[jira] [Commented] (TAP5-2294) App startup announcement broken on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13917380#comment-13917380
]
Bob Harner commented on TAP5-2294:
--
Jochen, in what way is the startup announcement broken? The announcement prints
out fine for me on Windows 7, both from within Eclipse console (using m2e) and
in the command console (mvn) when launching my test app with jetty:run goal).
App startup announcement broken on Windows
--
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Priority: Minor
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Updated] (TAP5-2294) App startup announcement broken on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bob Harner updated TAP5-2294:
-
Attachment: TAP5-2294 screen shot 1.png
Screenshot showing announcement printing out okay
App startup announcement broken on Windows
--
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Priority: Minor
Attachments: TAP5-2294 screen shot 1.png
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Comment Edited] (TAP5-2294) App startup announcement broken on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13917382#comment-13917382
]
Bob Harner edited comment on TAP5-2294 at 3/2/14 12:26 PM:
---
Screenshot attached showing announcement printing out okay. The white is
Eclipse, the black in the command window.
was (Author: bobharner):
Screenshot showing announcement printing out okay
App startup announcement broken on Windows
--
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Priority: Minor
Attachments: TAP5-2294 screen shot 1.png
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (TAP5-2294) App startup announcement broken on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13917386#comment-13917386
]
Jochen Kemnade commented on TAP5-2294:
--
You're right, I should have provided more information. I use {{slf4j-log4j12}}
with a file appender logger. On Windows (7 FWIW), the new lines are not
printed into the log file. The whole startup announcement is written into a
single line.
App startup announcement broken on Windows
--
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Priority: Minor
Attachments: TAP5-2294 screen shot 1.png
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Assigned] (TAP5-2294) App startup announcement broken on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bob Harner reassigned TAP5-2294:
Assignee: Bob Harner
App startup announcement broken on Windows
--
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Assignee: Bob Harner
Priority: Minor
Attachments: TAP5-2294 screen shot 1.png
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
git commit: Fixed TAP5-2294 (Wrong line endings in app startup messages on Windows)
Repository: tapestry-5
Updated Branches:
refs/heads/master b385e77f8 - c4c5c354f
Fixed TAP5-2294 (Wrong line endings in app startup messages on Windows)
Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo
Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/c4c5c354
Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/c4c5c354
Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/c4c5c354
Branch: refs/heads/master
Commit: c4c5c354f254ba70f76ca21ca98b891c8038b5d3
Parents: b385e77
Author: Bob Harner bobhar...@apache.org
Authored: Sun Mar 2 11:48:08 2014 -0500
Committer: Bob Harner bobhar...@apache.org
Committed: Sun Mar 2 11:48:08 2014 -0500
--
.../tapestry5/internal/TapestryAppInitializer.java | 15 ---
.../services/ComponentClassResolverImpl.java | 15 ---
2 files changed, 24 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/c4c5c354/tapestry-core/src/main/java/org/apache/tapestry5/internal/TapestryAppInitializer.java
--
diff --git
a/tapestry-core/src/main/java/org/apache/tapestry5/internal/TapestryAppInitializer.java
b/tapestry-core/src/main/java/org/apache/tapestry5/internal/TapestryAppInitializer.java
index 74a63af..cfd02de 100644
---
a/tapestry-core/src/main/java/org/apache/tapestry5/internal/TapestryAppInitializer.java
+++
b/tapestry-core/src/main/java/org/apache/tapestry5/internal/TapestryAppInitializer.java
@@ -1,4 +1,4 @@
-// Copyright 2006-2013 The Apache Software Foundation
+// Copyright 2006-2014 The Apache Software Foundation
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
@@ -201,8 +201,16 @@ public class TapestryAppInitializer
return registry;
}
+/**
+ * Announce application startup, by logging (at INFO level) the names of
all pages,
+ * components, mixins and services.
+ */
public void announceStartup()
{
+if (!logger.isInfoEnabled()) // if info logging is off we can stop now
+{
+return;
+}
long toFinish = System.currentTimeMillis();
SymbolSource source = registry.getService(SymbolSource,
SymbolSource.class);
@@ -258,9 +266,10 @@ public class TapestryAppInitializer
buffer.append(/_ __/__ ___ ___ / /___ __ / __/\n);
buffer.append( / / / _ `/ _ \\/ -_|_-/ __/ __/ // / /__ \\ \n);
buffer.append(/_/ \\_,_/ .__/\\__/___/\\__/_/ \\_, / //\n);
-f.format(/_/ /___/ %s%s\n\n,
+f.format (/_/ /___/ %s%s\n\n,
version, productionMode ? : (development mode));
-logger.info(buffer.toString());
+// log multi-line string with OS-specific line endings (TAP5-2294)
+logger.info(buffer.toString().replaceAll(\\n,
System.getProperty(line.separator)));
}
}
http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/c4c5c354/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentClassResolverImpl.java
--
diff --git
a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentClassResolverImpl.java
b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentClassResolverImpl.java
index e8ff689..cad9404 100644
---
a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentClassResolverImpl.java
+++
b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentClassResolverImpl.java
@@ -1,4 +1,4 @@
-// Copyright 2006-2012 The Apache Software Foundation
+// Copyright 2006-2014 The Apache Software Foundation
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
@@ -336,10 +336,18 @@ public class ComponentClassResolverImpl implements
ComponentClassResolver, Inval
return CollectionFactory.newSet(map.values()).size();
}
+/**
+ * Log (at INFO level) the changes between the two
logical-name-to-class-name maps
+ * @param title the title of the things in the maps (e.g. pages or
components)
+ * @param savedMap the old map
+ * @param newMap the new map
+ */
private void showChanges(String title, MapString, String savedMap,
MapString, String newMap)
{
-if (savedMap.equals(newMap))
+if (savedMap.equals(newMap) || !logger.isInfoEnabled()) // nothing to
log?
+{
return;
+}
MapString, String core = CollectionFactory.newMap();
MapString, String nonCore = CollectionFactory.newMap();
@@ -403,7 +411,8 @@
[jira] [Updated] (TAP5-2294) Wrong line endings in app startup messages on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bob Harner updated TAP5-2294:
-
Summary: Wrong line endings in app startup messages on Windows (was: App
startup announcement broken on Windows)
Wrong line endings in app startup messages on Windows
-
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Assignee: Bob Harner
Priority: Minor
Attachments: TAP5-2294 screen shot 1.png
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TAP5-2294) Wrong line endings in app startup messages on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13917481#comment-13917481
]
ASF subversion and git services commented on TAP5-2294:
---
Commit c4c5c354f254ba70f76ca21ca98b891c8038b5d3 in tapestry-5's branch
refs/heads/master from [~bobharner]
[ https://git-wip-us.apache.org/repos/asf?p=tapestry-5.git;h=c4c5c35 ]
Fixed TAP5-2294 (Wrong line endings in app startup messages on Windows)
Wrong line endings in app startup messages on Windows
-
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Assignee: Bob Harner
Priority: Minor
Attachments: TAP5-2294 screen shot 1.png
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Resolved] (TAP5-2294) Wrong line endings in app startup messages on Windows
[
https://issues.apache.org/jira/browse/TAP5-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bob Harner resolved TAP5-2294.
--
Resolution: Fixed
Fix Version/s: 5.4
Fixed in commit c4c5c354
I don't have a unix or mac computer handy. It would be nice if somebody would
verify that announcement messages aren't broken on unix/mac now.
