svn commit: r1856212 - in /ofbiz: ofbiz-framework/trunk/build.gr
Locked
svn commit: r1856212 - in /ofbiz: ofbiz-framework/trunk/build.gr
 
|
Author: jleroux
Date: Mon Mar 25 17:47:52 2019 New Revision: 1856212 URL: http://svn.apache.org/viewvc?rev=1856212&view=rev Log: Fixed: Update Tomcat to 9.0.16 due to CVE-2019-0199 (OFBIZ-10873) The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. Modified: ofbiz/ofbiz-framework/trunk/build.gradle ofbiz/ofbiz-plugins/trunk/example/build.gradle Modified: ofbiz/ofbiz-framework/trunk/build.gradle URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?rev=1856212&r1=1856211&r2=1856212&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/build.gradle (original) +++ ofbiz/ofbiz-framework/trunk/build.gradle Mon Mar 25 17:47:52 2019 @@ -169,10 +169,10 @@ dependencies { implementation 'org.apache.sshd:sshd-core:1.7.0' implementation 'org.apache.tika:tika-core:1.20' implementation 'org.apache.tika:tika-parsers:1.20' - implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.13' - implementation 'org.apache.tomcat:tomcat-catalina:9.0.13' - implementation 'org.apache.tomcat:tomcat-jasper:9.0.13' - implementation 'org.apache.tomcat:tomcat-tribes:9.0.13' + implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.16' + implementation 'org.apache.tomcat:tomcat-catalina:9.0.16' + implementation 'org.apache.tomcat:tomcat-jasper:9.0.16' + implementation 'org.apache.tomcat:tomcat-tribes:9.0.16' implementation 'org.apache.xmlgraphics:fop:2.3' implementation 'org.apache.xmlrpc:xmlrpc-client:3.1.3' implementation 'org.apache.xmlrpc:xmlrpc-server:3.1.3' @@ -212,7 +212,7 @@ dependencies { junitReport 'org.apache.ant:ant-junit:1.10.5' asciidoctor 'org.asciidoctor:asciidoctorj-pdf:1.5.0-alpha.16' // bug workaround - see OFBIZ-9873 - asciidoctor 'org.jruby:jruby-complete:9.2.4.0' + asciidoctor 'org.jruby:jruby-complete:9.2.4.0' // Libraries downloaded manually implementation fileTree(dir: file("${rootDir}/lib"), include: '**/*.jar') @@ -263,9 +263,9 @@ sourceSets { exclude excludedConfigFiles // Below are necessary for unit tests run by Gradle and integration tests exclude { FileTreeElement elem -> elem.getName().contains('Labels.xml') } - exclude { FileTreeElement elem -> elem.getName().contains('.properties') && - !elem.getName().contains('start.properties') && - !elem.getName().contains('load-data.properties') && + exclude { FileTreeElement elem -> elem.getName().contains('.properties') && + !elem.getName().contains('start.properties') && + !elem.getName().contains('load-data.properties') && !elem.getName().contains('debug.properties') && !elem.getName().contains('cache.properties') && !elem.getName().contains('test.properties') && @@ -437,7 +437,7 @@ task createTenant(group: ofbizServer, de 'db-IP': project.hasProperty('dbIp')? dbIp : '', 'db-User': project.hasProperty('dbUser')? dbUser : '', 'db-Password': project.hasProperty('dbPassword')? dbPassword : ''] - + generateFileFromTemplate(databaseTemplateFile, 'runtime/tmp', filterTokens, 'tmpFilteredTenantData.xml') } @@ -541,13 +541,13 @@ task generatePluginDocumentation(group: def asciidocFolder = new File("${component}/src/docs/asciidoc") if (asciidocFolder.exists()) { copy { - from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" + from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" into "${component}/src/docs/asciidoc/images" } sourceDir file("${component}/src/docs/asciidoc") outputDir file("${buildDir}/asciidoc/plugins/${component.name}") doLast { println "Documentation generated for plugin ${component.name}" } - + } else { println "No documentation found for plugin ${component.name}" } @@ -558,21 +558,21 @@ task generatePluginDocumentation(group: } } -task generateAllPluginsDocumentation(group: docsGroup, +task generateAllPluginsDocumentation(group: docsGroup, description: 