svn commit: r1856215 - in /ofbiz: ofbiz-framework/branches/relea
Locked
svn commit: r1856215 - in /ofbiz: ofbiz-framework/branches/relea
 
|
Author: jleroux
Date: Mon Mar 25 17:51:52 2019 New Revision: 1856215 URL: http://svn.apache.org/viewvc?rev=1856215&view=rev Log: Fixed: Update Tomcat to 9.0.16 due to CVE-2019-0199 (OFBIZ-10873) The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. Modified: ofbiz/ofbiz-framework/branches/release17.12/build.gradle ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle Modified: ofbiz/ofbiz-framework/branches/release17.12/build.gradle URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/build.gradle?rev=1856215&r1=1856214&r2=1856215&view=diff ============================================================================== --- ofbiz/ofbiz-framework/branches/release17.12/build.gradle (original) +++ ofbiz/ofbiz-framework/branches/release17.12/build.gradle Mon Mar 25 17:51:52 2019 @@ -140,10 +140,10 @@ dependencies { compile 'org.apache.tika:tika-core:1.20' compile 'org.apache.tika:tika-parsers:1.20' compile 'org.apache.poi:poi:3.17' - compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.10' - compile 'org.apache.tomcat:tomcat-catalina:9.0.10' - compile 'org.apache.tomcat:tomcat-jasper:9.0.10' - compile 'org.apache.tomcat:tomcat-tribes:9.0.10' + compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.16' + compile 'org.apache.tomcat:tomcat-catalina:9.0.16' + compile 'org.apache.tomcat:tomcat-jasper:9.0.16' + compile 'org.apache.tomcat:tomcat-tribes:9.0.16' compile 'org.apache.xmlgraphics:fop:2.2' compile 'org.apache.xmlrpc:xmlrpc-client:3.1.3' compile 'org.apache.xmlrpc:xmlrpc-server:3.1.3' @@ -184,9 +184,9 @@ dependencies { // libs needed for junitreport junitReport 'junit:junit:4.12' junitReport 'org.apache.ant:ant-junit:1.9.7' - + // bug workaround - see OFBIZ-9873 - asciidoctor 'org.jruby:jruby-complete:9.2.4.0' + asciidoctor 'org.jruby:jruby-complete:9.2.4.0' // local libs getDirectoryInActiveComponentsIfExists('lib').each { libDir -> @@ -237,9 +237,9 @@ sourceSets { exclude excludedConfigFiles // Below are necessary for unit tests run by Gradle and integration tests exclude { FileTreeElement elem -> elem.getName().contains('Labels.xml') } - exclude { FileTreeElement elem -> elem.getName().contains('.properties') && - !elem.getName().contains('start.properties') && - !elem.getName().contains('load-data.properties') && + exclude { FileTreeElement elem -> elem.getName().contains('.properties') && + !elem.getName().contains('start.properties') && + !elem.getName().contains('load-data.properties') && !elem.getName().contains('debug.properties') && !elem.getName().contains('cache.properties') && !elem.getName().contains('test.properties') && @@ -440,7 +440,7 @@ task createTenant(group: ofbizServer, de 'db-IP': project.hasProperty('dbIp')? dbIp : '', 'db-User': project.hasProperty('dbUser')? dbUser : '', 'db-Password': project.hasProperty('dbPassword')? dbPassword : ''] - + generateFileFromTemplate(databaseTemplateFile, 'runtime/tmp', filterTokens, 'tmpFilteredTenantData.xml') } @@ -551,13 +551,13 @@ task generatePluginDocumentation(group: def asciidocFolder = new File("${component}/src/docs/asciidoc") if (asciidocFolder.exists()) { copy { - from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" + from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" into "${component}/src/docs/asciidoc/images" } sourceDir file("${component}/src/docs/asciidoc") outputDir file("${buildDir}/asciidoc/plugins/${component.name}") doLast { println "Documentation generated for plugin ${component.name}" } - + } else { println "No documentation found for plugin ${component.name}" } @@ -569,21 +569,21 @@ task generatePluginDocumentation(group: } } -task generateAllPluginsDocumentation(group: docsGroup, +task generateAllPluginsDocumentation(group: docsGroup, description: 'Generate all plugins documentation.') { - + dependsOn deleteAllPluginsDocumentation file("${pluginsDir}").eachDir { plugin -> iterateOverActiveComponents { component -> if (component.name == plugin.name) { if (subprojectExists(":plugins:${plugin.name}")) { - // Note: the "-" between "component.name" and "Documentation" allows to differentiate from - // the other inner task temporary created by the generatePluginDocumentation task - def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) { + // Note: the "-" between "component.name" and "Documentation" allows to differentiate from + // the other inner task temporary created by the generatePluginDocumentation task + def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) { def asciidocFolder = new File("${component}/src/docs/asciidoc") if (asciidocFolder.exists()) { copy { - from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" + from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg" into "${component}/src/docs/asciidoc/images" } sourceDir file("${component}/src/docs/asciidoc") @@ -592,7 +592,7 @@ task generateAllPluginsDocumentation(gro } mustRunAfter deleteAllPluginsDocumentation } - + dependsOn pluginAsciidoc } doLast { delete "${component}/src/docs/asciidoc/images/OFBiz-Logo.svg" } @@ -700,7 +700,7 @@ task createPlugin(group: ofbizPlugin, de ['config', 'data/helpdata', 'dtd', 'documents', 'entitydef', 'lib', 'patches/test', 'patches/qa', 'patches/production', 'script', 'servicedef', 'src/main/java', 'src/test/java', 'testdef', 'widget', "webapp/${webappName}/error", "webapp/${webappName}/WEB-INF", - "webapp/${webappName}/WEB-INF/actions"].each { + "webapp/${webappName}/WEB-INF/actions"].each { mkdir pluginDir+'/'+it } @@ -725,7 +725,7 @@ task createPlugin(group: ofbizPlugin, de [tempName:'Menus.xml', newName:"${pluginResourceName}Menus.xml", location:'widget'], [tempName:'Forms.xml', newName:"${pluginResourceName}Forms.xml", location:'widget'] ].each { tmpl -> - generateFileFromTemplate(templateDir + '/' + tmpl.tempName, + generateFileFromTemplate(templateDir + '/' + tmpl.tempName, pluginDir + '/' + tmpl.location, filterTokens, tmpl.newName) } @@ -860,7 +860,7 @@ task pullPlugin(group: ofbizPlugin, desc // reverse the order of dependencies to install them before the plugin def ofbizPluginArchives = new ArrayList(configurations.ofbizPlugins.files) Collections.reverse(ofbizPluginArchives) - + // Extract and install plugin and dependencies ofbizPluginArchives.each { pluginArchive -> ext.pluginId = dependencyId.tokenize(':').get(1) @@ -888,7 +888,7 @@ task pullPluginSource(group: ofbizPlugin } } -task pullAllPluginsSource(group: ofbizPlugin, +task pullAllPluginsSource(group: ofbizPlugin, description: 'Download and install all plugins from source control. Warning! deletes existing plugins') { task deleteBeforePulling { @@ -953,7 +953,7 @@ task cleanUploads(group: cleanupGroup, d } task cleanXtra(group: cleanupGroup, description: 'Clean extra generated files like .rej, .DS_Store, etc.') { doLast { - delete fileTree(dir: "${rootDir}", + delete fileTree(dir: "${rootDir}", includes: ['**/.nbattrs', '**/*~','**/.#*', '**/.DS_Store', '**/*.rej', '**/*.orig']) } } Modified: ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle?rev=1856215&r1=1856214&r2=1856215&view=diff ============================================================================== --- ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle (original) +++ ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle Mon Mar 25 17:51:52 2019 @@ -18,5 +18,5 @@ */ dependencies { - pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.10' + pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.16' } \ No newline at end of file |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |