[jira] [Commented] (OFBIZ-11261) UtilObject#getObjectException does not handle properties properly

[Mathieu Lirzin (Jira)]

    [ 
https://issues.apache.org/jira/browse/OFBIZ-11261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16960563#comment-16960563
 ] 

Mathieu Lirzin commented on OFBIZ-11261:
----------------------------------------

{quote}Just curious, how did you find that bug? Did you had to add a class?
{quote}
I was working on OFBIZ-11262 to remove deprecation warning in 
{{SafeObjectInputStream}} and got interested in understanding OFBIZ-10837 
underlying problem and how it got fixed. I was suspecting that the 
{{SafeObjectInputStream#resolveProxyClass}} override was not necessary because 
we are always using the current thread classloader which is what the super 
implementation seems to do. As a consequence I decided to write some unit tests 
and rewrite the class to remove unnecessary stuff. While doing that I 
discovered that bug.
{quote}In your commit you say:

The tests have not been backported from ‘trunk’ because of the way 
‘UtilProperties#setPropertyValueInMemory’ work in 18.12.

Because it's related to a security issue covered by OFBIZ-10837 we need bo 
backport the fix in all supported releases branches whatever it takes.
{quote}
Sure I should have asked for someone to do the backport, I just drop the ball 
because releases before 18.12 fail to build on my system because of a Gradle 
issue
{code:java}
$ ./gradlew

FAILURE: Build failed with an exception.

* What went wrong:
Failed to load native library 'libnative-platform.so' for Linux amd64.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug 
option to get more log output.
{code}
Thanks for taking care of the backport.

> UtilObject#getObjectException does not handle properties properly
> -----------------------------------------------------------------
>
>                 Key: OFBIZ-11261
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11261
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Mathieu Lirzin
>            Assignee: Mathieu Lirzin
>            Priority: Major
>             Fix For: Upcoming Branch, Release Branch 18.12
>
>         Attachments: 
> OFBIZ-11261_0001-Improved-Write-tests-for-UtilObject-getObjectExcepti.patch, 
> OFBIZ-11261_0002-Fixed-Handle-whitelist-of-serializable-classes-from-.patch, 
> OFBIZ-11261_0003-Improved-Refactor-UtilObject-getObjectException.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)