[jira] [Updated] (KARAF-4419) Multiple inharitance levels with generics cause ClassCastException when JPA is enabled
[ https://issues.apache.org/jira/browse/KARAF-4419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4419: Fix Version/s: (was: 4.0.8) 4.0.9 > Multiple inharitance levels with generics cause ClassCastException when JPA > is enabled > -- > > Key: KARAF-4419 > URL: https://issues.apache.org/jira/browse/KARAF-4419 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.4 > Environment: Win 7 x64, JDK 1.8.0_73, Karaf 4.0.4 >Reporter: Felix Wassmer > Fix For: 4.1.0, 4.0.9 > > > I'm using inheritance with generics over multiple levels. > Injecting properties to those beans works fine, but on access of a property > of the lowest class, there is a ClassCastException thrown. > I could narrow it down to enabling JPA in the blueprint causing the issue: > When disabling JPA, the proper bean class is resolved, > enabled the type resolving stopped at the parent abstract class of the > expected class, thus throwing a ClassCastException. > Example project to reproduce this issue: > https://github.com/fwassmer/inheritance -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4361) Allow dynamic config customization when embedding Karaf using the Main class
[ https://issues.apache.org/jira/browse/KARAF-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4361: Fix Version/s: (was: 4.0.8) 4.0.9 > Allow dynamic config customization when embedding Karaf using the Main class > > > Key: KARAF-4361 > URL: https://issues.apache.org/jira/browse/KARAF-4361 > Project: Karaf > Issue Type: Improvement > Components: karaf-core >Affects Versions: 4.1.0, 4.0.4 >Reporter: Serge Huber >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.9 > > Attachments: > KARAF_4361_Allow_dynamic_config_customization_when_embedding_Karaf_using_the_Main_class.patch > > > We are using Karaf by embedding it and basically starting it like this : > {code} > // code to setup System properties > main = new Main(new String[0]); > main.launch(); > {code} > The problem is that the ConfigProperties that are used to startup Karaf are > directly created in the main.launch() method, like this: > {code} > public void launch() throws Exception { > config = new ConfigProperties(); > {code} > Ideally it would be great if we could either have a setter to provide the > config value, so that we could manipulate it before launching. In an embedded > environment this quickly becomes a necessity. For example we would like to > make it possible to have retrieve properties coming from another framework > such as Spring and use those to override config.properties settings in a > dynamic way, without needing to dump them to a file at Karaf startup. I'm > aware of the ${includes} and ${optionals} but those require files to be read > from the disk where here I'm talking about being able to dynamically > manipulate the properties once loaded. > Basically something like this would be fantastic > {code} > // code to setup System properties > main = new Main(new String[0]); > ConfigProperties config = main.getConfig(); > if (config == null) { >config = new ConfigProperties(); > } > // manipulate config in any way desired > main.setConfig(config) > main.launch(); > {code} > The main.launch could then simply be modified to something like this : > {code} > public void launch() throws Exception { > if (config == null) { > config = new ConfigProperties(); > } > {code} > Btw we are using Karaf 4.0.x so having this in both Karaf 4.1.0 and Karaf 4.0 > would be fantastic. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (KARAF-4770) Update etc/org.apache.karaf.management.cfg
[ https://issues.apache.org/jira/browse/KARAF-4770?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré resolved KARAF-4770. - Resolution: Fixed > Update etc/org.apache.karaf.management.cfg > -- > > Key: KARAF-4770 > URL: https://issues.apache.org/jira/browse/KARAF-4770 > Project: Karaf > Issue Type: Improvement > Components: karaf-management >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.8 > > > Karaf management contains properties not really documented in > {{etc/org.apache.karaf.management.cfg}} default configuration file. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4360) FrameworkEvent ERROR in the karaf.log when install cxf-core feature
[ https://issues.apache.org/jira/browse/KARAF-4360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4360: Fix Version/s: (was: 4.0.8) 4.0.9 > FrameworkEvent ERROR in the karaf.log when install cxf-core feature > --- > > Key: KARAF-4360 > URL: https://issues.apache.org/jira/browse/KARAF-4360 > Project: Karaf > Issue Type: Bug > Components: karaf-feature >Affects Versions: 4.0.4 > Environment: Java 8 >Reporter: Xilai Dai >Assignee: Jean-Baptiste Onofré >Priority: Minor > Fix For: 4.1.0, 4.0.9 > > > When trying to install cxf-core feature into Karaf 4.0.4, there is > FrameworkEvent ERROR in the karaf.log, but the bundles can be started and in > the Active status. > {code} > 2016-02-25 12:09:57,529 | ERROR | 8d8-961af9b70a25 | cxf-core > | 53 - org.apache.cxf.cxf-core - 3.1.5 | FrameworkEvent ERROR - > org.apache.cxf.cxf-core > org.osgi.framework.BundleException: Could not resolve module: > org.apache.cxf.cxf-core [53] > Unresolved requirement: Import-Package: com.ctc.wstx.msv; > version="[4.4.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: com.ctc.wstx.stax; > version="[4.4.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.codehaus.stax2; > version="[3.1.0,4.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.codehaus.stax2.validation; > version="[3.1.0,4.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: com.sun.msv.grammar; > version="[2013.6.0,2014.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: com.sun.msv.grammar.xmlschema; > version="[2013.6.0,2014.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: com.sun.msv.reader; > version="[2013.6.0,2014.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: com.sun.msv.reader.xmlschema; > version="[2013.6.0,2014.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: com.sun.xml.bind.marshaller; > version="[2.2.0,3.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: com.sun.xml.fastinfoset.stax; > version="[1.2.0,2.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: net.sf.cglib.proxy; > version="[2.1.3,3.