This is an automated email from the ASF dual-hosted git repository.
jgallimore pushed a commit to branch tomee-7.1.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
The following commit(s) were added to refs/heads/tomee-7.1.x by this push:
new 8899dd7 Update to Quartz 2.2.4 which addresses an XXE in the Quartz
Library
8899dd7 is described below
commit 8899dd7e1a1dd012547365f69ee9aff982086cfb
Author: Jonathan Gallimore <[email protected]>
AuthorDate: Wed Sep 25 11:58:25 2019 +0100
Update to Quartz 2.2.4 which addresses an XXE in the Quartz Library
---
.../main/java/org/apache/openejb/core/timer/EjbTimerServiceImpl.java | 3 ---
.../org/apache/openejb/resource/quartz/QuartzResourceAdapter.java | 2 --
pom.xml | 4 ++--
3 files changed, 2 insertions(+), 7 deletions(-)
diff --git
a/container/openejb-core/src/main/java/org/apache/openejb/core/timer/EjbTimerServiceImpl.java
b/container/openejb-core/src/main/java/org/apache/openejb/core/timer/EjbTimerServiceImpl.java
index b22d20d..9971f5f 100644
---
a/container/openejb-core/src/main/java/org/apache/openejb/core/timer/EjbTimerServiceImpl.java
+++
b/container/openejb-core/src/main/java/org/apache/openejb/core/timer/EjbTimerServiceImpl.java
@@ -221,9 +221,6 @@ public class EjbTimerServiceImpl implements
EjbTimerService, Serializable {
if
(!properties.containsKey(StdSchedulerFactory.PROP_SCHED_INSTANCE_NAME)) {
properties.put(StdSchedulerFactory.PROP_SCHED_INSTANCE_NAME,
"OpenEJB-TimerService-Scheduler");
}
- if
(!properties.containsKey(StdSchedulerFactory.PROP_SCHED_SKIP_UPDATE_CHECK)) {
- properties.put(StdSchedulerFactory.PROP_SCHED_SKIP_UPDATE_CHECK,
"true");
- }
if (!properties.containsKey("org.terracotta.quartz.skipUpdateCheck")) {
properties.put("org.terracotta.quartz.skipUpdateCheck", "true");
}
diff --git
a/container/openejb-core/src/main/java/org/apache/openejb/resource/quartz/QuartzResourceAdapter.java
b/container/openejb-core/src/main/java/org/apache/openejb/resource/quartz/QuartzResourceAdapter.java
index a5d1086..5b883e3 100644
---
a/container/openejb-core/src/main/java/org/apache/openejb/resource/quartz/QuartzResourceAdapter.java
+++
b/container/openejb-core/src/main/java/org/apache/openejb/resource/quartz/QuartzResourceAdapter.java
@@ -82,8 +82,6 @@ public class QuartzResourceAdapter implements ResourceAdapter
{
,
JavaSecurityManagers.getSystemProperty(StdSchedulerFactory.PROP_SCHED_INTERRUPT_JOBS_ON_SHUTDOWN_WITH_WAIT,
"true"));
//Let the user enable this if they really want it
-
JavaSecurityManagers.setSystemProperty(StdSchedulerFactory.PROP_SCHED_SKIP_UPDATE_CHECK
- ,
JavaSecurityManagers.getSystemProperty(StdSchedulerFactory.PROP_SCHED_SKIP_UPDATE_CHECK,
"true"));
JavaSecurityManagers.setSystemProperty("org.terracotta.quartz.skipUpdateCheck"
,
JavaSecurityManagers.getSystemProperty("org.terracotta.quartz.skipUpdateCheck",
"true"));
diff --git a/pom.xml b/pom.xml
index 2247565..4c7e48a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1400,10 +1400,10 @@
<dependency>
<groupId>org.apache.openejb.shade</groupId>
<artifactId>quartz-openejb-shade</artifactId>
- <version>2.2.1</version>
+ <version>2.2.4</version>
<exclusions>
<exclusion>
- <groupId>org.quartz-scheduler</groupId>
+ <groupId>org.tomitribe.quartz</groupId>
<artifactId>quartz</artifactId>
</exclusion>
<exclusion>