'Generate all plugins documentation.') { - + dependsOn deleteAllPluginsDocumentation file("${pluginsDir}").eachDir { plugin -> activeComponents().each { component -> if (component.name == plugin.name) { if (subprojectExists(":plugins:${plugin.name}")) { - // Note: the "-" between "component.name" and "Documentation" allows to differentiate from - // the other inner task temporary created by the generatePluginDocumentation task - def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) { + // Note: the "-" between "component.name" and "Documentation" allows to differentiate from + // the other inner task temporary created by the generatePluginDocumentation task + def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) { def asciidocFolder = new File("${component}/src/docs/asciidoc") if (asciidocFolder.exists()) { copy { - from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" + from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" into "${component}/src/docs/asciidoc/images" } sourceDir file("${component}/src/docs/asciidoc") @@ -581,7 +581,7 @@ task generateAllPluginsDocumentation(gro } mustRunAfter deleteAllPluginsDocumentation } - + dependsOn pluginAsciidoc } doLast { delete "${component}/src/docs/asciidoc/images/OFBiz-Logo.svg" } @@ -689,7 +689,7 @@ task createPlugin(group: ofbizPlugin, de ['config', 'data/helpdata', 'dtd', 'documents', 'entitydef', 'lib', 'patches/test', 'patches/qa', 'patches/production', 'script', 'servicedef', 'src/main/java', 'src/test/java', 'testdef', 'widget', "webapp/${webappName}/error", "webapp/${webappName}/WEB-INF", - "webapp/${webappName}/WEB-INF/actions"].each { + "webapp/${webappName}/WEB-INF/actions"].each { mkdir pluginDir+'/'+it } @@ -714,7 +714,7 @@ task createPlugin(group: ofbizPlugin, de [tempName:'Menus.xml', newName:"${pluginResourceName}Menus.xml", location:'widget'], [tempName:'Forms.xml', newName:"${pluginResourceName}Forms.xml", location:'widget'] ].each { tmpl -> - generateFileFromTemplate(templateDir + '/' + tmpl.tempName, + generateFileFromTemplate(templateDir + '/' + tmpl.tempName, pluginDir + '/' + tmpl.location, filterTokens, tmpl.newName) } @@ -847,7 +847,7 @@ task pullPlugin(group: ofbizPlugin, desc // reverse the order of dependencies to install them before the plugin def ofbizPluginArchives = new ArrayList(configurations.ofbizPlugins.files) Collections.reverse(ofbizPluginArchives) - + // Extract and install plugin and dependencies ofbizPluginArchives.each { pluginArchive -> ext.pluginId = dependencyId.tokenize(':').get(1) @@ -875,7 +875,7 @@ task pullPluginSource(group: ofbizPlugin } } -task pullAllPluginsSource(group: ofbizPlugin, +task pullAllPluginsSource(group: ofbizPlugin, description: 'Download and install all plugins from source control. Warning! deletes existing plugins') { task deleteBeforePulling { @@ -935,7 +935,7 @@ task cleanUploads(group: cleanupGroup, d } task cleanXtra(group: cleanupGroup, description: 'Clean extra generated files like .rej, .DS_Store, etc.') { doLast { - delete fileTree(dir: "${rootDir}", + delete fileTree(dir: "${rootDir}", includes: ['**/.nbattrs', '**/*~','**/.#*', '**/.DS_Store', '**/*.rej', '**/*.orig']) } } Modified: ofbiz/ofbiz-plugins/trunk/example/build.gradle URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/trunk/example/build.gradle?rev=1856212&r1=1856211&r2=1856212&view=diff ============================================================================== --- ofbiz/ofbiz-plugins/trunk/example/build.gradle (original) +++ ofbiz/ofbiz-plugins/trunk/example/build.gradle Mon Mar 25 17:47:52 2019 @@ -18,5 +18,5 @@ */ dependencies { - pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.13' + pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.16' } \ No newline at end of file |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |