[ https://issues.apache.org/jira/browse/OFBIZ-11261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16960563#comment-16960563 ]
Mathieu Lirzin commented on OFBIZ-11261: ---------------------------------------- {quote}Just curious, how did you find that bug? Did you had to add a class? {quote} I was working on OFBIZ-11262 to remove deprecation warning in {{SafeObjectInputStream}} and got interested in understanding OFBIZ-10837 underlying problem and how it got fixed. I was suspecting that the {{SafeObjectInputStream#resolveProxyClass}} override was not necessary because we are always using the current thread classloader which is what the super implementation seems to do. As a consequence I decided to write some unit tests and rewrite the class to remove unnecessary stuff. While doing that I discovered that bug. {quote}In your commit you say: The tests have not been backported from ‘trunk’ because of the way ‘UtilProperties#setPropertyValueInMemory’ work in 18.12. Because it's related to a security issue covered by OFBIZ-10837 we need bo backport the fix in all supported releases branches whatever it takes. {quote} Sure I should have asked for someone to do the backport, I just drop the ball because releases before 18.12 fail to build on my system because of a Gradle issue {code:java} $ ./gradlew FAILURE: Build failed with an exception. * What went wrong: Failed to load native library 'libnative-platform.so' for Linux amd64. * Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. {code} Thanks for taking care of the backport. > UtilObject#getObjectException does not handle properties properly > ----------------------------------------------------------------- > > Key: OFBIZ-11261 > URL: https://issues.apache.org/jira/browse/OFBIZ-11261 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Trunk > Reporter: Mathieu Lirzin > Assignee: Mathieu Lirzin > Priority: Major > Fix For: Upcoming Branch, Release Branch 18.12 > > Attachments: > OFBIZ-11261_0001-Improved-Write-tests-for-UtilObject-getObjectExcepti.patch, > OFBIZ-11261_0002-Fixed-Handle-whitelist-of-serializable-classes-from-.patch, > OFBIZ-11261_0003-Improved-Refactor-UtilObject-getObjectException.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)