svn commit: r1866893 - in /ofbiz/branches/release16.11: ./ applications/accounting/widget/ar/InvoiceScreens.xml

2019-09-13 Thread jleroux 
Author: jleroux
Date: Fri Sep 13 10:16:20 2019
New Revision: 1866893

URL: http://svn.apache.org/viewvc?rev=1866893=rev
Log:
"Applied fix from trunk framework for revision: 1866890" 

r1866890 | jleroux | 2019-09-13 12:15:03 +0200 (ven. 13 sept. 2019) | 8 lignes

Improved: FindArInvoices request needs performance improvement regarding use of 
EntityListIterator::hasNext method
(OFBIZ-11198)

FindAPInvoices request  does not suffer from this issue nor findInvoice request.

This was due to  definition
Using something similar than  fixes the issue



Modified:
ofbiz/branches/release16.11/   (props changed)

ofbiz/branches/release16.11/applications/accounting/widget/ar/InvoiceScreens.xml

Propchange: ofbiz/branches/release16.11/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 13 10:16:20 2019
@@ -10,6 +10,6 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1783202,1783388,1784549,1784558,1784708,1785882,1785925,1786079,1786214,1786525,1787047,1787133,1787176,1787535,1787906-1787911,1787949,1789665,1789863,1789874,1790396,1790810,1791277,1791288,1791342,1791346,1791490,1791496,1791625,1791634,1791791,1791804,1792270,1792272,1792275,1792432,1792609,1792638,1793300,1794008,1794132,1796047,1796262,1797733,1798668,1798682,1798796,1798803,1798808,1799088,1799183,1799327,1799417,1799687,1799767,1799793,1799859,1800250,1800780,1800832,1800853,1801094,1801262-1801263,1801273-1801274,1801303,1801316,1801318-1801319,1801336,1801340,1801346,1801349-1801350,1801359,1801742,1802657,1802766,1803525,1804656,1804843,1804847,1804859,1805143,1805558,1805880,1806036,1806220,1806266,1806269,1806951,1807597,1807890,1808834,1809399,1809429,1809594,1809741,1810102,1811794,1812387,1813600,1813617,1813647,1813833,1814277,1814319,1814349,1814392,1814501,1814591,1814642,1814644,1814709,1814873,1814928,1814934,1815059,1816264,1816273,
 
1816289,1816291,1816297,1816369,1816373,1816461,1816635,1816795,1818101,1818269,1818273,1818402,1819122,1819136,1819144,1819811,1820823,1820949,1820966,1821012,1821036,1821613,1821965,1822310,1822377,1822383,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825233,1825262,1825444,1825450,1826374,1826592,1826671,1826805,1826938,1828255,1830936,1831234,1831608,1831831,1832577,1832662,1832756,1832944,1833211,1834181,1834191,1835235,1835871,1836144,1838032,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1845418,1845420,1845466,1845544,1845552,1846214,1846594,1846632,1847398,1848263,1848336,1848398,1848444,1848449,1849191,1849193,1849275,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850685,1850914,1850918,1850948,1851200,1851247,1851319,1851805,1851998,1852587,1852818,1853070,1853691,1853745,1853750,1854306,1854457,1855078,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856405,1856455,1856459-1856460,1856484,1856598,18566
 
17,1856667,1857088,1857099,1857180,1857213,1857392,1857617,1857692,1857813,1858141,1858250,1858275,1858312,1858319,1858432,1858444,1858523,1858539,1858933,1858965,1858980,1859012,1859033,1859255,1859263,1859543,1859571,1859576,1859691,1859704,1859796,1859807,1859871,1859877,1859882,1859893,1859968,1859981,1860082,1860141,1860274,1860357,1860526,1860592,1860613,1860797,1861615,1861837,1861859,1861869,1861904,1862045-1862046,1862207,1862271,1862278,1862466,1862648,1864716,1864881,1865811,1865852,1865883,1866259,1866834
+/ofbiz/ofbiz-framework/trunk:1783202,1783388,1784549,1784558,1784708,1785882,1785925,1786079,1786214,1786525,1787047,1787133,1787176,1787535,1787906-1787911,1787949,1789665,1789863,1789874,1790396,1790810,1791277,1791288,1791342,1791346,1791490,1791496,1791625,1791634,1791791,1791804,1792270,1792272,1792275,1792432,1792609,1792638,1793300,1794008,1794132,1796047,1796262,1797733,1798668,1798682,1798796,1798803,1798808,1799088,1799183,1799327,1799417,1799687,1799767,1799793,1799859,1800250,1800780,1800832,1800853,1801094,1801262-1801263,1801273-1801274,1801303,1801316,1801318-1801319,1801336,1801340,1801346,1801349-1801350,1801359,1801742,1802657,1802766,1803525,1804656,1804843,1804847,1804859,1805143,1805558,1805880,1806036,1806220,1806266,1806269,1806951,1807597,1807890,1808834,1809399,1809429,1809594,1809741,1810102,1811794,1812387,1813600,1813617,1813647,1813833,1814277,1814319,1814349,1814392,1814501,1814591,1814642,1814644,1814709,1814873,1814928,1814934,1815059,1816264,1816273,

svn commit: r1866891 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ applications/accounting/widget/ar/InvoiceScreens.xml

