[jira] [Commented] (VELTOOLS-186) Review shared VelocityView initialization error handling
[ https://issues.apache.org/jira/browse/VELTOOLS-186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054507#comment-17054507 ] Claude Brisson commented on VELTOOLS-186: - > If this one is shared, shouldn't a listener rather create this instance and > not a servlet? It's a lazy initialization process, the shared view is built the first time it is needed. That's fine this way, since a servlet or a filter relying on the view cannot do much without it. We should just ensure there's only one attempt. > What if someone wants to views differently configured? That's taken in to account. Servlets use the shared view by default but can use their own. > Review shared VelocityView initialization error handling > > > Key: VELTOOLS-186 > URL: https://issues.apache.org/jira/browse/VELTOOLS-186 > Project: Velocity Tools > Issue Type: Bug > Components: VelocityView >Affects Versions: 3.0 >Reporter: Claude Brisson >Assignee: Claude Brisson >Priority: Minor > > When VelocityView instanciation fails (aka throws an unrecoverable > exception), it is attempted again as many times as there are servlets or > filters relying on it, even when the instance is supposed to be shared. > The proper behavior would be to somehow mark the shared instance attribute as > being invalid (but not null). -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-186) Review shared VelocityView initialization error handling
[ https://issues.apache.org/jira/browse/VELTOOLS-186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054504#comment-17054504 ] Michael Osipov commented on VELTOOLS-186: - What if someone wants to views differently configured? > Review shared VelocityView initialization error handling > > > Key: VELTOOLS-186 > URL: https://issues.apache.org/jira/browse/VELTOOLS-186 > Project: Velocity Tools > Issue Type: Bug > Components: VelocityView >Affects Versions: 3.0 >Reporter: Claude Brisson >Assignee: Claude Brisson >Priority: Minor > > When VelocityView instanciation fails (aka throws an unrecoverable > exception), it is attempted again as many times as there are servlets or > filters relying on it, even when the instance is supposed to be shared. > The proper behavior would be to somehow mark the shared instance attribute as > being invalid (but not null). -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-186) Review shared VelocityView initialization error handling
[ https://issues.apache.org/jira/browse/VELTOOLS-186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054503#comment-17054503 ] Michael Osipov commented on VELTOOLS-186: - If this one is shared, shouldn't a listener rather create this instance and not a servlet? > Review shared VelocityView initialization error handling > > > Key: VELTOOLS-186 > URL: https://issues.apache.org/jira/browse/VELTOOLS-186 > Project: Velocity Tools > Issue Type: Bug > Components: VelocityView >Affects Versions: 3.0 >Reporter: Claude Brisson >Assignee: Claude Brisson >Priority: Minor > > When VelocityView instanciation fails (aka throws an unrecoverable > exception), it is attempted again as many times as there are servlets or > filters relying on it, even when the instance is supposed to be shared. > The proper behavior would be to somehow mark the shared instance attribute as > being invalid (but not null). -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-186) Review shared VelocityView initialization error handling
[ https://issues.apache.org/jira/browse/VELTOOLS-186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054500#comment-17054500 ] Claude Brisson commented on VELTOOLS-186: - The would-be-shared instance never gets a chance to be stored as a webapp context attribute as it is meant to, so a new instance is allocated (and dropped) every time. > Review shared VelocityView initialization error handling > > > Key: VELTOOLS-186 > URL: https://issues.apache.org/jira/browse/VELTOOLS-186 > Project: Velocity Tools > Issue Type: Bug > Components: VelocityView >Affects Versions: 3.0 >Reporter: Claude Brisson >Assignee: Claude Brisson >Priority: Minor > > When VelocityView instanciation fails (aka throws an unrecoverable > exception), it is attempted again as many times as there are servlets or > filters relying on it, even when the instance is supposed to be shared. > The proper behavior would be to somehow mark the shared instance attribute as > being invalid (but not null). -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Commented] (VELTOOLS-186) Review shared VelocityView initialization error handling
[ https://issues.apache.org/jira/browse/VELTOOLS-186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054426#comment-17054426 ] Michael Osipov commented on VELTOOLS-186: - Is that a singleton or a new instance everytime? > Review shared VelocityView initialization error handling > > > Key: VELTOOLS-186 > URL: https://issues.apache.org/jira/browse/VELTOOLS-186 > Project: Velocity Tools > Issue Type: Bug > Components: VelocityView >Affects Versions: 3.0 >Reporter: Claude Brisson >Assignee: Claude Brisson >Priority: Minor > > When VelocityView instanciation fails (aka throws an unrecoverable > exception), it is attempted again as many times as there are servlets or > filters relying on it, even when the instance is supposed to be shared. > The proper behavior would be to somehow mark the shared instance attribute as > being invalid (but not null). -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
Re: Problems with commons-beanutils-1.9.4
On 20-02-07 17 h 44, Nathan Bubna wrote:
As for setClass(Class cls), couldn't we just change it to:
public void setClass(String classname) {
setClassname(classname);
}
Seems like that would keep the class="org.com.Foo" config syntax working
and avoid the security issue, right?
Nah, because what happens is that the "class" property is filtered
beforehand by beanutils introspector.
What I did is provide the xml digester with a alias, mapping "class"
towards "classname".
I'm gonna push your suggestion also, though, as it might help for other
configuration methods when running under a security manager.
-
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Resolved] (VELTOOLS-187) Upgrading to beanutils 1.9.4 breaks tools "class" attribute
[ https://issues.apache.org/jira/browse/VELTOOLS-187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Claude Brisson resolved VELTOOLS-187. - Fix Version/s: 3.1 Resolution: Fixed Fixed by commit 1874970. > Upgrading to beanutils 1.9.4 breaks tools "class" attribute > --- > > Key: VELTOOLS-187 > URL: https://issues.apache.org/jira/browse/VELTOOLS-187 > Project: Velocity Tools > Issue Type: Bug > Components: GenericTools, VelocityView >Affects Versions: 3.0 >Reporter: Claude Brisson >Assignee: Claude Brisson >Priority: Major > Fix For: 3.1 > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Created] (VELTOOLS-187) Upgrading to beanutils 1.9.4 breaks tools "class" attribute
Claude Brisson created VELTOOLS-187: --- Summary: Upgrading to beanutils 1.9.4 breaks tools "class" attribute Key: VELTOOLS-187 URL: https://issues.apache.org/jira/browse/VELTOOLS-187 Project: Velocity Tools Issue Type: Bug Components: GenericTools, VelocityView Affects Versions: 3.0 Reporter: Claude Brisson Assignee: Claude Brisson -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Created] (VELTOOLS-186) Review shared VelocityView initialization error handling
Claude Brisson created VELTOOLS-186: --- Summary: Review shared VelocityView initialization error handling Key: VELTOOLS-186 URL: https://issues.apache.org/jira/browse/VELTOOLS-186 Project: Velocity Tools Issue Type: Bug Components: VelocityView Affects Versions: 3.0 Reporter: Claude Brisson Assignee: Claude Brisson When VelocityView instanciation fails (aka throws an unrecoverable exception), it is attempted again as many times as there are servlets or filters relying on it, even when the instance is supposed to be shared. The proper behavior would be to somehow mark the shared instance attribute as being invalid (but not null). -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Resolved] (VELTOOLS-185) Upgrade Codehaus Cargo version
[ https://issues.apache.org/jira/browse/VELTOOLS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Claude Brisson resolved VELTOOLS-185. - Fix Version/s: 3.1 Resolution: Fixed Patch applied. Thanks. > Upgrade Codehaus Cargo version > -- > > Key: VELTOOLS-185 > URL: https://issues.apache.org/jira/browse/VELTOOLS-185 > Project: Velocity Tools > Issue Type: Improvement >Reporter: S. Ali Tokmen >Assignee: Claude Brisson >Priority: Minor > Fix For: 3.1 > > Attachments: update-codehaus-cargo-version.patch > > > Codehaus Cargo has, since the version currently in use in the Velocity tools, > accumulated many interesting fixes and improvements, moreover had important > adaptations as [Maven and many other repositories switched to HTTPS-only > since mid January > 2020|https://www.alphabot.com/security/blog/2020/java/Your-Java-builds-might-break-starting-January-13th.html]. > Attached is a patch to upgrade to the latest version. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
[jira] [Assigned] (VELTOOLS-185) Upgrade Codehaus Cargo version
[ https://issues.apache.org/jira/browse/VELTOOLS-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Claude Brisson reassigned VELTOOLS-185: --- Assignee: Claude Brisson > Upgrade Codehaus Cargo version > -- > > Key: VELTOOLS-185 > URL: https://issues.apache.org/jira/browse/VELTOOLS-185 > Project: Velocity Tools > Issue Type: Improvement >Reporter: S. Ali Tokmen >Assignee: Claude Brisson >Priority: Minor > Attachments: update-codehaus-cargo-version.patch > > > Codehaus Cargo has, since the version currently in use in the Velocity tools, > accumulated many interesting fixes and improvements, moreover had important > adaptations as [Maven and many other repositories switched to HTTPS-only > since mid January > 2020|https://www.alphabot.com/security/blog/2020/java/Your-Java-builds-might-break-starting-January-13th.html]. > Attached is a patch to upgrade to the latest version. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
