[jira] [Resolved] (OPENJPA-2672) ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability

2016-10-11 Thread Jody Grassel (JIRA) 

 [ 
https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jody Grassel resolved OPENJPA-2672.
---
   Resolution: Fixed
Fix Version/s: 3.0.0
   2.2.3

> ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException 
> vulnerability
> ---
>
> Key: OPENJPA-2672
> URL: https://issues.apache.org/jira/browse/OPENJPA-2672
> Project: OpenJPA
>  Issue Type: Bug
>  Components: lib
>Affects Versions: 2.2.3
>Reporter: Jody Grassel
>Assignee: Jody Grassel
> Fix For: 2.2.3, 3.0.0
>
> Attachments: OPENJPA_22X-2672.patch
>
>
> The following block in the loadGlobals() method:
> // let system properties override other globals
> try {
> fromProperties(new HashMap(
> AccessController.doPrivileged(
> J2DoPrivHelper.getPropertiesAction(;
> retrieves a Properties object from System.getProperties(), which is passed to 
> HashMap's ctor.  The ctor interacts with an enumerator associated with the 
> Properties object to populate the new HashMap instance.  However, if another 
> thread mutates the JVM's System Properties, it can result in a 
> ConcurrentModificationException as observed below:
> Caused by: java.util.ConcurrentModificationException
> at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
> at java.util.HashMap.putAllForCreate(HashMap.java:566)
> at java.util.HashMap.(HashMap.java:310)
> at 
> org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (OPENJPA-2672) ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability

2016-10-11 Thread Jody Grassel (JIRA) 

 [ 
https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jody Grassel closed OPENJPA-2672.
-

> ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException 
> vulnerability
> ---
>
> Key: OPENJPA-2672
> URL: https://issues.apache.org/jira/browse/OPENJPA-2672
> Project: OpenJPA
>  Issue Type: Bug
>  Components: lib
>Affects Versions: 2.2.3
>Reporter: Jody Grassel
>Assignee: Jody Grassel
> Fix For: 2.2.3, 3.0.0
>
> Attachments: OPENJPA_22X-2672.patch
>
>
> The following block in the loadGlobals() method:
> // let system properties override other globals
> try {
> fromProperties(new HashMap(
> AccessController.doPrivileged(
> J2DoPrivHelper.getPropertiesAction(;
> retrieves a Properties object from System.getProperties(), which is passed to 
> HashMap's ctor.  The ctor interacts with an enumerator associated with the 
> Properties object to populate the new HashMap instance.  However, if another 
> thread mutates the JVM's System Properties, it can result in a 
> ConcurrentModificationException as observed below:
> Caused by: java.util.ConcurrentModificationException
> at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
> at java.util.HashMap.putAllForCreate(HashMap.java:566)
> at java.util.HashMap.(HashMap.java:310)
> at 
> org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: [DISCUSS] openjpa-3.0.0 roadmap

2016-10-11 Thread Mark Struberg 
Have not looked at the schema generator changes in JPA-2.1 yet.
I only have a few spare hours per week and will not be able to implement it for 
m1.
Happy if someone else can jump in.

LieGrue,
strub





> On Tuesday, 11 October 2016, 9:51, Romain Manni-Bucau  
> wrote:
> > +1 on the overall goal (of course since we discussed it ;))
> 
> Is there any hope to get the javax.persistence.* ddl and
> PersistenceProvider.generateSchema (for Persistence.generateSchema call)
> impl for m1? Think it is one of the most used 2.1 feature. I checked
> quickly and we are not that far (we mainly miss the ability to generate
> dropDdl) to support that but I'm quite off this game this month :(.
> 
> Romain
> 
> 
> 2016-10-11 9:48 GMT+02:00 Francesco Chicchiriccò :
> 
>>  On 11/10/2016 09:47, Mark Struberg wrote:
>> 
>>>  Hi!
>>> 
>>>  I've exchanged ideas with Romain how we can push OpenJPA-3.0.0.
>>> 
>>>  To finish implementing all JPA-2.1 features will cost us some time.
>>>  But it would be quite easy to ship milestone releases with a well
>>>  specified set of features (and ongoing bugfixes).
>>> 
>>>  E.g.:
>>> 
>>>  # openjpa-3.0.0-m1
>>>* API and lib upgrade (done)
>>>* bugfixes (quite a few done)
>>>* improved OSGi support (done)
>>> 
>>>* stored procedure support (done)
>>>* SynchronizationType suport (wip)
>>> 
>>>  # openjpa-3.0.0-m2
>>>* you name it
>>> 
>>>  Timeframe would be about 2 months for each milestone.
>>>  I would like to start with m1 after the SynchronizationType support is
>>>  done (hope to do it in the next 2 weeks)
>>> 
>>> 
>>>  Wdyt?
>>> 
>> 
>> 
>>  +1
>>  Thanks for your effort in pushing the 3.0.0 (and JPA 2.1) forward!
>> 
>>  Regards.
>> 
>>  --
>>  Francesco Chicchiriccò
>> 
>>  Tirasa - Open Source Excellence
>>  http://www.tirasa.net/
>> 
>>  Member at The Apache Software Foundation
>>  Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>  http://home.apache.org/~ilgrosso/
>> 
>> 
>

Re: [DISCUSS] openjpa-3.0.0 roadmap

2016-10-11 Thread Romain Manni-Bucau 
+1 on the overall goal (of course since we discussed it ;))

Is there any hope to get the javax.persistence.* ddl and
PersistenceProvider.generateSchema (for Persistence.generateSchema call)
impl for m1? Think it is one of the most used 2.1 feature. I checked
quickly and we are not that far (we mainly miss the ability to generate
dropDdl) to support that but I'm quite off this game this month :(.

Romain

2016-10-11 9:48 GMT+02:00 Francesco Chicchiriccò :

> On 11/10/2016 09:47, Mark Struberg wrote:
>
>> Hi!
>>
>> I've exchanged ideas with Romain how we can push OpenJPA-3.0.0.
>>
>> To finish implementing all JPA-2.1 features will cost us some time.
>> But it would be quite easy to ship milestone releases with a well
>> specified set of features (and ongoing bugfixes).
>>
>> E.g.:
>>
>> # openjpa-3.0.0-m1
>>   * API and lib upgrade (done)
>>   * bugfixes (quite a few done)
>>   * improved OSGi support (done)
>>
>>   * stored procedure support (done)
>>   * SynchronizationType suport (wip)
>>
>> # openjpa-3.0.0-m2
>>   * you name it
>>
>> Timeframe would be about 2 months for each milestone.
>> I would like to start with m1 after the SynchronizationType support is
>> done (hope to do it in the next 2 weeks)
>>
>>
>> Wdyt?
>>
>
>
> +1
> Thanks for your effort in pushing the 3.0.0 (and JPA 2.1) forward!
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>

Re: [DISCUSS] openjpa-3.0.0 roadmap

2016-10-11 Thread Francesco Chicchiriccò 

On 11/10/2016 09:47, Mark Struberg wrote:

Hi!

I've exchanged ideas with Romain how we can push OpenJPA-3.0.0.

To finish implementing all JPA-2.1 features will cost us some time.
But it would be quite easy to ship milestone releases with a well specified set 
of features (and ongoing bugfixes).

E.g.:

# openjpa-3.0.0-m1
  * API and lib upgrade (done)
  * bugfixes (quite a few done)
  * improved OSGi support (done)

  * stored procedure support (done)
  * SynchronizationType suport (wip)

# openjpa-3.0.0-m2
  * you name it

Timeframe would be about 2 months for each milestone.
I would like to start with m1 after the SynchronizationType support is done 
(hope to do it in the next 2 weeks)


Wdyt?



+1
Thanks for your effort in pushing the 3.0.0 (and JPA 2.1) forward!

Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

[DISCUSS] openjpa-3.0.0 roadmap

2016-10-11 Thread Mark Struberg 
Hi!

I've exchanged ideas with Romain how we can push OpenJPA-3.0.0.

To finish implementing all JPA-2.1 features will cost us some time.
But it would be quite easy to ship milestone releases with a well specified set 
of features (and ongoing bugfixes).

E.g.:

# openjpa-3.0.0-m1
 * API and lib upgrade (done)
 * bugfixes (quite a few done)
 * improved OSGi support (done)

 * stored procedure support (done)
 * SynchronizationType suport (wip)

# openjpa-3.0.0-m2
 * you name it

Timeframe would be about 2 months for each milestone.
I would like to start with m1 after the SynchronizationType support is done 
(hope to do it in the next 2 weeks)


Wdyt?

LieGrue,
strub

[jira] [Commented] (OPENJPA-2672) ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability

2016-10-11 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15564774#comment-15564774
 ] 

Francesco Chicchiriccò commented on OPENJPA-2672:
-

It seems to me that the same issue affects both 2.4.x and trunk, and that the 
changes above are relevant there as well: am I correct?

> ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException 
> vulnerability
> ---
>
> Key: OPENJPA-2672
> URL: https://issues.apache.org/jira/browse/OPENJPA-2672
> Project: OpenJPA
>  Issue Type: Bug
>  Components: lib
>Affects Versions: 2.2.3
>Reporter: Jody Grassel
>Assignee: Jody Grassel
> Attachments: OPENJPA_22X-2672.patch
>
>
> The following block in the loadGlobals() method:
> // let system properties override other globals
> try {
> fromProperties(new HashMap(
> AccessController.doPrivileged(
> J2DoPrivHelper.getPropertiesAction(;
> retrieves a Properties object from System.getProperties(), which is passed to 
> HashMap's ctor.  The ctor interacts with an enumerator associated with the 
> Properties object to populate the new HashMap instance.  However, if another 
> thread mutates the JVM's System Properties, it can result in a 
> ConcurrentModificationException as observed below:
> Caused by: java.util.ConcurrentModificationException
> at java.util.Hashtable$Enumerator.next(Hashtable.java:1256)
> at java.util.HashMap.putAllForCreate(HashMap.java:566)
> at java.util.HashMap.(HashMap.java:310)
> at 
> org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)