2019-09-13 Thread jleroux 
Author: jleroux
Date: Fri Sep 13 10:16:15 2019
New Revision: 1866891

URL: http://svn.apache.org/viewvc?rev=1866891=rev
Log:
"Applied fix from trunk for revision: 1866890" 

r1866890 | jleroux | 2019-09-13 12:15:03 +0200 (ven. 13 sept. 2019) | 8 lignes

Improved: FindArInvoices request needs performance improvement regarding use of 
EntityListIterator::hasNext method
(OFBIZ-11198)

FindAPInvoices request  does not suffer from this issue nor findInvoice request.

This was due to  definition
Using something similar than  fixes the issue


Modified:
ofbiz/ofbiz-framework/branches/release18.12/   (props changed)

ofbiz/ofbiz-framework/branches/release18.12/applications/accounting/widget/ar/InvoiceScreens.xml

Propchange: ofbiz/ofbiz-framework/branches/release18.12/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 13 10:16:15 2019
@@ -10,4 +10,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212,1856405,1856455,1856459-1856460,1856484,1856598,1856610,1856613,1856617,1856667,1857088,1857099,1857152,1857154,1857173,1857180,1857213,1857392,1857617,1857692,1857813,1858035,1858092,1858180,1858250,1858256,1858275,1858319,1858347,1858432,1858444,1858483,1858523,1858539,1858965,1858980,1859033,1859055,1859087,1859255,1859263,1859268,1859543,1859571,1859576,1859691,1859694,1859698,1859704,1859708,1859735,1859796,1859800,1859807,1859871,1859877,1859882,1859909,1859911,1859915,1859931,1859968,1859972,1859981,1860082,1860141,
 
1860274,1860357,1860526,1860592,1860597,1860613,1860797,1861615,1861811,1861815,1861828,1861834,1861837,1861849,1861859,1861869,1862045-1862046,1862207,1862271,1862278,1862466,1862648,1863560,1863838,1863965,1864216,1864716,1864721,1864881,1864891,1864930,1865103,1865344,1865347,1865367,1865370,1865811,1865820,1865852,1865883,1865891,1865924,1866259,1866519,1866834
+/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212,1856405,1856455,1856459-1856460,1856484,1856598,1856610,1856613,1856617,1856667,1857088,1857099,1857152,1857154,1857173,1857180,1857213,1857392,1857617,1857692,1857813,1858035,1858092,1858180,1858250,1858256,1858275,1858319,1858347,1858432,1858444,1858483,1858523,1858539,1858965,1858980,1859033,1859055,1859087,1859255,1859263,1859268,1859543,1859571,1859576,1859691,1859694,1859698,1859704,1859708,1859735,1859796,1859800,1859807,1859871,1859877,1859882,1859909,1859911,1859915,1859931,1859968,1859972,1859981,1860082,1860141,
 
1860274,1860357,1860526,1860592,1860597,1860613,1860797,1861615,1861811,1861815,1861828,1861834,1861837,1861849,1861859,1861869,1862045-1862046,1862207,1862271,1862278,1862466,1862648,1863560,1863838,1863965,1864216,1864716,1864721,1864881,1864891,1864930,1865103,1865344,1865347,1865367,1865370,1865811,1865820,1865852,1865883,1865891,1865924,1866259,1866519,1866834,1866890

Modified: 
ofbiz/ofbiz-framework/branches/release18.12/applications/accounting/widget/ar/InvoiceScreens.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/applications/accounting/widget/ar/InvoiceScreens.xml?rev=1866891=1866890=1866891=diff
==
--- 
ofbiz/ofbiz-framework/branches/release18.12/applications/accounting/widget/ar/InvoiceScreens.xml
 (original)
+++ 
ofbiz/ofbiz-framework/branches/release18.12/applications/accounting/widget/ar/InvoiceScreens.xml
 Fri Sep 13 10:16:15 2019
@@ -63,12 +63,7 @@ under the License.
 
 
 
-
-
-
-
-
-
+
 
 
 
@@ -85,9 +80,7 @@ under the License.

svn commit: r1866892 - in /ofbiz/ofbiz-framework/branches/release17.12: ./ applications/accounting/widget/ar/InvoiceScreens.xml

2019-09-13 Thread jleroux 
Author: jleroux
Date: Fri Sep 13 10:16:17 2019
New Revision: 1866892

URL: http://svn.apache.org/viewvc?rev=1866892=rev
Log:
"Applied fix from trunk for revision: 1866890" 

r1866890 | jleroux | 2019-09-13 12:15:03 +0200 (ven. 13 sept. 2019) | 8 lignes

Improved: FindArInvoices request needs performance improvement regarding use of 
EntityListIterator::hasNext method
(OFBIZ-11198)

FindAPInvoices request  does not suffer from this issue nor findInvoice request.

