[jira] [Resolved] (TOMEE-1769) Allow to configure formatter pattern on LocalfileHandler
[ https://issues.apache.org/jira/browse/TOMEE-1769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Romain Manni-Bucau resolved TOMEE-1769. --- Resolution: Fixed > Allow to configure formatter pattern on LocalfileHandler > > > Key: TOMEE-1769 > URL: https://issues.apache.org/jira/browse/TOMEE-1769 > Project: TomEE > Issue Type: New Feature >Reporter: Romain Manni-Bucau >Assignee: Romain Manni-Bucau > Fix For: 7.0.0-M4 > > > * formatterPattern: SimpleFormatter/java.util.Formatter pattern (ignored if > formatter property is provided). > * formatterLocale: Locale to use (default to Locale.getDefault()). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
tomee git commit: TOMEE-1769 allow to configure formatter pattern on LocalFileHandler
Repository: tomee Updated Branches: refs/heads/master 7da1bd748 -> 1cbe8e350 TOMEE-1769 allow to configure formatter pattern on LocalFileHandler Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/1cbe8e35 Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/1cbe8e35 Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/1cbe8e35 Branch: refs/heads/master Commit: 1cbe8e350ad3f78665bceb661437e711ac541790 Parents: 7da1bd7 Author: Romain manni-Bucau Authored: Tue Apr 5 19:30:18 2016 +0200 Committer: Romain manni-Bucau Committed: Tue Apr 5 19:30:18 2016 +0200 -- .../jul/handler/rotating/LocalFileHandler.java | 120 ++- .../LocalFileHandlerPatternFormatterTest.java | 48 2 files changed, 165 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/tomee/blob/1cbe8e35/tomee/tomee-juli/src/main/java/org/apache/tomee/jul/handler/rotating/LocalFileHandler.java -- diff --git a/tomee/tomee-juli/src/main/java/org/apache/tomee/jul/handler/rotating/LocalFileHandler.java b/tomee/tomee-juli/src/main/java/org/apache/tomee/jul/handler/rotating/LocalFileHandler.java index b662b6d..fcb557c 100644 --- a/tomee/tomee-juli/src/main/java/org/apache/tomee/jul/handler/rotating/LocalFileHandler.java +++ b/tomee/tomee-juli/src/main/java/org/apache/tomee/jul/handler/rotating/LocalFileHandler.java @@ -26,10 +26,13 @@ import java.io.InputStream; import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.PrintWriter; +import java.io.StringWriter; import java.io.UnsupportedEncodingException; import java.nio.file.Files; import java.nio.file.attribute.BasicFileAttributes; import java.sql.Timestamp; +import java.util.Date; +import java.util.Locale; import java.util.concurrent.TimeUnit; import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReadWriteLock; @@ -42,7 +45,6 @@ import java.util.logging.Handler; import java.util.logging.Level; import java.util.logging.LogManager; import java.util.logging.LogRecord; -import java.util.logging.SimpleFormatter; import java.util.regex.Pattern; import java.util.zip.Deflater; import java.util.zip.GZIPOutputStream; @@ -67,6 +69,8 @@ import java.util.zip.ZipOutputStream; * | archiveOlderThan | -1 days | how many days files are kept before being compressed * | purgeOlderThan| -1 days | how many days files are kept before being deleted, note: it applies on archives and not log files so 2 days of archiving and 3 days of purge makes it deleted after 5 days. * | compressionLevel | -1 | In case of zip archiving the zip compression level (-1 for off or 0-9). + * | formatterPattern | - | SimpleFormatter pattern (ignored if formatter is provided). + * | formatterLocale | - | Locale to use. * |=== * * NOTE: archiving and purging are done only when a file is rotated, it means it can be ignored during days if there is no logging activity. @@ -172,10 +176,10 @@ public class LocalFileHandler extends Handler { try { setFormatter(Formatter.class.cast(cl.loadClass(formatterName).newInstance())); } catch (final Exception e) { -setFormatter(new SimpleFormatter()); +setFormatter(newSimpleFormatter(className)); } } else { -setFormatter(new SimpleFormatter()); +setFormatter(newSimpleFormatter(className)); } setErrorManager(new ErrorManager()); @@ -183,6 +187,63 @@ public class LocalFileHandler extends Handler { lastTimestamp = System.currentTimeMillis(); } +private Formatter newSimpleFormatter(final String className) { +final String defaultFormat = System.getProperty("java.util.logging.SimpleFormatter.format", "%1$tb %1$td, %1$tY %1$tl:%1$tM:%1$tS %1$Tp %2$s%n%4$s: %5$s%6$s%n"); +final String format = getProperty(className + ".formatterPattern", defaultFormat); +final String locale = getProperty(className + ".formatterLocale", null); +return new PatternFormatter(format, locale == null ? Locale.getDefault() : newLocale(locale)); +} + +private Locale newLocale(final String str) { // LocaleUtils [lang3] +if (str == null) { +return null; +} +if (str.isEmpty()) { +return new Locale("", ""); +} +if (str.contains("#")) { +throw new IllegalArgumentException("Invalid locale format: " +