Wrong line endings in app startup messages on Windows
-
Key: TAP5-2294
URL: https://issues.apache.org/jira/browse/TAP5-2294
Project: Tapestry 5
Issue Type: Bug
Components: tapestry-core
Affects Versions: 5.4
Reporter: Jochen Kemnade
Assignee: Bob Harner
Priority: Minor
Fix For: 5.4
Attachments: TAP5-2294 screen shot 1.png
{{org.apache.tapestry5.internal.TapestryAppInitializer.announceStartup()}}
uses {{\n}} to begin new lines. It should use
{{System.getProperty(line.separator)}} instead.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[CONF] Apache Tapestry Building Tapestry from Source
Bob Harner edited the page: Building Tapestry from Source Comment: Added some details on skipping tests ... Command-line users: *( gradlew is the gradle wrapper shell script (gradlew) or batch file (gradlew.bat) found in the root folder of the Tapestry source. ./gradlew build Eclipse Gradle IDE users: Right click on the top-level project (or any sub-project) and select Run As Gradle Build..., which starts an External Tools Configuration dialog box. Enter a reasonable name, select the tasks you want to run (for example, tapestry-core/install), and click Run. Running Individual Tests Eclipse users: Install the TestNG plugin to allow running of individual TestNG unit tests from within in Eclipse. ... Running the Tapestry integration tests can take 10 minutes or more (mostly because of Selenium tests, which repeatedly start and stop the Firefox browser), so you won't want to run them every time you try a change. Command-line users: To build while skipping all tests: ./gradlew build -x test You can skip tests on a specific module by adding a colon and the module name. For example: -x test:tapestry-ioc Eclipse Gradle IDE users: In your External Tools Configuration, add the same -x test option as above at Arguments Program Arguments. Running the Integration Test Apps Manually ... View Online Like View Changes Stop watching space Manage Notifications This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software
[CONF] Apache Tapestry Page And Component Classes FAQ
{footnote}Tapestry would also create an alias . (Tapestry would also create an alias account/view, by stripping off the redundant account suffix. Either name is equally valid in your code, and Tapestry will use the shorter name, account/view in URLs.{footnote})In addition, it is possible to define additional root packages for the application:
Bob Harner edited the page:
Page And Component Classes FAQ
Comment: Fixed footnote problem by doing away with it.
...
You are allowed to create sub-packages, to help organize your code better and more logically. For example, you might have root-package.pages.account.ViewAccount, which would have the page name account/viewaccount
Wiki Markup
Code Block
controls
true
linenumbers
true
public static void contributeComponentClassResolver(ConfigurationLibraryMapping configuration) {
configuration.add(new LibraryMapping(, com.example.app.tasks));
configuration.add(new LibraryMapping(, com.example.app.chat));
}
...
Code Block
controls
true
linenumbers
true
@SupportsInformalParameters
public class DBImage
{
@Parameter(required=true)
private Image image;
@Inject
private ComponentResources resources;
boolean beginRender(MarkupWriter writer)
{
[CONF] Apache Tapestry Limitations
Bob Harner edited the page:
Limitations
Comment: Added note about running Tap 4 5 apps together
...
Although you code Tapestry pages and components as if they were ordinary POJOs (Plain Old Java Objects -- Tapestry does not require you to extend any base classes or implement any special interfaces), as deployed by Tapestry they are closer to a traditional servlet: a single instance of each page services requests from multiple threads. Behind the scenes, Tapestry transforms you code, rewriting it on the fly.
What this means is that any incoming request must be handled by a single page instance. Therefore, Tapestry enforces the concept of static structure, dynamic behavior.
...
How do I run multiple Tapestry applications in the same web application?
This Running multiple Tapestry 5 applications is not supported; there's only one place to identify the application root package, so even configuring multiple filters into multiple folders will not work.
Support for multiple Tapestry applications in the same web application was a specific non-goal in Tapestry 5 (it needlessly complicated Tapestry 4). Given how loosely connected Tapestry 5 pages are from each other, there doesn't seem to be an advantage to doing so ... and certainly, in terms of memory utilization, there is a significant down side, were it even possible.