This was due to  definition
Using something similar than  fixes the issue


Modified:
ofbiz/ofbiz-framework/branches/release17.12/   (props changed)

ofbiz/ofbiz-framework/branches/release17.12/applications/accounting/widget/ar/InvoiceScreens.xml

Propchange: ofbiz/ofbiz-framework/branches/release17.12/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 13 10:16:17 2019
@@ -10,4 +10,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835871,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,
 
1847715,1847890,1848263,1848336,1848386,1848398,1848441,1848444,1848447,1848449,1848467,1848469,1848745,1848849-1848850,1849021,1849165,1849191,1849193,1849275,1849467,1849528,1849540,1849567,1849693,1850015,1850023,1850530,1850647,1850685,1850694,1850914,1850918,1850948,1850953,1851006,1851068,1851074,1851130,1851158,1851163,1851200,1851247,1851319,1851350,1851805,1851998,1852587,1852818,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1855078,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856405,1856455,1856459-1856460,1856484,1856598,1856617,1856667,1857088,1857099,1857173,1857180,1857213,1857392,1857617,1857692,1857813,1858035,1858250,1858256,1858275,1858319,1858432,1858444,1858523,1858539,1858965,1858980,1859033,1859055,1859087,1859255,1859263,1859543,1859571,1859576,1859691,1859694,1859698,1859704,1859708,1859735,1859796,1859800,1859807,1859871,1859877,1859882,1859915,1859931,1859968,1859972,1859981,1860082,1860141,1860274,1860357,1860526,1860592,18606
 
13,1860797,1861615,1861837,1861849,1861859,1861869,1862045-1862046,1862207,1862271,1862278,1862466,1862648,1863560,1864716,1864721,1864881,1864891,1864930,1865344,1865347,1865367,1865370,1865811,1865852,1865883,1865891,1865924,1866259,1866834
+/ofbiz/ofbiz-framework/trunk:1819499,1819598,1819800,1819805,1819811,1819947,1820038,1820262,1820374-1820375,1820441,1820457,1820644,1820658,1820790,1820823,1820949,1820966,1821012,1821036,1821112,1821115,1821144,1821186,1821219,1821226,1821230,1821386,1821613,1821628,1821965,1822125,1822310,1822377,1822383,1822393,1823467,1823562,1823876,1824314,1824316,1824732,1824803,1824847,1824855,1825192,1825211,1825216,1825233,1825450,1826374,1826502,1826592,1826671,1826674,1826780,1826805,1826938,1826997,1827439,1828255,1828316,1828346,1828424,1828512,1828514,1829690,1830936,1831074,1831078,1831234,1831608,1831831,1832577,1832662,1832756,1832800,1832944,1833173,1833211,1834181,1834191,1834736,1835235,1835871,1835887,1835891,1835953,1835964,1836144,1836871,1837857,1838032,1838256,1838381,1840189,1840199,1840828,1841657,1841662,1842372,1842921,1843225,1843893,1844943,1845418,1845420,1845466,1845544,1845552,1845558,1845933,1845995,1846097,1846107,1846214,1846594,1846632,1847398,1847478,1847670,

svn commit: r1866890 - /ofbiz/ofbiz-framework/trunk/applications/accounting/widget/ar/InvoiceScreens.xml

2019-09-13 Thread jleroux 
Author: jleroux
Date: Fri Sep 13 10:15:03 2019
New Revision: 1866890

URL: http://svn.apache.org/viewvc?rev=1866890=rev
Log:
Improved: FindArInvoices request needs performance improvement regarding use of 
EntityListIterator::hasNext method
(OFBIZ-11198)

FindAPInvoices request  does not suffer from this issue nor findInvoice request.

This was due to  definition
Using something similar than  fixes the issue

Modified:

ofbiz/ofbiz-framework/trunk/applications/accounting/widget/ar/InvoiceScreens.xml

Modified: 
ofbiz/ofbiz-framework/trunk/applications/accounting/widget/ar/InvoiceScreens.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/accounting/widget/ar/InvoiceScreens.xml?rev=1866890=1866889=1866890=diff
==
--- 
ofbiz/ofbiz-framework/trunk/applications/accounting/widget/ar/InvoiceScreens.xml
 (original)
+++ 
ofbiz/ofbiz-framework/trunk/applications/accounting/widget/ar/InvoiceScreens.xml
 Fri Sep 13 10:15:03 2019
@@ -63,12 +63,7 @@ under the License.
 
 
 
-
-
-
-
-
-
+
 
 
 
@@ -85,9 +80,7 @@ under the License.
 
