[jira] [Updated] (OFBIZ-10845) Product Search Constraint on CountBy...methods
[ https://issues.apache.org/jira/browse/OFBIZ-10845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ingo Wolfmayr updated OFBIZ-10845: -- Attachment: SearchCount.patch > Product Search Constraint on CountBy...methods > -- > > Key: OFBIZ-10845 > URL: https://issues.apache.org/jira/browse/OFBIZ-10845 > Project: OFBiz > Issue Type: Bug > Components: ecommerce, product >Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk, > Release Branch 15.12, Release Branch 16.11 >Reporter: Ingo Wolfmayr >Priority: Minor > Fix For: Release Branch 13.07, Release Branch 14.12, Trunk, > Release Branch 15.12, Release Branch 16.11 > > Attachments: SearchCount.patch > > > If a search constraint like featuresId or categorieId is applied, the > CountBy...methods in the ProductSearchSession fail. > Error: mainProductId field is missing. > Attached is a patch that fixes the problem. > *Test:* > # Enable LayeredNavigation function in ecommerce module. > # Add feature "TEXT_BLACK" to product GZ-1000 as standard feature > # Add "ProductSearchSession.searchAddConstraint(new > ProductSearch.FeatureConstraint("TEXT_BLACK", true), session);" in > LayeredNavigation.groovy before "result = > ProductSearchSession.getProductSearchResult(request, delegator, > prodCatalogId);" > # Navigate to the product via category menu. > # --> GZ-1000 should not be visible + no error message -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (OFBIZ-10845) Product Search Constraint on CountBy...methods
Ingo Wolfmayr created OFBIZ-10845: - Summary: Product Search Constraint on CountBy...methods Key: OFBIZ-10845 URL: https://issues.apache.org/jira/browse/OFBIZ-10845 Project: OFBiz Issue Type: Bug Components: ecommerce, product Affects Versions: Release Branch 16.11, Release Branch 15.12, Trunk, Release Branch 14.12, Release Branch 13.07 Reporter: Ingo Wolfmayr Fix For: Release Branch 16.11, Release Branch 15.12, Trunk, Release Branch 14.12, Release Branch 13.07 If a search constraint like featuresId or categorieId is applied, the CountBy...methods in the ProductSearchSession fail. Error: mainProductId field is missing. Attached is a patch that fixes the problem. *Test:* # Enable LayeredNavigation function in ecommerce module. # Add feature "TEXT_BLACK" to product GZ-1000 as standard feature # Add "ProductSearchSession.searchAddConstraint(new ProductSearch.FeatureConstraint("TEXT_BLACK", true), session);" in LayeredNavigation.groovy before "result = ProductSearchSession.getProductSearchResult(request, delegator, prodCatalogId);" # Navigate to the product via category menu. # --> GZ-1000 should not be visible + no error message -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782712#comment-16782712 ] Jacques Le Roux commented on OFBIZ-10700: - It works here with [^OWASP-failure.patch] applied {noformat} C:\projectsASF\ofbiz>gradlew -PenableOwasp dependencyCheckAnalyze > Task :dependencyCheckAnalyze Verifying dependencies for project ofbiz Checking for updates and analyzing vulnerabilities for dependencies A new version of dependency-check is available. Consider updating to version 5.0.0.m1. Unable to download pom.xml for org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.batik.transcoder-1.6.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.batik.xml-1.6.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.xerces-2.9.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for Tidy-1.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.w3c.css.sac-1.3.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.commons.codec-1.3.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for aspectjrt-1.5.3.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for antlr-2.7.6.jar from Central; this could result in undetected CPE/CVEs. > Task :dependencyCheckAnalyze Generating report for project ofbiz Found 498 vulnerabilities in project ofbiz One or more dependencies were identified with known vulnerabilities: asciidoctorj-1.5.7.jar (cpe:/a:jruby:jruby:1.5.7, org.asciidoctor:asciidoctorj:1.5.7) : CVE-2011-4838, CVE-2012-5370 [...] {noformat} > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch, > OWASP-failure.