Youcanrun a Tapestry 4 app and a Tapestry 5 app side-by-side (the package names are different, for just this reason), but they know nothing of each other, and can't interact directly. This is just like the way you could have a single WAR with multiple servlets; the different applications can only communicate via URLs, or shared state in the HttpSession.
Wiki Markup
{scrollbar}
View Online Like View Changes
Stop watching space Manage Notifications
This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software
svn commit: r899778 [2/2] - in /websites/production/tapestry/content: building-tapestry-from-source.html cache/main.pageCache injection-faq.html limitations.html page-and-component-classes-faq.html
Modified:
websites/production/tapestry/content/page-and-component-classes-faq.html
==
--- websites/production/tapestry/content/page-and-component-classes-faq.html
(original)
+++ websites/production/tapestry/content/page-and-component-classes-faq.html
Sun Mar 2 22:20:37 2014
@@ -77,142 +77,26 @@ table.ScrollbarTable td.ScrollbarParent
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width:
16px;border: none;}
-/*]]*//stylediv class=Scrollbartable class=ScrollbarTabletrtd
colspan=1 rowspan=1 class=ScrollbarPrevIcona shape=rect
href=templating-and-markup-faq.htmlimg align=middle border=0
src=https://cwiki.apache.org/confluence/images/icons/back_16.gif; width=16
height=16/a/tdtd colspan=1 rowspan=1 class=ScrollbarPrevName
width=33%a shape=rect href=templating-and-markup-faq.htmlTemplating
and Markup FAQ/a#160;/tdtd colspan=1 rowspan=1
class=ScrollbarParent width=33%supa shape=rect
href=frequently-asked-questions.htmlimg align=middle border=0
src=https://cwiki.apache.org/confluence/images/icons/up_16.gif; width=8
height=8/a/supa shape=rect
href=frequently-asked-questions.htmlFrequently Asked Questions/a/tdtd
colspan=1 rowspan=1 class=ScrollbarNextName width=33%#160;a
shape=rect href=forms-and-form-components-faq.htmlForms and Form
Components FAQ/a/tdtd colspan=1 ro
wspan=1 class=ScrollbarNextIcona shape=rect
href=forms-and-form-components-faq.htmlimg align=middle border=0
src=https://cwiki.apache.org/confluence/images/icons/forwd_16.gif; width=16
height=16/a/td/tr/table/div
-
-h2 id=PageAndComponentClassesFAQ-PageAndComponentClassesPage And Component
Classes/h2
-
-pMain article: a shape=rect href=component-classes.htmlComponent
Classes/a/p
-
-h3
id=PageAndComponentClassesFAQ-What'sthedifferencebetweenapageandacomponent?What's
the difference between a page and a component?/h3
-
-pThere's very little difference between the two. Pages classes must be in
the emroot-package/em.codepages/code package; components must be in the
emroot-package/em.codecomponents/code. Pages may provide event
handlers for certain page-specific events (such as activate and passivate).