 
 
-
-
-
+

buildbot success in on ofbizTrunkFramework

2019-09-13 Thread buildbot 
The Buildbot has detected a restored build on builder ofbizTrunkFramework while 
building . Full details are available at:
https://ci.apache.org/builders/ofbizTrunkFramework/builds/1051

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'onTrunkFrameworkCommit' 
triggered this build
Build Source Stamp: [branch ofbiz/ofbiz-framework/trunk] 1866890
Blamelist: jleroux

Build succeeded!

Sincerely,
 -The Buildbot

svn propchange: r1850015 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850015
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:20:23 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:20:23 2019
@@ -1,6 +1,8 @@
 Improved: Prepare the migration to XStream 1.5
 (OFBIZ-10756)
 
+Fixes CVE-2018-17200
+
 We currently use the UnsupportedClassConverter method in UtilXml class. 
 When the 1.5 version of XStream will be available another way to handle this 
 kind of things will be available and used by default. It's already possible to

svn propchange: r1850019 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850019
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:20:40 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:20:40 2019
@@ -1,6 +1,8 @@
 Improved: Prepare the migration to XStream 1.5
 (OFBIZ-10756)
 
+Fixes CVE-2018-17200
+
 Updates XStream to 1.4.11.1
 
 The previous version was not already supporting XStream::setupDefaultSecurity

svn propchange: r1850017 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850017
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:20:19 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:20:19 2019
@@ -5,6 +5,8 @@ r1850015 | jleroux | 2018-12-31 07:38:36
 Improved: Prepare the migration to XStream 1.5
 (OFBIZ-10756)
 
+Fixes CVE-2018-17200
+
 We currently use the UnsupportedClassConverter method in UtilXml class. 
 When the 1.5 version of XStream will be available another way to handle this 
 kind of things will be available and used by default. It's already possible to

svn propchange: r1850016 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850016
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:21:22 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:21:22 2019
@@ -5,6 +5,8 @@ r1850015 | jleroux | 2018-12-31 07:38:36
 Improved: Prepare the migration to XStream 1.5
 (OFBIZ-10756)
 
+Fixes CVE-2018-17200
+
 We currently use the UnsupportedClassConverter method in UtilXml class. 
 When the 1.5 version of XStream will be available another way to handle this 
 kind of things will be available and used by default. It's already possible to

svn propchange: r1850018 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850018
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:21:54 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:21:54 2019
@@ -5,6 +5,8 @@ r1850015 | jleroux | 2018-12-31 07:38:36
 Improved: Prepare the migration to XStream 1.5
 (OFBIZ-10756)
 
+Fixes CVE-2018-17200
+
 We currently use the UnsupportedClassConverter method in UtilXml class. 
 When the 1.5 version of XStream will be available another way to handle this 
 kind of things will be available and used by default. It's already possible to

svn propchange: r1850648 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850648
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:24:43 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:24:43 2019
@@ -5,6 +5,8 @@ r1850647 | jleroux | 2019-01-07 15:46:50
 Improved: Update Apache commons-fileupload to last version
 (OFBIZ-10770)
 
+Fixes CVE-2019-0189
+
 This is an easy doing, we just need to add
 
 compile 'commons-fileupload:commons-fileupload:1.3-3'

svn propchange: r1850647 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850647
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:24:25 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:24:25 2019
@@ -1,6 +1,8 @@
 Improved: Update Apache commons-fileupload to last version
 (OFBIZ-10770)
 
+Fixes CVE-2019-0189
+
 This is an easy doing, we just need to add
 
 compile 'commons-fileupload:commons-fileupload:1.3-3'

svn propchange: r1850649 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850649
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:25:06 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:25:06 2019
@@ -5,6 +5,8 @@ r1850647 | jleroux | 2019-01-07 15:46:50
 Improved: Update Apache commons-fileupload to last version
 (OFBIZ-10770)
 
+Fixes CVE-2019-0189
+
 This is an easy doing, we just need to add
 
 compile 'commons-fileupload:commons-fileupload:1.3-3'

svn propchange: r1850640 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1850640
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:25:36 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:25:36 2019
@@ -1,6 +1,8 @@
 Improved: Update Apache commons-fileupload to last version
 (OFBIZ-10770)
 
+Fixes CVE-2019-0189
+
 This is an easy doing, we just need to add
 
 compile 'commons-fileupload:commons-fileupload:1.3-3'

svn propchange: r1853745 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853745
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:27:59 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:27:59 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list I used was not complete.
 This adds "java.util.HashMap", "Boolean", "Number", "Integer" which are the 
ones
 missing I found so far.

svn propchange: r1855287 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855287
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:28:29 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:28:29 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Rohit at OFBIZ-10573
 This adds FlexibleStringExpander

svn propchange: r1855492 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855492
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:29:05 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:29:05 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.util.Date

svn propchange: r1855488 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855488
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:28:53 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:28:53 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.sql.Timestamp

svn propchange: r1855371 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855371
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:28:42 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:28:42 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Deepak at OFBIZ-10837
 This adds sun.util.calendar.ZoneInfo

svn propchange: r1853691 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853691
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:27:42 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:27:42 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 As reported by FindBugs and Sonar, it's troubling (a Bad practice in Sonar[1], 
 a code smell in Findbugs[2]) when extending to use the same name than the 
 extended Object

svn propchange: r1857392 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1857392
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:30:14 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:30:14 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Cleans and simplifies things in UtilObject.java and also handles patterns. 
 That's what we missed most when needing to update.