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.osgi.io; > version="[1.2.0,2.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.osgi.util; > version="[1.2.0,2.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.aop; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.aop.framework; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.aop.support; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.beans; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.beans.factory; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: > org.springframework.beans.factory.config; version="[3.1.0,5.0.0)"; > resolution:="optional" > Unresolved requirement: Import-Package: > org.springframework.beans.factory.support; version="[3.1.0,5.0.0)"; > resolution:="optional" > Unresolved requirement: Import-Package: > org.springframework.beans.factory.wiring; version="[3.1.0,5.0.0)"; > resolution:="optional" > Unresolved requirement: Import-Package: > org.springframework.beans.factory.xml; version="[3.1.0,5.0.0)"; > resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.context; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.context.event; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: > org.springframework.context.support; version="[3.1.0,5.0.0)"; > resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.core; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.core.io; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: > org.springframework.core.io.support; version="[3.1.0,5.0.0)"; > resolution:="optional" > Unresolved requirement: Import-Package: org.springframework.core.type; > version="[3.1.0,5.0.0)"; resolution:="optional" > Unresolved requirement: Import-Package: >
[jira] [Commented] (KARAF-4770) Update etc/org.apache.karaf.management.cfg
[ https://issues.apache.org/jira/browse/KARAF-4770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15739284#comment-15739284 ] ASF subversion and git services commented on KARAF-4770: Commit 88c589d136ea18b81bfb540b3203cf1d2fdbbe5c in karaf's branch refs/heads/karaf-4.0.x from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=88c589d ] [KARAF-4770] Update etc/org.apache.karaf.management.cfg > Update etc/org.apache.karaf.management.cfg > -- > > Key: KARAF-4770 > URL: https://issues.apache.org/jira/browse/KARAF-4770 > Project: Karaf > Issue Type: Improvement > Components: karaf-management >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.8 > > > Karaf management contains properties not really documented in > {{etc/org.apache.karaf.management.cfg}} default configuration file. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4770) Update etc/org.apache.karaf.management.cfg
[ https://issues.apache.org/jira/browse/KARAF-4770?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4770: Fix Version/s: (was: 3.0.9) > Update etc/org.apache.karaf.management.cfg > -- > > Key: KARAF-4770 > URL: https://issues.apache.org/jira/browse/KARAF-4770 > Project: Karaf > Issue Type: Improvement > Components: karaf-management >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.8 > > > Karaf management contains properties not really documented in > {{etc/org.apache.karaf.management.cfg}} default configuration file. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4770) Update etc/org.apache.karaf.management.cfg
[ https://issues.apache.org/jira/browse/KARAF-4770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15739280#comment-15739280 ] ASF subversion and git services commented on KARAF-4770: Commit 52689bfe2e8248d5ecde4e461ad0c827a43c6930 in karaf's branch refs/heads/master from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=52689bf ] [KARAF-4770] Update etc/org.apache.karaf.management.cfg > Update etc/org.apache.karaf.management.cfg > -- > > Key: KARAF-4770 > URL: https://issues.apache.org/jira/browse/KARAF-4770 > Project: Karaf > Issue Type: Improvement > Components: karaf-management >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > Karaf management contains properties not really documented in > {{etc/org.apache.karaf.management.cfg}} default configuration file. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4835) Add content assist for paths in karaf shell source
[ https://issues.apache.org/jira/browse/KARAF-4835?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4835: Fix Version/s: (was: 4.0.8) 4.0.9 > Add content assist for paths in karaf shell source > -- > > Key: KARAF-4835 > URL: https://issues.apache.org/jira/browse/KARAF-4835 > Project: Karaf > Issue Type: Task > Components: karaf-shell >Affects Versions: 4.1.0, 4.0.8 >Reporter: Lijun Liao >Assignee: Guillaume Nodet > Fix For: 4.1.0, 4.0.9 > > > Add auto-completion of file path to the karaf command "source", like in > command "install". -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (KARAF-4890) Upgrade to Spring 4.2.8.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré resolved KARAF-4890. - Resolution: Fixed > Upgrade to Spring 4.2.8.RELEASE > --- > > Key: KARAF-4890 > URL: https://issues.apache.org/jira/browse/KARAF-4890 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4890) Upgrade to Spring 4.2.8.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15739226#comment-15739226 ] ASF subversion and git services commented on KARAF-4890: Commit dc596d5db10dea44f95f1298bc85b6b57d6fc39f in karaf's branch refs/heads/karaf-3.0.x from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=dc596d5 ] [KARAF-4890] Upgrade to Spring 4.2.8.RELEASE > Upgrade to Spring 4.2.8.RELEASE > --- > > Key: KARAF-4890 > URL: https://issues.apache.org/jira/browse/KARAF-4890 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4890) Upgrade to Spring 4.2.8.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15739222#comment-15739222 ] ASF subversion and git services commented on KARAF-4890: Commit ccfe2e04599cc610aeffd4f7c1761c539addeed0 in karaf's branch refs/heads/karaf-4.0.x from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=ccfe2e0 ] [KARAF-4890] Upgrade to Spring 4.2.8.RELEASE > Upgrade to Spring 4.2.8.RELEASE > --- > > Key: KARAF-4890 > URL: https://issues.apache.org/jira/browse/KARAF-4890 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4890) Upgrade to Spring 4.2.8.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15739221#comment-15739221 ] ASF subversion and git services commented on KARAF-4890: Commit 61015a8c66dd2849c59134308ed0848f8672d1d2 in karaf's branch refs/heads/master from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=61015a8 ] [KARAF-4890] Upgrade to Spring 4.2.8.RELEASE > Upgrade to Spring 4.2.8.RELEASE > --- > > Key: KARAF-4890 > URL: https://issues.apache.org/jira/browse/KARAF-4890 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4890) Upgrade to Spring 4.2.8.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4890: Fix Version/s: 3.0.9 > Upgrade to Spring 4.2.8.RELEASE > --- > > Key: KARAF-4890 > URL: https://issues.apache.org/jira/browse/KARAF-4890 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (KARAF-4623) Upgrade to Spring 4.1.9.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré resolved KARAF-4623. - Resolution: Fixed > Upgrade to Spring 4.1.9.RELEASE > --- > > Key: KARAF-4623 > URL: https://issues.apache.org/jira/browse/KARAF-4623 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Affects Versions: 4.1.0, 4.0.5, 3.0.7 >Reporter: Krzysztof Sobkowiak >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > We are currently using Spring 4.1.7.RELEASE, but one user has pointed to a > vulerability in this version http://pivotal.io/security/cve-2015-5211. We > should upgrade to 4.1.8.RELEASE (not available yet as bundle) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4623) Upgrade to Spring 4.1.9.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15738037#comment-15738037 ] ASF subversion and git services commented on KARAF-4623: Commit 23417f08f6f125ee6c092d08fa1595660b14f3df in karaf's branch refs/heads/karaf-3.0.x from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=23417f0 ] [KARAF-4623] Upgrade to Spring 4.1.9.RELEASE > Upgrade to Spring 4.1.9.RELEASE > --- > > Key: KARAF-4623 > URL: https://issues.apache.org/jira/browse/KARAF-4623 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Affects Versions: 4.1.0, 4.0.5, 3.0.7 >Reporter: Krzysztof Sobkowiak >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > We are currently using Spring 4.1.7.RELEASE, but one user has pointed to a > vulerability in this version http://pivotal.io/security/cve-2015-5211. We > should upgrade to 4.1.8.RELEASE (not available yet as bundle) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4623) Upgrade to Spring 4.1.9.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4623: Fix Version/s: (was: 3.0.9) > Upgrade to Spring 4.1.9.RELEASE > --- > > Key: KARAF-4623 > URL: https://issues.apache.org/jira/browse/KARAF-4623 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Affects Versions: 4.1.0, 4.0.5, 3.0.7 >Reporter: Krzysztof Sobkowiak >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > We are currently using Spring 4.1.7.RELEASE, but one user has pointed to a > vulerability in this version http://pivotal.io/security/cve-2015-5211. We > should upgrade to 4.1.8.RELEASE (not available yet as bundle) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4623) Upgrade to Spring 4.1.9.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4623: Fix Version/s: 3.0.9 > Upgrade to Spring 4.1.9.RELEASE > --- > > Key: KARAF-4623 > URL: https://issues.apache.org/jira/browse/KARAF-4623 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Affects Versions: 4.1.0, 4.0.5, 3.0.7 >Reporter: Krzysztof Sobkowiak >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > We are currently using Spring 4.1.7.RELEASE, but one user has pointed to a > vulerability in this version http://pivotal.io/security/cve-2015-5211. We > should upgrade to 4.1.8.RELEASE (not available yet as bundle) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4623) Upgrade to Spring 4.1.9.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15737622#comment-15737622 ] ASF subversion and git services commented on KARAF-4623: Commit 04736fbc2e47bca39d3478df4171f5c20ab42c93 in karaf's branch refs/heads/master from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=04736fb ] [KARAF-4623] Upgrade to Spring 4.1.9.RELEASE > Upgrade to Spring 4.1.9.RELEASE > --- > > Key: KARAF-4623 > URL: https://issues.apache.org/jira/browse/KARAF-4623 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Affects Versions: 4.1.0, 4.0.5, 3.0.7 >Reporter: Krzysztof Sobkowiak >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > We are currently using Spring 4.1.7.RELEASE, but one user has pointed to a > vulerability in this version http://pivotal.io/security/cve-2015-5211. We > should upgrade to 4.1.8.RELEASE (not available yet as bundle) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4623) Upgrade to Spring 4.1.9.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15737624#comment-15737624 ] ASF subversion and git services commented on KARAF-4623: Commit d53180fe0db0e88659c04c5e28f05e29951a0199 in karaf's branch refs/heads/karaf-4.0.x from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=d53180f ] [KARAF-4623] Upgrade to Spring 4.1.9.RELEASE > Upgrade to Spring 4.1.9.RELEASE > --- > > Key: KARAF-4623 > URL: https://issues.apache.org/jira/browse/KARAF-4623 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Affects Versions: 4.1.0, 4.0.5, 3.0.7 >Reporter: Krzysztof Sobkowiak >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > We are currently using Spring 4.1.7.RELEASE, but one user has pointed to a > vulerability in this version http://pivotal.io/security/cve-2015-5211. We > should upgrade to 4.1.8.RELEASE (not available yet as bundle) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4623) Upgrade to Spring 4.1.9.RELEASE
[ https://issues.apache.org/jira/browse/KARAF-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4623: Summary: Upgrade to Spring 4.1.9.RELEASE (was: Upgrade to Spring 4.1.8) > Upgrade to Spring 4.1.9.RELEASE > --- > > Key: KARAF-4623 > URL: https://issues.apache.org/jira/browse/KARAF-4623 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf-core >Affects Versions: 4.1.0, 4.0.5, 3.0.7 >Reporter: Krzysztof Sobkowiak >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 3.0.9, 4.0.8 > > > We are currently using Spring 4.1.7.RELEASE, but one user has pointed to a > vulerability in this version http://pivotal.io/security/cve-2015-5211. We > should upgrade to 4.1.8.RELEASE (not available yet as bundle) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (KARAF-4891) Provide Spring 4.3.3.RELEASE feature
