[jira] [Resolved] (OPENJPA-2672) ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability
[ https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jody Grassel resolved OPENJPA-2672. --- Resolution: Fixed Fix Version/s: 3.0.0 2.2.3 > ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException > vulnerability > --- > > Key: OPENJPA-2672 > URL: https://issues.apache.org/jira/browse/OPENJPA-2672 > Project: OpenJPA > Issue Type: Bug > Components: lib >Affects Versions: 2.2.3 >Reporter: Jody Grassel >Assignee: Jody Grassel > Fix For: 2.2.3, 3.0.0 > > Attachments: OPENJPA_22X-2672.patch > > > The following block in the loadGlobals() method: > // let system properties override other globals > try { > fromProperties(new HashMap( > AccessController.doPrivileged( > J2DoPrivHelper.getPropertiesAction(; > retrieves a Properties object from System.getProperties(), which is passed to > HashMap's ctor. The ctor interacts with an enumerator associated with the > Properties object to populate the new HashMap instance. However, if another > thread mutates the JVM's System Properties, it can result in a > ConcurrentModificationException as observed below: > Caused by: java.util.ConcurrentModificationException > at java.util.Hashtable$Enumerator.next(Hashtable.java:1256) > at java.util.HashMap.putAllForCreate(HashMap.java:566) > at java.util.HashMap.(HashMap.java:310) > at > org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (OPENJPA-2672) ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability
[ https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jody Grassel closed OPENJPA-2672. - > ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException > vulnerability > --- > > Key: OPENJPA-2672 > URL: https://issues.apache.org/jira/browse/OPENJPA-2672 > Project: OpenJPA > Issue Type: Bug > Components: lib >Affects Versions: 2.2.3 >Reporter: Jody Grassel >Assignee: Jody Grassel > Fix For: 2.2.3, 3.0.0 > > Attachments: OPENJPA_22X-2672.patch > > > The following block in the loadGlobals() method: > // let system properties override other globals > try { > fromProperties(new HashMap( > AccessController.doPrivileged( > J2DoPrivHelper.getPropertiesAction(; > retrieves a Properties object from System.getProperties(), which is passed to > HashMap's ctor. The ctor interacts with an enumerator associated with the > Properties object to populate the new HashMap instance. However, if another > thread mutates the JVM's System Properties, it can result in a > ConcurrentModificationException as observed below: > Caused by: java.util.ConcurrentModificationException > at java.util.Hashtable$Enumerator.next(Hashtable.java:1256) > at java.util.HashMap.putAllForCreate(HashMap.java:566) > at java.util.HashMap.(HashMap.java:310) > at > org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
Re: [DISCUSS] openjpa-3.0.0 roadmap
Have not looked at the schema generator changes in JPA-2.1 yet. I only have a few spare hours per week and will not be able to implement it for m1. Happy if someone else can jump in. LieGrue, strub > On Tuesday, 11 October 2016, 9:51, Romain Manni-Bucau> wrote: > > +1 on the overall goal (of course since we discussed it ;)) > > Is there any hope to get the javax.persistence.* ddl and > PersistenceProvider.generateSchema (for Persistence.generateSchema call) > impl for m1? Think it is one of the most used 2.1 feature. I checked > quickly and we are not that far (we mainly miss the ability to generate > dropDdl) to support that but I'm quite off this game this month :(. > > Romain > > > 2016-10-11 9:48 GMT+02:00 Francesco Chicchiriccò : > >> On 11/10/2016 09:47, Mark Struberg wrote: >> >>> Hi! >>> >>> I've exchanged ideas with Romain how we can push OpenJPA-3.0.0. >>> >>> To finish implementing all JPA-2.1 features will cost us some time. >>> But it would be quite easy to ship milestone releases with a well >>> specified set of features (and ongoing bugfixes). >>> >>> E.g.: >>> >>> # openjpa-3.0.0-m1 >>>* API and lib upgrade (done) >>>* bugfixes (quite a few done) >>>* improved OSGi support (done) >>> >>>* stored procedure support (done) >>>* SynchronizationType suport (wip) >>> >>> # openjpa-3.0.0-m2 >>>* you name it >>> >>> Timeframe would be about 2 months for each milestone. >>> I would like to start with m1 after the SynchronizationType support is >>> done (hope to do it in the next 2 weeks) >>> >>> >>> Wdyt? >>> >> >> >> +1 >> Thanks for your effort in pushing the 3.0.0 (and JPA 2.1) forward! >> >> Regards. >> >> -- >> Francesco Chicchiriccò >> >> Tirasa - Open Source Excellence >> http://www.tirasa.net/ >> >> Member at The Apache Software Foundation >> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail >> http://home.apache.org/~ilgrosso/ >> >> >
Re: [DISCUSS] openjpa-3.0.0 roadmap
+1 on the overall goal (of course since we discussed it ;)) Is there any hope to get the javax.persistence.* ddl and PersistenceProvider.generateSchema (for Persistence.generateSchema call) impl for m1? Think it is one of the most used 2.1 feature. I checked quickly and we are not that far (we mainly miss the ability to generate dropDdl) to support that but I'm quite off this game this month :(. Romain 2016-10-11 9:48 GMT+02:00 Francesco Chicchiriccò: > On 11/10/2016 09:47, Mark Struberg wrote: > >> Hi! >> >> I've exchanged ideas with Romain how we can push OpenJPA-3.0.0. >> >> To finish implementing all JPA-2.1 features will cost us some time. >> But it would be quite easy to ship milestone releases with a well >> specified set of features (and ongoing bugfixes). >> >> E.g.: >> >> # openjpa-3.0.0-m1 >> * API and lib upgrade (done) >> * bugfixes (quite a few done) >> * improved OSGi support (done) >> >> * stored procedure support (done) >> * SynchronizationType suport (wip) >> >> # openjpa-3.0.0-m2 >> * you name it >> >> Timeframe would be about 2 months for each milestone. >> I would like to start with m1 after the SynchronizationType support is >> done (hope to do it in the next 2 weeks) >> >> >> Wdyt? >> > > > +1 > Thanks for your effort in pushing the 3.0.0 (and JPA 2.1) forward! > > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > >
Re: [DISCUSS] openjpa-3.0.0 roadmap
On 11/10/2016 09:47, Mark Struberg wrote: Hi! I've exchanged ideas with Romain how we can push OpenJPA-3.0.0. To finish implementing all JPA-2.1 features will cost us some time. But it would be quite easy to ship milestone releases with a well specified set of features (and ongoing bugfixes). E.g.: # openjpa-3.0.0-m1 * API and lib upgrade (done) * bugfixes (quite a few done) * improved OSGi support (done) * stored procedure support (done) * SynchronizationType suport (wip) # openjpa-3.0.0-m2 * you name it Timeframe would be about 2 months for each milestone. I would like to start with m1 after the SynchronizationType support is done (hope to do it in the next 2 weeks) Wdyt? +1 Thanks for your effort in pushing the 3.0.0 (and JPA 2.1) forward! Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] openjpa-3.0.0 roadmap
Hi! I've exchanged ideas with Romain how we can push OpenJPA-3.0.0. To finish implementing all JPA-2.1 features will cost us some time. But it would be quite easy to ship milestone releases with a well specified set of features (and ongoing bugfixes). E.g.: # openjpa-3.0.0-m1 * API and lib upgrade (done) * bugfixes (quite a few done) * improved OSGi support (done) * stored procedure support (done) * SynchronizationType suport (wip) # openjpa-3.0.0-m2 * you name it Timeframe would be about 2 months for each milestone. I would like to start with m1 after the SynchronizationType support is done (hope to do it in the next 2 weeks) Wdyt? LieGrue, strub
[jira] [Commented] (OPENJPA-2672) ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException vulnerability
[ https://issues.apache.org/jira/browse/OPENJPA-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15564774#comment-15564774 ] Francesco Chicchiriccò commented on OPENJPA-2672: - It seems to me that the same issue affects both 2.4.x and trunk, and that the changes above are relevant there as well: am I correct? > ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException > vulnerability > --- > > Key: OPENJPA-2672 > URL: https://issues.apache.org/jira/browse/OPENJPA-2672 > Project: OpenJPA > Issue Type: Bug > Components: lib >Affects Versions: 2.2.3 >Reporter: Jody Grassel >Assignee: Jody Grassel > Attachments: OPENJPA_22X-2672.patch > > > The following block in the loadGlobals() method: > // let system properties override other globals > try { > fromProperties(new HashMap( > AccessController.doPrivileged( > J2DoPrivHelper.getPropertiesAction(; > retrieves a Properties object from System.getProperties(), which is passed to > HashMap's ctor. The ctor interacts with an enumerator associated with the > Properties object to populate the new HashMap instance. However, if another > thread mutates the JVM's System Properties, it can result in a > ConcurrentModificationException as observed below: > Caused by: java.util.ConcurrentModificationException > at java.util.Hashtable$Enumerator.next(Hashtable.java:1256) > at java.util.HashMap.putAllForCreate(HashMap.java:566) > at java.util.HashMap.(HashMap.java:310) > at > org.apache.openjpa.lib.conf.ConfigurationImpl.loadGlobals(ConfigurationImpl.java:189) -- This message was sent by Atlassian JIRA (v6.3.4#6332)