svn propchange: r1856459 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856459
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:29:40 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:29:40 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 There was a recurring typo in previous commit.
 For arrays of primitives it should be 
 "[Z","[B","[S","[I","[J","[F","[D","[C"

svn propchange: r1856460 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856460
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:29:51 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:29:51 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 There was a recurring typo in previous commit.
 For arrays of primitives it should be 
 "\\[Z","\\[B","\\[S","\\[I","\\[J","\\[F","\\[D","\\[C"

svn propchange: r1856484 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856484
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:30:03 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:30:03 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds 
 org.apache.ofbiz.widget.model.ModelTheme

svn propchange: r1856405 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856405
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:29:16 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:29:16 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.math.BigDecimal and "[B" (ie [B == byte[] and I don't understand

svn propchange: r1856455 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856455
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:29:27 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:29:27 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds all arrays of primitives and java.math.BigDecimal

svn propchange: r1855372 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855372
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:32:11 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:32:11 2019
@@ -5,6 +5,8 @@ r1855371 | jleroux | 2019-03-13 09:19:32
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Deepak at OFBIZ-10837
 This adds sun.util.calendar.ZoneInfo

svn propchange: r1855288 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855288
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:32:00 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:32:00 2019
@@ -5,6 +5,8 @@ r1855287 | jleroux | 2019-03-12 09:29:37
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Rohit at OFBIZ-10573
 This adds FlexibleStringExpander

svn propchange: r1855489 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855489
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:32:21 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:32:21 2019
@@ -5,6 +5,8 @@ r1855488 | jleroux | 2019-03-14 08:42:17
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.sql.Timestamp

svn propchange: r1866834 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1866834
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:30:24 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:30:24 2019
@@ -1,6 +1,8 @@
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Allows users to easily override the list of accepted objects by using the
 listOfSafeObjectsForInputStream property

svn propchange: r1853746 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853746
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:31:05 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:31:05 2019
@@ -5,6 +5,8 @@ r1853745 | jleroux | 2019-02-17 13:38:06
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list I used was not complete.
 This adds "java.util.HashMap", "Boolean", "Number", "Integer" which are the 
ones
 missing I found so far.

svn propchange: r1853692 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853692
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:30:54 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:30:54 2019
@@ -5,6 +5,8 @@ r1853691 | jleroux | 2019-02-16 10:42:03
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 As reported by FindBugs and Sonar, it's troubling (a Bad practice in Sonar[1], 
 a code smell in Findbugs[2]) when extending to use the same name than the 
 extended Object

svn propchange: r1866835 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1866835
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:30:40 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:30:40 2019
@@ -5,6 +5,8 @@ r1866834 | jleroux | 2019-09-12 09:49:41
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Allows users to easily override the list of accepted objects by using the
 listOfSafeObjectsForInputStream property

svn propchange: r1856456 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856456
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:33:00 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:33:00 2019
@@ -5,6 +5,8 @@ r1856455 | jleroux | 2019-03-28 08:50:32
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds all arrays of primitives and java.math.BigDecimal

svn propchange: r1855493 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855493
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:32:39 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:32:39 2019
@@ -5,6 +5,8 @@ r1855492 | jleroux | 2019-03-14 09:28:27
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.util.Date

svn propchange: r1856461 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856461
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:33:11 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:33:11 2019
@@ -5,6 +5,8 @@ r1856460 | jleroux | 2019-03-28 09:30:21
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 There was a recurring typo in previous commit.
 For arrays of primitives it should be 
 "\\[Z","\\[B","\\[S","\\[I","\\[J","\\[F","\\[D","\\[C"

svn propchange: r1856406 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856406
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:32:49 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:32:49 2019
@@ -5,6 +5,8 @@ r1856405 | jleroux | 2019-03-27 15:16:24
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.math.BigDecimal and "[B" (ie [B == byte[] and I don't understand

svn propchange: r1853694 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853694
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:33:52 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:33:52 2019
@@ -5,6 +5,8 @@ r1853691 | jleroux | 2019-02-16 10:42:03
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 As reported by FindBugs and Sonar, it's troubling (a Bad practice in Sonar[1], 
 a code smell in Findbugs[2]) when extending to use the same name than the 
 extended Object

svn propchange: r1857393 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1857393
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:33:32 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:33:32 2019
@@ -5,6 +5,8 @@ r1857392 | jleroux | 2019-04-12 11:29:03
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Cleans and simplifies things in UtilObject.java and also handles patterns. 
 That's what we missed most when needing to update.

svn propchange: r1856485 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856485
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:33:23 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:33:23 2019
@@ -5,6 +5,8 @@ r1856484 | jleroux | 2019-03-28 16:36:13
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds 
 org.apache.ofbiz.widget.model.ModelTheme

svn propchange: r1866835 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1866835
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:33:42 2019
--
(empty)

svn propchange: r1853747 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853747
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:36:17 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:36:17 2019
@@ -5,6 +5,8 @@ r1853745 | jleroux | 2019-02-17 13:38:06
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list I used was not complete.
 This adds "java.util.HashMap", "Boolean", "Number", "Integer" which are the 
ones
 missing I found so far.

svn propchange: r1855289 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855289
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:36:28 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:36:28 2019
@@ -5,6 +5,8 @@ r1855287 | jleroux | 2019-03-12 09:29:37
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Rohit at OFBIZ-10573
 This adds FlexibleStringExpander

svn propchange: r1855490 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855490
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:36:49 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:36:49 2019
@@ -5,6 +5,8 @@ r1855488 | jleroux | 2019-03-14 08:42:17
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.sql.Timestamp

svn propchange: r1855373 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855373
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:36:38 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:36:38 2019
@@ -5,6 +5,8 @@ r1855371 | jleroux | 2019-03-13 09:19:32
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Deepak at OFBIZ-10837
 This adds sun.util.calendar.ZoneInfo

svn propchange: r1855494 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855494
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:37:00 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:37:00 2019
@@ -5,6 +5,8 @@ r1855492 | jleroux | 2019-03-14 09:28:27
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.util.Date

svn propchange: r1856407 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856407
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:37:10 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:37:10 2019
@@ -5,6 +5,8 @@ r1856405 | jleroux | 2019-03-27 15:16:24
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.math.BigDecimal and "[B" (ie [B == byte[] and I don't understand

svn propchange: r1855290 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855290
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:38:44 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:38:44 2019
@@ -5,6 +5,8 @@ r1855287 | jleroux | 2019-03-12 09:29:37
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Rohit at OFBIZ-10573
 This adds FlexibleStringExpander
 
@@ -13,4 +15,3 @@ Anyway I'll not change it.
 
 Thanks: Rohit Koushal
 
-

svn propchange: r1853695 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853695
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:38:21 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:38:21 2019
@@ -5,6 +5,8 @@ r1853691 | jleroux | 2019-02-16 10:42:03
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 As reported by FindBugs and Sonar, it's troubling (a Bad practice in Sonar[1], 
 a code smell in Findbugs[2]) when extending to use the same name than the 
 extended Object
@@ -12,4 +14,3 @@ extended Object
 [1] 
https://sbforge.org/sonar/rules/show/findbugs:NM_SAME_SIMPLE_NAME_AS_SUPERCLASS?layout=false
 [2] https://logging.apache.org/log4j/log4j-2.2/log4j-jul/findbugs.html
 
-

svn propchange: r1853748 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1853748
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:38:33 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:38:33 2019
@@ -5,10 +5,11 @@ r1853745 | jleroux | 2019-02-17 13:38:06
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list I used was not complete.
 This adds "java.util.HashMap", "Boolean", "Number", "Integer" which are the 
ones
 missing I found so far. 
 Maybe other classes could still miss OOTB. So I added a warning in 
 SafeObjectInputStream::resolveClass
 
-

svn propchange: r1856457 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856457
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:37:21 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:37:21 2019
@@ -5,6 +5,8 @@ r1856455 | jleroux | 2019-03-28 08:50:32
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds all arrays of primitives and java.math.BigDecimal

svn propchange: r1856462 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856462
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:37:32 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:37:32 2019
@@ -5,6 +5,8 @@ r1856460 | jleroux | 2019-03-28 09:30:21
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 There was a recurring typo in previous commit.
 For arrays of primitives it should be 
 "\\[Z","\\[B","\\[S","\\[I","\\[J","\\[F","\\[D","\\[C"

svn propchange: r1856486 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856486
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:37:44 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:37:44 2019
@@ -5,6 +5,8 @@ r1856484 | jleroux | 2019-03-28 16:36:13
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds 
 org.apache.ofbiz.widget.model.ModelTheme

svn propchange: r1857394 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1857394
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:37:56 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:37:56 2019
@@ -5,6 +5,8 @@ r1857392 | jleroux | 2019-04-12 11:29:03
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Cleans and simplifies things in UtilObject.java and also handles patterns. 
 That's what we missed most when needing to update.

svn propchange: r1866836 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1866836
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:38:07 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:38:07 2019
@@ -5,6 +5,8 @@ r1866834 | jleroux | 2019-09-12 09:49:41
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Allows users to easily override the list of accepted objects by using the
 listOfSafeObjectsForInputStream property

svn propchange: r1855374 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855374
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:39:55 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:39:55 2019
@@ -5,6 +5,8 @@ r1855371 | jleroux | 2019-03-13 09:19:32
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Deepak at OFBIZ-10837
 This adds sun.util.calendar.ZoneInfo

svn propchange: r1855491 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855491
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:40:07 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:40:07 2019
@@ -5,6 +5,8 @@ r1855488 | jleroux | 2019-03-14 08:42:17
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.sql.Timestamp

svn propchange: r1856408 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856408
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:40:31 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:40:31 2019
@@ -5,6 +5,8 @@ r1856405 | jleroux | 2019-03-27 15:16:24
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.math.BigDecimal and "[B" (ie [B == byte[] and I don't understand
@@ -15,4 +17,3 @@ Anyway I'll not change it.
 
 Thanks: Ingo Wolfmayr at OFBIZ-10870
 
-

svn propchange: r1856487 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856487
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:41:02 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:41:02 2019
@@ -5,6 +5,8 @@ r1856484 | jleroux | 2019-03-28 16:36:13
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds 
 org.apache.ofbiz.widget.model.ModelTheme
@@ -16,4 +18,3 @@ java.util.TimeZonz
 
 Thanks: Ed Mack at OFBIZ-10876
 
-

svn propchange: r1856463 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856463
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:40:52 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:40:52 2019
@@ -5,6 +5,8 @@ r1856460 | jleroux | 2019-03-28 09:30:21
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 There was a recurring typo in previous commit.
 For arrays of primitives it should be 
 "\\[Z","\\[B","\\[S","\\[I","\\[J","\\[F","\\[D","\\[C"
@@ -13,4 +15,3 @@ and not
 It shows how tired I'm :/
 
 
-

svn propchange: r1857395 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1857395
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:41:12 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:41:12 2019
@@ -5,6 +5,8 @@ r1857392 | jleroux | 2019-04-12 11:29:03
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Cleans and simplifies things in UtilObject.java and also handles patterns. 
 That's what we missed most when needing to update.
 
@@ -17,4 +19,3 @@ Also includes work done in UtilObject.ja
 
 
 
-

svn propchange: r1855495 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1855495
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:40:20 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:40:20 2019
@@ -5,6 +5,8 @@ r1855492 | jleroux | 2019-03-14 09:28:27
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Wolfgang Rauchholz on user
 ML 
 This adds java.util.Date
@@ -14,4 +16,3 @@ Anyway I'll not change it.
 
 Thanks: Wolfgang Rauchholz
 
-

svn propchange: r1856458 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1856458
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:40:41 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:40:41 2019
@@ -5,9 +5,10 @@ r1856455 | jleroux | 2019-03-28 08:50:32
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 The white list was still not complete as reported by Ed Mack
 This adds all arrays of primitives and java.math.BigDecimal 
 
 Thanks: Ed Mack at OFBIZ-10876
 
-

svn propchange: r1866837 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1866837
Modified property: svn:log

Modified: svn:log at Fri Sep 13 07:41:23 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 07:41:23 2019
@@ -5,10 +5,11 @@ r1866834 | jleroux | 2019-09-12 09:49:41
 Improved: Improve ObjectInputStream class
 (OFBIZ-10837)
 
+Fixes CVE-2019-0189
+
 Allows users to easily override the list of accepted objects by using the
 listOfSafeObjectsForInputStream property
 
 CVE-2019-0189
 
 
-

svn propchange: r1858533 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858533
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:06:19 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:06:19 2019
@@ -3,5 +3,6 @@
 r1858523 | lektran | 2019-05-02 10:59:11 +0200 (jeu. 02 mai 2019) | 1 ligne
 
 Fixed: Ensure the story field in ordermgr's EditCustRequest form is html 
encoded (OFBIZ-11006)
+
+Fixes CVE-2019-10074
 
-

svn propchange: r1858532 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858532
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:07:16 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:07:16 2019
@@ -3,4 +3,6 @@
 r1858523 | lektran | 2019-05-02 10:59:11 +0200 (jeu. 02 mai 2019) | 1 ligne
 
 Fixed: Ensure the story field in ordermgr's EditCustRequest form is html 
encoded (OFBIZ-11006)
+
+Fixes CVE-2019-10074

svn propchange: r1858531 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858531
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:07:01 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:07:01 2019
@@ -3,4 +3,6 @@
 r1858523 | lektran | 2019-05-02 10:59:11 +0200 (jeu. 02 mai 2019) | 1 ligne
 
 Fixed: Ensure the story field in ordermgr's EditCustRequest form is html 
encoded (OFBIZ-11006)
+
+Fixes CVE-2019-10074

svn propchange: r1858523 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858523
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:06:41 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:06:41 2019
@@ -1 +1,3 @@
 Fixed: Ensure the story field in ordermgr's EditCustRequest form is html 
encoded (OFBIZ-11006)
+
+Fixes CVE-2019-10074

svn propchange: r1858432 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858432
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:11:54 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:11:54 2019
@@ -1,3 +1,5 @@
 [Fixed]: Added permission checks to three blog/forum services; improved the 
 configuration for the "add article forum" form (the source tab is not needed 
in 
 the ecommerce application).
+
+Fixes CVE-2019-10073

svn propchange: r1858436 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858436
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:13:28 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:13:28 2019
@@ -5,3 +5,4 @@ Applied fix from trunk for revision: 185
 configuration for the "add article forum" form (the source tab is not needed 
in 
 the ecommerce application).
 