Jean-Baptiste Onofré created KARAF-4891: --- Summary: Provide Spring 4.3.3.RELEASE feature Key: KARAF-4891 URL: https://issues.apache.org/jira/browse/KARAF-4891 Project: Karaf Issue Type: Dependency upgrade Components: karaf-core Reporter: Jean-Baptiste Onofré Assignee: Jean-Baptiste Onofré Fix For: 4.1.0, 4.0.8 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (KARAF-4890) Upgrade to Spring 4.2.8.RELEASE
Jean-Baptiste Onofré created KARAF-4890: --- Summary: Upgrade to Spring 4.2.8.RELEASE Key: KARAF-4890 URL: https://issues.apache.org/jira/browse/KARAF-4890 Project: Karaf Issue Type: Dependency upgrade Components: karaf-core Reporter: Jean-Baptiste Onofré Assignee: Jean-Baptiste Onofré Fix For: 4.1.0, 4.0.8 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4534) Assembly builder does not support file urls in features
[ https://issues.apache.org/jira/browse/KARAF-4534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4534: Fix Version/s: (was: 4.0.8) 4.0.9 > Assembly builder does not support file urls in features > --- > > Key: KARAF-4534 > URL: https://issues.apache.org/jira/browse/KARAF-4534 > Project: Karaf > Issue Type: Bug > Components: karaf-tooling >Affects Versions: 4.0.5 >Reporter: Christian Schneider >Priority: Critical > Fix For: 4.1.0, 4.0.9 > > > [ERROR] Failed to execute goal > org.apache.karaf.tooling:karaf-maven-plugin:4.0.5:assembly > (process-resources) on project decanter-server: Unable to build assembly: > Error -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.apache.karaf.tooling:karaf-maven-plugin:4.0.5:assembly > (process-resources) on project decanter-server: Unable to build assembly > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:216) > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) > at > org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:120) > at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:355) > at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:155) > at org.apache.maven.cli.MavenCli.execute(MavenCli.java:584) > at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:216) > at org.apache.maven.cli.MavenCli.main(MavenCli.java:160) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) > at > org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) > at > org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) > at > org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) > Caused by: org.apache.maven.plugin.MojoExecutionException: Unable to build > assembly > at org.apache.karaf.tooling.AssemblyMojo.execute(AssemblyMojo.java:234) > at > org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:132) > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208) > ... 19 more > Caused by: org.apache.karaf.features.internal.util.MultiException: Error > at > org.apache.karaf.features.internal.download.impl.MavenDownloadManager$MavenDownloader.(MavenDownloadManager.java:84) > at > org.apache.karaf.features.internal.download.impl.MavenDownloadManager.createDownloader(MavenDownloadManager.java:72) > at > org.apache.karaf.features.internal.region.Subsystem.downloadBundles(Subsystem.java:363) > at > org.apache.karaf.features.internal.region.Subsystem.downloadBundles(Subsystem.java:360) > at > org.apache.karaf.features.internal.region.SubsystemResolver.resolve(SubsystemResolver.java:187) > at > org.apache.karaf.features.internal.service.Deployer.deploy(Deployer.java:263) > at org.apache.karaf.profile.assembly.Builder.resolve(Builder.java:1214) > at > org.apache.karaf.profile.assembly.Builder.startupStage(Builder.java:1002) > at > org.apache.karaf.profile.assembly.Builder.doGenerateAssembly(Builder.java:606) > at > org.apache.karaf.profile.assembly.Builder.generateAssembly(Builder.java:389) > at > org.apache.karaf.tooling.AssemblyMojo.doExecute(AssemblyMojo.java:392) > at org.apache.karaf.tooling.AssemblyMojo.execute(AssemblyMojo.java:228) > ... 21 more > Suppressed: java.io.IOException: Error downloading > wrap:file:/home/cschneider/.m2/repository/org/fusesource/leveldbjni/leveldbjni-all/1.8/leveldbjni-all-1.8.jar$Bundle-Version=1.8=*;-noimport:=true;version="1.8" > at > org.apache.karaf.features.internal.download.impl.AbstractRetryableDownloadTask.run(AbstractRetryableDownloadTask.java:71) >
[jira] [Updated] (KARAF-4572) NullPointer Exception when deploying EclipseLink model bundle
[ https://issues.apache.org/jira/browse/KARAF-4572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4572: Fix Version/s: (was: 4.0.8) 4.0.9 > NullPointer Exception when deploying EclipseLink model bundle > - > > Key: KARAF-4572 > URL: https://issues.apache.org/jira/browse/KARAF-4572 > Project: Karaf > Issue Type: Bug > Components: karaf-core >Affects Versions: 4.0.5 >Reporter: Viktor Kozlov >Priority: Minor > Fix For: 4.1.0, 4.0.9 > > > When I deploy my model bundle which contains only persistence unit I get this > Exception: > karaf@root()> bundle:install -s mvn:biz.lorien.niichi/model; > [EL Warning]: 2016-01-18 17:14:57.797--java.lang.NullPointerException > Bundle ID: 167 > and every time I start Karaf with this model bundle: > Hit '' for a list of available commands. > Type '[cmd] --help' for help on a specific command. > karaf@root()> [EL Warning]: 2016-01-18 > 17:18:08.176--java.lang.NullPointerException > If I uninstall and install my model bundle there is no Exception. > Exception popups when first installed and after Karaf restart. > It looks like exception is thrown during eclipselink engine init. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4324) Shell commands and optional @Reference
[ https://issues.apache.org/jira/browse/KARAF-4324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4324: Fix Version/s: (was: 4.0.8) 4.0.9 > Shell commands and optional @Reference > -- > > Key: KARAF-4324 > URL: https://issues.apache.org/jira/browse/KARAF-4324 > Project: Karaf > Issue Type: Bug > Components: karaf-shell >Affects Versions: 4.0.4 >Reporter: J. Brébec >Assignee: Guillaume Nodet >Priority: Minor > Fix For: 4.1.0, 4.0.9 > > > The annotation @Reference have a optional property, but this property is not > used to resolve the dependencies of a command. > Moreover, if I define in a bundle two commands, and one of this command can't > be deployed because of an optional dependencies, then none of the command of > the bundle is not deployed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4306) karaf-maven-plugin is not assembling the correct version of dependencies
[ https://issues.apache.org/jira/browse/KARAF-4306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4306: Fix Version/s: (was: 4.0.8) 4.0.9 > karaf-maven-plugin is not assembling the correct version of dependencies > > > Key: KARAF-4306 > URL: https://issues.apache.org/jira/browse/KARAF-4306 > Project: Karaf > Issue Type: Bug > Components: karaf-tooling >Affects Versions: 4.0.4 >Reporter: Raman Gupta >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.9 > > > This is similar to KARAF-3994. > I see that the commit for that issue added the following TODO: > * TODO Need to also check for version ranges. Currently ranges are ignored > and all features matching the name > I have a similar problem -- the generated system repo contains all versions > of a feature that is matched by a range, not just the highest one that > fulfills all of the requirements of the boot features. This is an issue > because the generated repo may contain older (or newer) versions of libraries > that have CVEs against them, which is then flagged by ops. > For example: > My feature depends on spring-dm which depends on spring range [2.5.6,4). At > runtime, Karaf only needs and uses Spring 3.2.14, but my system repo contains > Spring 3.1.4 (as well as three versions of Spring 4), all of which are > defined in the Karaf Spring repo. And of course, Spring 3.1.4 has CVEs > against it, so the system is flagged by ops as using jars with security > problems (even though those jars are not actually used by the app). > Shouldn't the Builder apply the same resolution logic as is used by Karaf > itself, and assemble only those jars? -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4275) StaticConfigurationAdmin and NPE with spring dm
[ https://issues.apache.org/jira/browse/KARAF-4275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4275: Fix Version/s: (was: 4.0.8) 4.0.9 > StaticConfigurationAdmin and NPE with spring dm > --- > > Key: KARAF-4275 > URL: https://issues.apache.org/jira/browse/KARAF-4275 > Project: Karaf > Issue Type: Bug > Components: karaf-profile >Affects Versions: 4.0.4 > Environment: Karaf 4.0.4 with a static distribution >Reporter: J. Brébec >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.9 > > > Spring DM throw a NPE with a Karaf static distribution, when a configuration > is not bound. The Static ConfigurationAdmin implementation is not compliant > with the specification : getConfiguration should never return null. > A workaround : create an for every configuration a file .cfg in > etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4290) karaf-maven-plugin uses inactive proxies from settings.xml
[ https://issues.apache.org/jira/browse/KARAF-4290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4290: Fix Version/s: (was: 4.0.8) 4.0.9 > karaf-maven-plugin uses inactive proxies from settings.xml > -- > > Key: KARAF-4290 > URL: https://issues.apache.org/jira/browse/KARAF-4290 > Project: Karaf > Issue Type: Bug > Components: karaf-tooling >Affects Versions: 4.0.4 >Reporter: Michael Prescott >Assignee: Jean-Baptiste Onofré >Priority: Minor > Fix For: 4.1.0, 4.0.9 > > Attachments: karaf-4290-stack-trace.txt > > > My maven settings.xml has a server defined, but it's inactive: > > charles-proxy > false > http > localhost > > www.google.com|*.example.com > > Nevertheless, when runs, I get IOExceptions related to attempting to contact > the proxy server (which isn't running): > Connect to localhost: [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] > failed: Connection refused: connect -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4275) StaticConfigurationAdmin and NPE with spring dm
[ https://issues.apache.org/jira/browse/KARAF-4275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15737482#comment-15737482 ] Jean-Baptiste Onofré commented on KARAF-4275: - It's more a Felix ConfigAdmin issue. Let me try to reproduce. > StaticConfigurationAdmin and NPE with spring dm > --- > > Key: KARAF-4275 > URL: https://issues.apache.org/jira/browse/KARAF-4275 > Project: Karaf > Issue Type: Bug > Components: karaf-profile >Affects Versions: 4.0.4 > Environment: Karaf 4.0.4 with a static distribution >Reporter: J. Brébec >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.8 > > > Spring DM throw a NPE with a Karaf static distribution, when a configuration > is not bound. The Static ConfigurationAdmin implementation is not compliant > with the specification : getConfiguration should never return null. > A workaround : create an for every configuration a file .cfg in > etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4217) XML External Entity Injection
[ https://issues.apache.org/jira/browse/KARAF-4217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4217: Fix Version/s: (was: 4.0.8) 4.0.9 > XML External Entity Injection > - > > Key: KARAF-4217 > URL: https://issues.apache.org/jira/browse/KARAF-4217 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > XML parser configured in MavenConfigService.java:74 does not prevent nor > limit external entities resolution. This can expose the parser to an XML > External Entities attack. See external issue URL. > File: > bundle/core/src/main/java/org/apache/karaf/bundle/core/internal/MavenConfigService.java > Line: 74 > MavenConfigService.java, lines 66-76: > {code} > 66 static String getLocalRepoFromConfig(Dictionarydict) > throws XMLStreamException, FileNotFoundException { > 67 String path = null; > 68 if (dict != null) { > 69 path = (String) dict.get("org.ops4j.pax.url.mvn.localRepository"); > 70 if (path == null) { > 71 String settings = (String) > dict.get("org.ops4j.pax.url.mvn.settings"); > 72 if (settings != null) { > 73 File file = new File(settings); > 74 XMLStreamReader reader = > XMLInputFactory.newFactory().createXMLStreamReader(new FileInputStream(file)); > 75 try { > 76 int event; > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4215) Use of Dynamic Class Loading, Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
[ https://issues.apache.org/jira/browse/KARAF-4215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4215: Fix Version/s: (was: 4.0.8) 4.0.9 > Use of Dynamic Class Loading, Use of Externally-Controlled Input to Select > Classes or Code ('Unsafe Reflection') > > > Key: KARAF-4215 > URL: https://issues.apache.org/jira/browse/KARAF-4215 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > Dynamically loaded code has the potential to be malicious. The application > uses external input with reflection to select which classes or code to use, > but it does not sufficiently prevent the input from selecting improper > classes or code. The constructor for DefaultJDBCLock includes one parameter > for a Properties object from which the parameters for the dynamic class are > taken. None of the properties are checked for content. > File: main\src\main\java\org\apache\karaf\main\lock\DefaultJDBCLock.java > Line: 365 > DefaultJDBCLock.java, lines 364-369: > {code} > 364 Connection doCreateConnection(String driver, String url, String username, > String password) throws ClassNotFoundException, SQLException { > 365 Class.forName(driver); > 366 // results in a closed connection in Derby if the update lock table > request timed out > 367 // DriverManager.setLoginTimeout(timeout); > 368 return DriverManager.getConnection(url, username, password); > 369 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4216) Poor Error Handling: Return Inside Finally
[ https://issues.apache.org/jira/browse/KARAF-4216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4216: Fix Version/s: (was: 4.0.8) 4.0.9 > Poor Error Handling: Return Inside Finally > -- > > Key: KARAF-4216 > URL: https://issues.apache.org/jira/browse/KARAF-4216 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > The method build() in PublickeyBackingEngineFactory.java returns from inside > a finally block on line 52, which will cause exceptions to be lost. > File: > jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngineFactory.java > Line: 52 > PublickeyBackingEngineFactory.java, lines 40-54: > {code} > 40 public BackingEngine build(Map options) { > 41 PublickeyBackingEngine engine = null; > 42 String usersFile = (String) options.get(USER_FILE); > 43 > 44 File f = new File(usersFile); > 45 Properties users; > 46 try { > 47 users = new Properties(f); > 48 engine = new PublickeyBackingEngine(users); > 49 } catch (IOException ioe) { > 50 logger.warn("Cannot open keys file:" + usersFile); > 51 } finally { > 52 return engine; > 53 } > 54 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4214) Deserialization of Untrusted Data
[ https://issues.apache.org/jira/browse/KARAF-4214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4214: Fix Version/s: (was: 4.0.8) 4.0.9 > Deserialization of Untrusted Data > - > > Key: KARAF-4214 > URL: https://issues.apache.org/jira/browse/KARAF-4214 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > The application deserializes untrusted data without sufficiently verifying > that the resulting data will be valid. An adversary could attack the > application by tampering with the resource "karaf.key". > File: client\src\main\java\org\apache\karaf\client\Main.java > Line: 297 > Main.java, lines 291-313: > {code} > 291 private static SshAgent startAgent(String user, URL privateKeyUrl, String > keyFile) { > 292 InputStream is = null; > 293 try { > 294 SshAgent agent = new AgentImpl(); > 295 is = privateKeyUrl.openStream(); > 296 ObjectInputStream r = new ObjectInputStream(is); > 297 KeyPair keyPair = (KeyPair) r.readObject(); > 298 is.close(); > 299 agent.addIdentity(keyPair, user); > 300 if (keyFile != null) { > 301 String[] keyFiles = new String[]{keyFile}; > 302 FileKeyPairProvider fileKeyPairProvider = new > FileKeyPairProvider(keyFiles); > 303 for (KeyPair key : fileKeyPairProvider.loadKeys()) { > 304 agent.addIdentity(key, user); > 305 } > 306 } > 307 return agent; > 308 } catch (Throwable e) { > 309 close(is); > 310 System.err.println("Error starting ssh agent for: " + > e.getMessage()); > 311 return null; > 312 } > 313 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4210) Unreleased Resource: Streams
[ https://issues.apache.org/jira/browse/KARAF-4210?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4210: Fix Version/s: (was: 4.0.8) 4.0.9 > Unreleased Resource: Streams > > > Key: KARAF-4210 > URL: https://issues.apache.org/jira/browse/KARAF-4210 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > The function getLocalRepoFromConfig() in MavenConfigService.java sometimes > fails to release a system resource allocated by FileInputStream() on line 74. > File: > bundle/core/src/main/java/org/apache/karaf/bundle/core/internal/MavenConfigService.java > Line: 74 > MavenConfigService.java, lines 66-76: > 66 static String getLocalRepoFromConfig(Dictionarydict) > throws XMLStreamException, FileNotFoundException { > 67 String path = null; > 68 if (dict != null) { > 69 path = (String) dict.get("org.ops4j.pax.url.mvn.localRepository"); > 70 if (path == null) { > 71 String settings = (String) > dict.get("org.ops4j.pax.url.mvn.settings"); > 72 if (settings != null) { > 73 File file = new File(settings); > 74 XMLStreamReader reader = > XMLInputFactory.newFactory().createXMLStreamReader(new FileInputStream(file)); > 75 try { > 76 int event; -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4213) Public cloneable() Method Without Final ('Object Hijack')
[ https://issues.apache.org/jira/browse/KARAF-4213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4213: Fix Version/s: (was: 4.0.8) 4.0.9 > Public cloneable() Method Without Final ('Object Hijack') > - > > Key: KARAF-4213 > URL: https://issues.apache.org/jira/browse/KARAF-4213 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > A class has a cloneable() method that is not declared final, which allows an > object to be created without calling the constructor. This can cause the > object to be in an unexpected state. > File: > util\src\main\java\org\apache\karaf\util\collections\CopyOnWriteArrayIdentityList.java > Line: 247 > CopyOnWriteArrayIdentityList.java, lines 246-255: > {code} > 246 @Override > 247 public Object clone() { > 248 try { > 249 CopyOnWriteArrayIdentityList thisClone = > (CopyOnWriteArrayIdentityList) super.clone(); > 250 thisClone.setData(this.getData()); > 251 return thisClone; > 252 } catch (CloneNotSupportedException e) { > 253 throw new RuntimeException("CloneNotSupportedException is not > expected here"); > 254 } > 255 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4212) Null Dereference
[ https://issues.apache.org/jira/browse/KARAF-4212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4212: Fix Version/s: (was: 4.0.8) 4.0.9 > Null Dereference > > > Key: KARAF-4212 > URL: https://issues.apache.org/jira/browse/KARAF-4212 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > The method execute() in LoadTest.java can crash the program by dereferencing > a null pointer on line 71. > File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java > Line: 71 > LoadTest.java, lines 65-74: > {code} > 65 @Override > 66 public Object execute() throws Exception { > 67 if (!confirm(session)) { > 68 return null; > 69 } > 70 final BundleContext bundleContext = > this.bundleContext.getBundle(0).getBundleContext(); > 71 final FrameworkWiring wiring = > bundleContext.getBundle().adapt(FrameworkWiring.class); > 72 final CountDownLatch latch = new CountDownLatch(threads); > 73 final Bundle[] bundles = bundleContext.getBundles(); > 74 final AtomicBoolean[] locks = new AtomicBoolean[bundles.length]; > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4211) Portability Flaw: Locale Dependent Comparison
[ https://issues.apache.org/jira/browse/KARAF-4211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4211: Fix Version/s: (was: 4.0.8) 4.0.9 > Portability Flaw: Locale Dependent Comparison > - > > Key: KARAF-4211 > URL: https://issues.apache.org/jira/browse/KARAF-4211 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > The call to compareTo() on line 109 causes portability problems because it > has different locales which may lead to unexpected output. This may also > circumvent custom validation routines. > File: > features/command/src/main/java/org/apache/karaf/features/command/ListFeaturesCommand.java > Line: 109 > ListFeaturesCommand.java, lines 107-111: > 107 class FeatureComparator implements Comparator { > 108 public int compare(Feature o1, Feature o2) { > 109 return o1.getName().toLowerCase().compareTo( > o2.getName().toLowerCase() ); > 110 } > 111 } -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4209) Weak XML Schema: Unbounded Occurrences
[ https://issues.apache.org/jira/browse/KARAF-4209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4209: Fix Version/s: (was: 4.0.8) 4.0.9 > Weak XML Schema: Unbounded Occurrences > -- > > Key: KARAF-4209 > URL: https://issues.apache.org/jira/browse/KARAF-4209 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > Setting a maxOccurs value to unbounded can lead to resources exhaustion and > ultimately a denial of service. > File: > features/core/src/main/resources/org/apache/karaf/features/karaf-features-1.0.0.xsd > Line: 64 > karaf-features-1.0.0.xsd, lines 64-77: > 64 > 65 > 66 > 67 > 70 > 71 > 72 > 73 > 74 > 75 > 76 > 77 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4205) Privacy Violation
[ https://issues.apache.org/jira/browse/KARAF-4205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4205: Fix Version/s: (was: 4.0.8) 4.0.9 > Privacy Violation > - > > Key: KARAF-4205 > URL: https://issues.apache.org/jira/browse/KARAF-4205 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis of the karaf source code. > The method find() in GogoParser.java mishandles confidential information, > which can compromise user privacy and is often illegal. > File: > shell/core/src/main/java/org/apache/karaf/shell/support/parsing/GogoParser.java > Line: 332 > GogoParser.java, lines 329-333: > 329 while (level != 0) { > 330 if (eof()) { > 331 throw new RuntimeException("Eof found in the middle of a compound > for '" > 332 + target + deeper + "', begins at " + context(start)); > 333 } -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4204) Weak SecurityManager Check: Overridable Method
[ https://issues.apache.org/jira/browse/KARAF-4204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4204: Fix Version/s: (was: 4.0.8) 4.0.9 > Weak SecurityManager Check: Overridable Method > -- > > Key: KARAF-4204 > URL: https://issues.apache.org/jira/browse/KARAF-4204 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis of the karaf source code. > Non-final methods that perform security checks can be overridden in ways that > bypass security checks. See external issue for more information. > File: exception/src/main/java/java/lang/Exception.java > Line: 137 > Exception.java, lines 137-153: > {code} > 137 public Class[] getThrowableContext(Throwable t) { > 138 try { > 139 Class[] context = getClassContext(); > 140 int nb = 0; > 141 for (;;) { > 142 if (context[context.length - 1 - nb] == t.getClass()) { > 143 break; > 144 } > 145 nb++; > 146 } > 147 Class[] nc = new Class[nb]; > 148 System.arraycopy(context, context.length - nb, nc, 0, nb); > 149 return nc; > 150 } catch (Exception e) { > 151 return null; > 152 } > 153 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4174) NullPointerException when running obr:info on a bundle served by cave
[ https://issues.apache.org/jira/browse/KARAF-4174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4174: Fix Version/s: (was: 4.0.8) 4.0.9 > NullPointerException when running obr:info on a bundle served by cave > - > > Key: KARAF-4174 > URL: https://issues.apache.org/jira/browse/KARAF-4174 > Project: Karaf > Issue Type: Bug > Components: cave-server, karaf-repository >Affects Versions: 4.0.4 >Reporter: Marton Papp >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, cave-4.0.1, 4.0.9 > > > Hello, > I am using Cave 4.0.0 with Karaf 4.0.4-SNAPSHOT (after having the same > problem with 4.0.3) and I get a NullPointerException when running the > obr:info command on a bundle. > To reproduce: > __ __ >/ //_/ __ _/ __/ > / ,< / __ `/ ___/ __ `/ /_ > / /| |/ /_/ / / / /_/ / __/ > /_/ |_|\__,_/_/ \__,_/_/ > Apache Karaf (4.0.4-SNAPSHOT) > Hit '' for a list of available commands > and '[cmd] --help' for help on a specific command. > Hit '' or type 'system:shutdown' or 'logout' to shutdown Karaf. > karaf@root()> feature:repo-add cave 4.0.0 > Adding feature url > mvn:org.apache.karaf.cave/apache-karaf-cave/4.0.0/xml/features > karaf@root()> feature:install cave-server > karaf@root()> cave:repository-create my-repository > karaf@root()> cave:repository-upload my-repository > mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.ant/1.7.0_5 > karaf@root()> feature:install obr > karaf@root()> obr:url-add > http://localhost:8181/cave/http/my-repository-repository.xml > karaf@root()> obr:list > Name | Symbolic Name | Version > -- > | org.apache.servicemix.bundles.ant | 1.7.0.5 > karaf@root()> obr:info org.apache.servicemix.bundles.ant > Error executing command: java.lang.NullPointerException > karaf@root()> display -n 3 > 2015-12-05 18:40:26,319 | INFO | pool-50-thread-1 | bundle > | 56 - org.apache.aries.spifly.dynamic.bundle - 1.0.1 | No > 'SPI-Provider' Manifest header. Skipping bundle: org.apache.karaf.obr.core > 2015-12-05 18:40:26,319 | INFO | pool-50-thread-1 | FeaturesServiceImpl > | 9 - org.apache.karaf.features.core - 4.0.4.SNAPSHOT | Done. > 2015-12-05 18:40:40,518 | ERROR | nsole user karaf | ShellUtil > | 44 - org.apache.karaf.shell.core - 4.0.4.SNAPSHOT | Exception > caught while executing command > java.lang.NullPointerException > at > org.apache.karaf.obr.command.InfoCommand.printResource(InfoCommand.java:65)[118:org.apache.karaf.obr.core:4.0.4.SNAPSHOT] > at > org.apache.karaf.obr.command.InfoCommand.doExecute(InfoCommand.java:57)[118:org.apache.karaf.obr.core:4.0.4.SNAPSHOT] > at > org.apache.karaf.obr.command.ObrCommandSupport.execute(ObrCommandSupport.java:58)[118:org.apache.karaf.obr.core:4.0.4.SNAPSHOT] > at > org.apache.karaf.shell.impl.action.command.ActionCommand.execute(ActionCommand.java:83)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.karaf.shell.impl.console.osgi.secured.SecuredCommand.execute(SecuredCommand.java:67)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.karaf.shell.impl.console.osgi.secured.SecuredCommand.execute(SecuredCommand.java:87)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:480)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:406)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.felix.gogo.runtime.Closure.execute(Closure.java:182)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.felix.gogo.runtime.Closure.execute(Closure.java:119)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:94)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at > org.apache.karaf.shell.impl.console.ConsoleSessionImpl.run(ConsoleSessionImpl.java:270)[44:org.apache.karaf.shell.core:4.0.4.SNAPSHOT] > at java.lang.Thread.run(Thread.java:745)[:1.8.0_60] > karaf@root()> > Regards -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4200) Privacy Violation: Heap Inspection
[ https://issues.apache.org/jira/browse/KARAF-4200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4200: Fix Version/s: (was: 4.0.8) 4.0.9 > Privacy Violation: Heap Inspection > -- > > Key: KARAF-4200 > URL: https://issues.apache.org/jira/browse/KARAF-4200 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify and SciTools Understand were used to perform an application > security scan on the karaf source code. > The method login() in JDBCLoginModule.java stores sensitive data in a String > object on line 95, making it impossible to reliably purge the data from > memory. > JDBCLoginModule.java, lines 88-96: > {code} > 88 user = ((NameCallback) callbacks[0]).getName(); > 89 > 90 char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword(); > 91 if (tmpPassword == null) { > 92 tmpPassword = new char[0]; > 93 } > 94 > 95 String password = new String(tmpPassword); > 96 principals = new HashSet<>(); > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4162) Wrap deployer does not add default versions to exported packages
[ https://issues.apache.org/jira/browse/KARAF-4162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4162: Fix Version/s: (was: 4.0.8) 4.0.9 > Wrap deployer does not add default versions to exported packages > > > Key: KARAF-4162 > URL: https://issues.apache.org/jira/browse/KARAF-4162 > Project: Karaf > Issue Type: Bug > Components: karaf-feature >Affects Versions: 4.0.3 >Reporter: Aleksei Lissitsin > Fix For: 4.1.0, 4.0.9 > > Attachments: export-package-actual.txt, export-package-expected.txt, > spring-beans-4.1.7.RELEASE.jar > > > Wrap deployer does not add default versions to exported packages but should. > Try, e.g., with the provided spring-beans jar. > My attempts to override this behaviour by using bundle:install with wrap url > containing '-nodefaultversion=false' failed too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4109) For backward compatibility, support the resolver attribute in features XML
[ https://issues.apache.org/jira/browse/KARAF-4109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4109: Fix Version/s: (was: 4.0.8) 4.0.9 > For backward compatibility, support the resolver attribute in features XML > -- > > Key: KARAF-4109 > URL: https://issues.apache.org/jira/browse/KARAF-4109 > Project: Karaf > Issue Type: Bug > Components: karaf-archetypes, karaf-feature >Affects Versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3 >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.9 > > > The resolver attribute in features XML is not supported anymore throwing > errors at installation time. > We have to: > 1. fix the feature archetype to remove the reference to the resolver attribute > 2. for backward compatibility, it makes sense to support the resolver > attribute even if we don't really use it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4105) karaf-assembly fails when used Maven versions do not match derived OSGi versions
[ https://issues.apache.org/jira/browse/KARAF-4105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4105: Fix Version/s: (was: 4.0.8) 4.0.9 > karaf-assembly fails when used Maven versions do not match derived OSGi > versions > > > Key: KARAF-4105 > URL: https://issues.apache.org/jira/browse/KARAF-4105 > Project: Karaf > Issue Type: Bug > Components: karaf-tooling >Affects Versions: 4.0.3 >Reporter: Oliver Lietz >Assignee: Jean-Baptiste Onofré > Fix For: 4.1.0, 4.0.9 > > > e.g. {{$\{project.version\}}} {{0.1.1-SNAPSHOT}} and {{0.1.1.SNAPSHOT}} do > not match in {{org.apache.karaf.profile.assembly.Builder}} > See mail thread [\[K4.0.3\] custom distribution and > kar|http://mail-archives.apache.org/mod_mbox/karaf-user/201511.mbox/%3c7781910.EKNrsAyV2X@madness%3e] > for more. -- This message was sent by Atlassian JIRA (v6.3.4#6332)