Components may have parameters./p
-
-pOther than that, they are more equal than they are different. They may have
templates or may render themselves in code (pages usually have a template,
components are more likely to render only in code)./p
-
-pThe major difference is that Tapestry page templates may be stored in the
web context directory, as if they were static files (they can't be accessed
from the client however; a specific rule prevents access to files with the
code.tml/code extension)./p
-
-div class=aui-message problem shadowed information-macro
+/*]]*//stylediv class=Scrollbartable class=ScrollbarTabletrtd
colspan=1 rowspan=1 class=ScrollbarPrevIcona shape=rect
href=templating-and-markup-faq.htmlimg align=middle border=0
src=https://cwiki.apache.org/confluence/images/icons/back_16.gif; width=16
height=16/a/tdtd colspan=1 rowspan=1 class=ScrollbarPrevName
width=33%a shape=rect href=templating-and-markup-faq.htmlTemplating
and Markup FAQ/a#160;/tdtd colspan=1 rowspan=1
class=ScrollbarParent width=33%supa shape=rect
href=frequently-asked-questions.htmlimg align=middle border=0
src=https://cwiki.apache.org/confluence/images/icons/up_16.gif; width=8
height=8/a/supa shape=rect
href=frequently-asked-questions.htmlFrequently Asked Questions/a/tdtd
colspan=1 rowspan=1 class=ScrollbarNextName width=33%#160;a
shape=rect href=forms-and-form-components-faq.htmlForms and Form
Components FAQ/a/tdtd colspan=1 ro
wspan=1 class=ScrollbarNextIcona shape=rect
href=forms-and-form-components-faq.htmlimg align=middle border=0
src=https://cwiki.apache.org/confluence/images/icons/forwd_16.gif; width=16
height=16/a/td/tr/table/divh2
id=PageAndComponentClassesFAQ-PageAndComponentClassesPage And Component
Classes/h2pMain article: a shape=rect
href=component-classes.htmlComponent Classes/a/ph3
id=PageAndComponentClassesFAQ-What'sthedifferencebetweenapageandacomponent?What's
the difference between a page and a component?/h3pThere's very little
difference between the two. Pages classes must be in the
emroot-package/em.codepages/code package; components must be in the
emroot-package/em.codecomponents/code. Pages may provide event handlers
for certain page-specific events (such as activate and passivate). Components
may have parameters./ppOther than that, they are more equal than they are
different. They may have templates or may
render themselves in code (pages usually have a template, components are more
likely to render only in code)./ppThe major difference is that Tapestry
page templates may be stored in the web context directory, as if they were
static files (they can't be accessed from the client however; a specific rule
prevents
[jira] [Assigned] (TAP5-2295) Exploit found in commons-file-upload 1.3.1
[ https://issues.apache.org/jira/browse/TAP5-2295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bob Harner reassigned TAP5-2295: Assignee: Bob Harner Exploit found in commons-file-upload 1.3.1 Key: TAP5-2295 URL: https://issues.apache.org/jira/browse/TAP5-2295 Project: Tapestry 5 Issue Type: Dependency upgrade Components: tapestry-upload Affects Versions: 5.3.5, 5.3.6, 5.3.7, 5.4, 5.2.0 Reporter: jose luis sanchez Assignee: Bob Harner Labels: bug, commons-file-upload, security, tapestry-upload Just found that commons-file-upload 1.3.1 has a bug that can create a DOS attack . For more information, see http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html I do believe commons-file-upload 1.2.2 it's been used in tapestry-upload since version 5.2 at least, or even older. So recommended option is to update dependency to commons-file-upload-1.3.1.jar -- This message was sent by Atlassian JIRA (v6.2#6252)
git commit: Fixed TAP5-2295 (denial of service vulnerability due to commons-file-upload) by upgrading commons-file-upload from 1.2.2 to 1.3.1, which also required upgrading commons-io from 2.0.1 to 2.
Repository: tapestry-5
Updated Branches:
refs/heads/master c4c5c354f - 9dfe22e08
Fixed TAP5-2295 (denial of service vulnerability due to
commons-file-upload) by upgrading commons-file-upload from 1.2.2 to
1.3.1, which also required upgrading commons-io from 2.0.1 to 2.2.
Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo
Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/9dfe22e0
Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/9dfe22e0
Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/9dfe22e0
Branch: refs/heads/master
Commit: 9dfe22e08556da76d7a35a79d599f4b9a527c4e1
Parents: c4c5c35
Author: Bob Harner bobhar...@apache.org
Authored: Sun Mar 2 23:11:18 2014 -0500
Committer: Bob Harner bobhar...@apache.org
Committed: Sun Mar 2 23:11:18 2014 -0500
--
tapestry-upload/build.gradle| 4 ++--
.../upload/internal/services/StubFileItem.java | 12
2 files changed, 14 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/9dfe22e0/tapestry-upload/build.gradle
--
diff --git a/tapestry-upload/build.gradle b/tapestry-upload/build.gradle
index b149b46..238a92e 100644
--- a/tapestry-upload/build.gradle
+++ b/tapestry-upload/build.gradle
@@ -2,8 +2,8 @@ description = File Upload component, with supporting services
dependencies {
compile project(':tapestry-core')
- compile commons-fileupload:commons-fileupload:1.2.2
- compile commons-io:commons-io:2.0.1
+ compile commons-fileupload:commons-fileupload:1.3.1
+ compile commons-io:commons-io:2.2
provided javax.servlet:servlet-api:${versions.servletapi}
testCompile project(':tapestry-test')
http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/9dfe22e0/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
--
diff --git
a/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
b/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
index 6ad93a6..af14526 100755
---
a/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
+++
b/tapestry-upload/src/test/java/org/apache/tapestry5/upload/internal/services/StubFileItem.java
@@ -15,6 +15,7 @@
package org.apache.tapestry5.upload.internal.services;
import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemHeaders;
import java.io.*;
@@ -131,4 +132,15 @@ public class StubFileItem implements FileItem
{
return isDeleted;
}
+
+/* unused method but required by FileItem interface */
+public FileItemHeaders getHeaders()
+{
+return null;
+}
+
+/* unused method but required by FileItem interface */
+public void setHeaders(FileItemHeaders headers)
+{
+}
}
[jira] [Commented] (TAP5-2295) Exploit found in commons-file-upload 1.3.1
[ https://issues.apache.org/jira/browse/TAP5-2295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13917729#comment-13917729 ] ASF subversion and git services commented on TAP5-2295: --- Commit 9dfe22e08556da76d7a35a79d599f4b9a527c4e1 in tapestry-5's branch refs/heads/master from [~bobharner] [ https://git-wip-us.apache.org/repos/asf?p=tapestry-5.git;h=9dfe22e ] Fixed TAP5-2295 (denial of service vulnerability due to commons-file-upload) by upgrading commons-file-upload from 1.2.2 to 1.3.1, which also required upgrading commons-io from 2.0.1 to 2.2. Exploit found in commons-file-upload 1.3.1 Key: TAP5-2295 URL: https://issues.apache.org/jira/browse/TAP5-2295 Project: Tapestry 5 Issue Type: Dependency upgrade Components: tapestry-upload Affects Versions: 5.3.5, 5.3.6, 5.3.7, 5.4, 5.2.0 Reporter: jose luis sanchez Assignee: Bob Harner Labels: bug, commons-file-upload, security, tapestry-upload Just found that commons-file-upload 1.3.1 has a bug that can create a DOS attack . For more information, see http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html I do believe commons-file-upload 1.2.2 it's been used in tapestry-upload since version 5.2 at least, or even older. So recommended option is to update dependency to commons-file-upload-1.3.1.jar -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TAP5-2295) Exploit found in commons-file-upload 1.3.1
[ https://issues.apache.org/jira/browse/TAP5-2295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13917732#comment-13917732 ] Bob Harner commented on TAP5-2295: -- Fixed in 5.4, but still need to do the same for 5.3.x. Note that we want to avoid commons-io version 2.4 for now because it requires JDK 1.6. Exploit found in commons-file-upload 1.3.1 Key: TAP5-2295 URL: https://issues.apache.org/jira/browse/TAP5-2295 Project: Tapestry 5 Issue Type: Dependency upgrade Components: tapestry-upload Affects Versions: 5.3.5, 5.3.6, 5.3.7, 5.4, 5.2.0 Reporter: jose luis sanchez Assignee: Bob Harner Labels: bug, commons-file-upload, security, tapestry-upload Just found that commons-file-upload 1.3.1 has a bug that can create a DOS attack . For more information, see http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html I do believe commons-file-upload 1.2.2 it's been used in tapestry-upload since version 5.2 at least, or even older. So recommended option is to update dependency to commons-file-upload-1.3.1.jar -- This message was sent by Atlassian JIRA (v6.2#6252)