[jira] [Created] (TOMEE-1769) Allow to configure formatter pattern on LocalfileHandler
Romain Manni-Bucau created TOMEE-1769: - Summary: Allow to configure formatter pattern on LocalfileHandler Key: TOMEE-1769 URL: https://issues.apache.org/jira/browse/TOMEE-1769 Project: TomEE Issue Type: New Feature Reporter: Romain Manni-Bucau Assignee: Romain Manni-Bucau Fix For: 7.0.0-M4 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TOMEE-1769) Allow to configure formatter pattern on LocalfileHandler
[ https://issues.apache.org/jira/browse/TOMEE-1769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Romain Manni-Bucau updated TOMEE-1769: -- Description: * formatterPattern: SimpleFormatter/java.util.Formatter pattern (ignored if formatter property is provided). * formatterLocale: Locale to use (default to Locale.getDefault()). > Allow to configure formatter pattern on LocalfileHandler > > > Key: TOMEE-1769 > URL: https://issues.apache.org/jira/browse/TOMEE-1769 > Project: TomEE > Issue Type: New Feature >Reporter: Romain Manni-Bucau >Assignee: Romain Manni-Bucau > Fix For: 7.0.0-M4 > > > * formatterPattern: SimpleFormatter/java.util.Formatter pattern (ignored if > formatter property is provided). > * formatterLocale: Locale to use (default to Locale.getDefault()). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (TOMEE-1768) Mention CVE-2015-8581 as resolved vulnerability next to CVE-2016-0779
[ https://issues.apache.org/jira/browse/TOMEE-1768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Romain Manni-Bucau resolved TOMEE-1768. --- Resolution: Fixed > Mention CVE-2015-8581 as resolved vulnerability next to CVE-2016-0779 > - > > Key: TOMEE-1768 > URL: https://issues.apache.org/jira/browse/TOMEE-1768 > Project: TomEE > Issue Type: Documentation >Affects Versions: 1.7.4, 7.0.0-M3 >Reporter: Robert Panzer > Labels: documentation > Attachments: patch.diff > > > The current documentation mentions at > http://openejb.apache.org/security/tomee.html CVE-2016-0779 [1] as a > vulnerability resolved in TomEE 1.7.4 and 7.0.0-M3. > CVE-2016-0779 seems to be a duplicate of CVE-2015-8581 [2]. > Therefore CVE-2015-8581 should also be mentioned on this page. > I will provide a patch for this adding a link to the other vulnerability. > [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0779 > [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8581 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
svn commit: r1737824 - /tomee/site/trunk/content/security/tomee.mdtext
Author: rmannibucau Date: Tue Apr 5 11:39:26 2016 New Revision: 1737824 URL: http://svn.apache.org/viewvc?rev=1737824&view=rev Log: mentionning CVE-2015-8581, thanks Robert Panzer for the patch Modified: tomee/site/trunk/content/security/tomee.mdtext Modified: tomee/site/trunk/content/security/tomee.mdtext URL: http://svn.apache.org/viewvc/tomee/site/trunk/content/security/tomee.mdtext?rev=1737824&r1=1737823&r2=1737824&view=diff == --- tomee/site/trunk/content/security/tomee.mdtext (original) +++ tomee/site/trunk/content/security/tomee.mdtext Tue Apr 5 11:39:26 2016 @@ -29,7 +29,11 @@ that even if fixed in 7.0.0-M2 we recomm This issue only affects you if you rely on EJBd protocol (proprietary remote EJB protocol). This one one is not activated by default on the 7.x series but it was on the 1.x ones. -The related CVE number is [CVE-2016-0779](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0779): the EJBd protocol provided by TomEE can exploit the 0-day vulnerability. +The related CVE numbers are: + +* [CVE-2016-0779](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0779): The EJBd protocol provided by TomEE can exploit the 0-day vulnerability. +* [CVE-2015-8581](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8581): The EjbObjectInputStream class in Apache TomEE allows remote attackers to execute arbitrary commands via a serialized Java stream. + This has been fixed in commit 58cdbbef9c77ab2b44870f9d606593b49cde76d9. Check [properties configuration](/properties-listing.html) and [Ejbd transport](/ejbd-transport.html) for more details (tomee.serialization.class.* and tomee.remote.support).