and Apache Tomcat 7 and libraries for both are referenced correctly.

Problem is specifically for Java EE only. Ordinarily Java SE projects are running fine.

Answer

mzjn picture mzjn · Jul 18, 2016

Something happened in Java 8 Update 91 that broke existing JSP code. That seems pretty clear. Here is a sample of similar questions and bug reports:

All these are about problems with Java 8 Update 91 (or later) that are not present when using earlier JRE/JDK versions.


The following OpenJDK changeset from 22 January 2016 appears to be related: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/32f64c19b5fb (commit message "8144430: Improve JMX connections"). The changeset seems to be related to this vulnerability, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427, which is mentioned in a comment to this Red Hat bug report, https://bugzilla.redhat.com/show_bug.cgi?id=1336481.

The Update 91 release notes document mentions JDK-8144430 (non-public ticket): http://www.oracle.com/technetwork/java/javase/8u91-relnotes-2949462.html.

In "Oracle Critical Patch Update Advisory - April 2016", the CVE-2016-3427 vulnerability is mentioned: http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html.