Re: The file war\WEB-INF\lib\gwt-servlet.jar has a different size than GWT SDK library gwt-servlet.jar; perhaps it is a different version? gwt-servlet.jar

2022-11-16 Thread Jeff Hill 
I used to see that when I was using a newer GWT version than what was 
checked into WEB-INF/lib jars...  Try taking the gwt-servlet.jar from your 
GWT library and replacing the gwt-servlet.jar in your web app lib folder.

(Eclipse used to have an autofix option that would do that for you).

Jeff

On Wednesday, November 16, 2022 at 1:39:41 PM UTC-7 ngf.ch...@gmail.com 
wrote:

> No one gave a try on this issue?
>
> On Thursday, June 7, 2018 at 9:51:33 AM UTC abdenour Bali wrote:
>
>> Has anybody ran through this error using GWT 2.7
>>
>> Description Resource Path Location Type
>> The file war\WEB-INF\lib\gwt-servlet.jar has a different size than GWT 
>> SDK library gwt-servlet.jar; perhaps it is a different version? 
>> gwt-servlet.jar /XXX/war/WEB-INF/lib Unknown Google Web Toolkit 
>> Problem
>>
>> Thanks.
>> Abdenour
>>
>>

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-web-toolkit/b5c286b7-0392-488d-a994-e6733b87e282n%40googlegroups.com.

Re: The file war\WEB-INF\lib\gwt-servlet.jar has a different size than GWT SDK library gwt-servlet.jar; perhaps it is a different version? gwt-servlet.jar

2022-11-16 Thread Michael Conrad 

Replace the dated version of the jar as the error message indicates.

On 11/16/22 15:39, Christian Nzhie wrote:

No one gave a try on this issue?

On Thursday, June 7, 2018 at 9:51:33 AM UTC abdenour Bali wrote:

Has anybody ran through this error using GWT 2.7

DescriptionResourcePathLocationType
The file war\WEB-INF\lib\gwt-servlet.jar has a different size than
GWT SDK library gwt-servlet.jar; perhaps it is a different
version?gwt-servlet.jar/XXX/war/WEB-INF/libUnknownGoogle Web
Toolkit Problem

Thanks.
Abdenour

--
You received this message because you are subscribed to the Google 
Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to google-web-toolkit+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-web-toolkit/ed9e1fcf-f30f-41d7-be3c-54897c7fb4a8n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-web-toolkit/0bf9d48d-b956-4a6e-3b57-f53ec52d813c%40newsrx.com.

Re: The file war\WEB-INF\lib\gwt-servlet.jar has a different size than GWT SDK library gwt-servlet.jar; perhaps it is a different version? gwt-servlet.jar

2022-11-16 Thread Christian Nzhie 
No one gave a try on this issue?

On Thursday, June 7, 2018 at 9:51:33 AM UTC abdenour Bali wrote:

> Has anybody ran through this error using GWT 2.7
>
> Description Resource Path Location Type
> The file war\WEB-INF\lib\gwt-servlet.jar has a different size than GWT SDK 
> library gwt-servlet.jar; perhaps it is a different version? 
> gwt-servlet.jar /XXX/war/WEB-INF/lib Unknown Google Web Toolkit 
> Problem
>
> Thanks.
> Abdenour
>
>

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-web-toolkit/ed9e1fcf-f30f-41d7-be3c-54897c7fb4a8n%40googlegroups.com.

Re: Security Vulnerabilities with GWT

2022-11-16 Thread Colin Alworth 
Thanks for working on this, Rafat.

I've deployed a build of this to https://repo.vertispan.com/gwt-snapshot/ 
with version 2.11.0-fix-9778-SNAPSHOT. This uses the new groupIds, 
org.gwtproject:gwt-servlet:2.11.0-fix-9778-SNAPSHOT.

For example, see 
https://repo.vertispan.com/gwt-snapshot/org/gwtproject/gwt-servlet/2.11.0-fix-9778-SNAPSHOT/
 
to get the gwt-servlet jar.

The patch looks like what I had expected from earlier discussion, thanks 
for manually confirming it yourself. If someone can confirm the build 
solves this issue, we can move forward with landing it.
On Friday, November 11, 2022 at 2:14:20 PM UTC-6 rafat.a...@gmail.com wrote:

> I did make a PR for fixing this issue by removing the pom.xml file from 
> the rebased jar https://github.com/gwtproject/gwt/pull/9785
>
> I did scan a sample project and attached is the report. It would be great 
> if there is anyone can help verify the fix.
> 
> On Friday, 28 October 2022 at 16:53:20 UTC+2 nilo...@gmail.com wrote:
>
>> This is discussed at https://github.com/gwtproject/gwt/issues/9778 and 
>> https://github.com/gwtproject/gwt/issues/9752: this is a false positive, 
>> but still needs to be corrected. The simplest fix is probably to just stop 
>> packaging up the "I am running an old version" marker file, since the 
>>
>> Is there a functioning "bug bounty" tool for github? I found a few 
>> options that all seem defunct, but this seems like a good candidate for 
>> someone to either scratch their own itch and get it fixed, or fund someone 
>> else who has the time.
>>
>> Regardless, as someone not actually affected by this false positive (so I 
>> can't justify the time right now to focus on it, run the verification that 
>> tools accept the output, etc), I'll put up a bounty of 100USD (via 
>> paypal/etc) to see this fixed, with a bonus 100USD for a first-time 
>> contributor. If someone has experience with a platform for setting up 
>> bounties like this, it might be helpful to formalize future issues.
>>
>> On Wednesday, October 26, 2022 at 4:07:48 PM UTC-5 bsha...@qvera.com 
>> wrote:
>>
>>> I know that this conversation is about 2 years old.  We upgraded to GWT 
>>> 2.10 in hopes that it would resolve the following vulnerabilities with 
>>> protobuf-java, they are all being reports in the gwt-servlet.jar (version 
>>> 2.10.0):
>>> https://nvd.nist.gov/vuln/detail/CVE-2022-3171
>>> https://www.cve.org/CVERecord?id=CVE-2015-5237
>>> https://github.com/advisories/GHSA-wrvw-hg22-4m67
>>> https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
>>> https://nvd.nist.gov/vuln/detail/CVE-2021-22569
>>>
>>> These are all being reported in our project by the AWS Enhanced 
>>> Scanning.  It there any way to upgrade Protobuf from 2.5.0 to the latest 
>>> version of 3.21.8?
>>>
>>> Thanks in advance.
>>> Ben
>>>
>>> On Tuesday, June 30, 2020 at 4:16:01 AM UTC-6 priyako...@gmail.com 
>>> wrote:
>>>
 Thank you very much for quick responses.
 Here are Vulnerabilities listed -


 Gwt-dev.jar -
 1.1 Vulnerable version of jetty library(current version-- 9.2.14, 
 available version -9.2.27+ ) 
 [Associated CVEs -  
 CVE-2017-7656,CVE-2017-7657,CVE-2017-7658,CVE-2017-9735,CVE-2018-12536]
 1.2 Vulnerable version of commons-collections(current version - 3.2.1)  
 [ CVE-2015-6420,CVE-2017-15708,CVE-2014-3577]
 1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current 
 version - 4.3.1)  [ CVE-2015-6420,CVE-2017-15708,CVE-2014-3577]
 1.4 Vulnerable version of Google Protobuf(current version - 2.5.0, 
 available version - 3.4.0) [CVE-2015-5237]
 1.5  Vulnerable version of htmlunit ( current version - 2.19 , 
 available version- 2.37) [CVE-2020-5529]

 Gwt-servlet.jar -
 1.1 Vulnerable version of Google Protobuf(current version - 
 2.5.0, available version - 3.4.0) [CVE-2015-5237]


 On Monday, 29 June 2020 16:27:41 UTC+5:30, Priya Kolekar wrote:
>
>
> Hi All,
>
> Security Vulnerability have been detected in gwt-dev.jar & 
> gwt-servlet.jar(in release 2.8.2) & are reported by Dependency checker 
> tool .
>
> Below are the details -
>
> Gwt-dev.jar -
> 1.1 Vulnerable version of jetty library(current version-- 9.2.14, 
> available version -9.2.27+ )
> 1.2 Vulnerable version of commons-collections(current version - 3.2.1)
> 1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current 
> version - 4.3.1)
> 1.4 Vulnerable version of Google Protobuf(current version - 2.5.0, 
> available version - 3.4.0)
> 1.5  Vulnerable version of htmlunit ( current version - 2.19 , 
> available version- 2.37)
>
> Gwt-servlet.jar -
> 1.1 Vulnerable version of Google Protobuf(current version - 
> 2.5.0, available version - 3.4.0)
>
> Given above vulnerabilities -
>

Re: unable to instal and use gwt-plugin in Eclipse 2022-06 or Eclipse 2022-09

2022-11-16 Thread Jens 
For the time being you can install the plugin from 

https://github.com/gwt-plugins/gwt-eclipse-plugin/issues/406#issuecomment-1278543693

The linked comment in that issue contains a download to install the plugin 
from your disk. Someone also made an update site in some other comments in 
that issue. Also note that if you use the download you might need to 
install some other Eclipse plugins the GWT plugin depends on. See my 
comment in the linked issue above.


-- J.


ngf.ch...@gmail.com schrieb am Dienstag, 15. November 2022 um 17:34:09 
UTC+1:

> I am using Eclipse IDE for Enterprise Java and Web Developers - 2022-09 
> and am unable to install and use gwt plugin.
> 1. I have before then used Eclipse IDE for Enterprise Java and Web 
> Developers - 2022-06 with the same result. The plugin doesn't install in 
> eclipse.
>
>
> How to use gwt now as i can't use it through my IDE.? 
>

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-web-toolkit/ad3fb1c4-b62b-48f5-acb9-176da8cc7fefn%40googlegroups.com.