+Fixes CVE-2019-10073

svn propchange: r1858438 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858438
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:13:36 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:13:36 2019
@@ -5,3 +5,4 @@ Applied fix from trunk for revision: 185
 configuration for the "add article forum" form (the source tab is not needed 
in 
 the ecommerce application).
 
+Fixes CVE-2019-10073

svn propchange: r1858437 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858437
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:18:23 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:18:23 2019
@@ -5,3 +5,4 @@ Applied fix from trunk for revision: 185
 configuration for the "add article forum" form (the source tab is not needed 
in 
 the ecommerce application).
 
+Fixes CVE-2019-10073

svn propchange: r1858539 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858539
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:21:21 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:21:21 2019
@@ -2,3 +2,5 @@ Improved: Replaced permission-service wi
 perform permission checks in a way that is more consistent with the screen 
 permissions set in the ecommerce blog/forum screens.
 
+Fixes CVE-2019-10073
+

svn propchange: r1858541 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858541
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:21:30 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:21:30 2019
@@ -5,4 +5,4 @@ Improved: Replaced permission-service wi
 perform permission checks in a way that is more consistent with the screen 
 permissions set in the ecommerce blog/forum screens.
 
-
+Fixes CVE-2019-10073

svn propchange: r1858540 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858540
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:21:26 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:21:26 2019
@@ -5,4 +5,4 @@ Improved: Replaced permission-service wi
 perform permission checks in a way that is more consistent with the screen 
 permissions set in the ecommerce blog/forum screens.
 
-
+Fixes CVE-2019-10073

svn propchange: r1860593 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860593
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:22:44 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:22:44 2019
@@ -4,3 +4,4 @@ Applied fix from trunk for revision: 186
 Fixed: removed override directives to let the system perform proper validation 
 of user input.
 
+Fixes CVE-2019-10073

svn propchange: r1860595 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860595
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:22:56 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:22:56 2019
@@ -4,3 +4,4 @@ Applied fix from trunk for revision: 186
 Fixed: removed override directives to let the system perform proper validation 
 of user input.
 
+Fixes CVE-2019-10073

svn propchange: r1860592 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860592
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:22:40 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:22:40 2019
@@ -1,2 +1,4 @@
 Fixed: removed override directives to let the system perform proper validation 
 of user input.
+
+Fixes CVE-2019-10073

svn propchange: r1860594 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860594
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:22:47 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:22:47 2019
@@ -4,3 +4,4 @@ Applied fix from trunk for revision: 186
 Fixed: removed override directives to let the system perform proper validation 
 of user input.
 
+Fixes CVE-2019-10073

svn propchange: r1860594 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860594
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:22:25 2019
--
(empty)

svn propchange: r1858543 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1858543
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:21:34 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:21:34 2019
@@ -5,4 +5,4 @@ Improved: Replaced permission-service wi
 perform permission checks in a way that is more consistent with the screen 
 permissions set in the ecommerce blog/forum screens.
 
-
+Fixes CVE-2019-10073

svn propchange: r1860614 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860614
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:23:55 2019
--
(empty)

svn propchange: r1860613 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860613
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:24:06 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:24:06 2019
@@ -1,2 +1,4 @@
 Fixed: fine tuned the sanitization of user input by allowing "safe" content; 
 thanks to Jacques for the suggestion.
+
+Fixes CVE-2019-10073

svn propchange: r1860614 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860614
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:23:47 2019
--
(empty)

svn propchange: r1860615 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860615
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:24:17 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:24:17 2019
@@ -4,3 +4,4 @@ Applied fix from trunk for revision: 186
 Fixed: fine tuned the sanitization of user input by allowing "safe" content; 
 thanks to Jacques for the suggestion.
 
+Fixes CVE-2019-10073

svn propchange: r1860616 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860616
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:24:24 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:24:24 2019
@@ -4,3 +4,4 @@ Applied fix from trunk for revision: 186
 Fixed: fine tuned the sanitization of user input by allowing "safe" content; 
 thanks to Jacques for the suggestion.
 
+Fixes CVE-2019-10073

svn propchange: r1860614 - svn:log

2019-09-13 Thread jleroux 
Author: jleroux
Revision: 1860614
Modified property: svn:log

Modified: svn:log at Fri Sep 13 08:24:10 2019
--
--- svn:log (original)
+++ svn:log Fri Sep 13 08:24:10 2019
@@ -4,3 +4,4 @@ Applied fix from trunk for revision: 186
 Fixed: fine tuned the sanitization of user input by allowing "safe" content; 
 thanks to Jacques for the suggestion.
 
+Fixes CVE-2019-10073