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782674#comment-16782674 ] Mathieu Lirzin edited comment on OFBIZ-10700 at 3/3/19 11:34 AM: - Here you are [^OWASP-failure.patch] :) I observe the same behavior when checking out revision 1854593 which corresponds to the commit before [^OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch] has been applied. In fact the error message I get is not stable, here is what I am getting currenly when running {{./gradlew -PenableOwasp dependencyCheckAnalyze}}: {code:java} > Task :dependencyCheckAnalyze Verifying dependencies for project ofbiz Checking for updates and analyzing vulnerabilities for dependencies Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. No documents exist Unable to continue dependency-check analysis. > Task :dependencyCheckAnalyze FAILED {code} was (Author: mthl): Here you are [^OWASP-failure.patch] :) I observe the same behavior when checking out revision 1854593 which correspond the commit before [^OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch] has been applied. In fact the error message I get is not stable, here is what I am getting currenly when running {{./gradlew -PenableOwasp dependencyCheckAnalyze}}: {code:java} > Task :dependencyCheckAnalyze Verifying dependencies for project ofbiz Checking for updates and analyzing vulnerabilities for dependencies Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. No documents exist Unable to continue dependency-check analysis. > Task :dependencyCheckAnalyze FAILED {code} > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch, > OWASP-failure.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782674#comment-16782674 ] Mathieu Lirzin commented on OFBIZ-10700: Here you are [^OWASP-failure.patch] :) I observe the same behavior when checking out revision 1854593 which correspond the commit before [^OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch] has been applied. In fact the error message I get is not stable, here is what I am getting currenly when running {{./gradlew -PenableOwasp dependencyCheckAnalyze}}: {code:java} > Task :dependencyCheckAnalyze Verifying dependencies for project ofbiz Checking for updates and analyzing vulnerabilities for dependencies Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. No documents exist Unable to continue dependency-check analysis. > Task :dependencyCheckAnalyze FAILED {code} > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch, > OWASP-failure.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mathieu Lirzin updated OFBIZ-10700: --- Attachment: OWASP-failure.patch > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch, > OWASP-failure.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (OFBIZ-10844) Ecommerce AnonContactus.ftl doesn't work
Schumann Ye created OFBIZ-10844: --- Summary: Ecommerce AnonContactus.ftl doesn't work Key: OFBIZ-10844 URL: https://issues.apache.org/jira/browse/OFBIZ-10844 Project: OFBiz Issue Type: Bug Components: ecommerce Affects Versions: 16.11.04 Environment: Win10 + OFBiz 16.11.04 + mysql. Reporter: Schumann Ye Ecommerce "Contact Us" with anonymous login doesn't work after filling in email and all necessary info. The root cause is the simple method "sendContactUsEmailToCompany" within the file \applications\party\minilang\communication\CommunicationEventServices.xml has defined the field "sendFrom" as inputted email address from the anonymous users. To fix it, it should be changed as follows: While the email "yourmailaddr...@example.com" should have been properly set up in your system. It works for me! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10757) Upgrade OFBiz to use Java JDK Version 11
[ https://issues.apache.org/jira/browse/OFBIZ-10757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782667#comment-16782667 ] Deepak Dixit commented on OFBIZ-10757: -- Done code improvement to fix the warnings at Trunk at r{color:#22}1853904{color}, r{color:#22}1853905, r1854683, r1854684, {color} {color:#22}and{color} {color:#22}R18.12 at r1854689, r1854690, r1854692, r1854693 {color} > Upgrade OFBiz to use Java JDK Version 11 > > > Key: OFBIZ-10757 > URL: https://issues.apache.org/jira/browse/OFBIZ-10757 > Project: OFBiz > Issue Type: Improvement >Reporter: Taher Alkhateeb >Priority: Minor > Attachments: OFBIZ-10757-framework.patch, > OFBIZ-10757-framework.patch, OFBIZ-10757-framework.patch, > OFBIZ-10757-framework.patch, OFBIZ-10757-plugins.patch, > OFBIZ-10757-plugins.patch > > > To implement as per [Discussion > Thread|https://lists.apache.org/thread.html/71b8c1048f1dd4c5b3f104233c9af7b2cbc690863fe35b08ef91fcf5@%3Cdev.ofbiz.apache.org%3E] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782646#comment-16782646 ] Jacques Le Roux edited comment on OFBIZ-10700 at 3/3/19 10:53 AM: -- Actually let's think about it. I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at [https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check] {quote}Since OFBiz uses Gradle, all dependent libraries (ie also dependencies from the libraries OFBiz uses and recursively) are loaded by Gradle and analysed by the OWASP Dependency Check plugin. So it's materially impossible to check all the possible vulnerabilities. I decided to only check the higher ones, currently (2017-09-29) we have only already know ones: {quote} So one option would be to completly remove this feature, what do you think, should we not discuss that on dev ML? was (Author: jacques.le.roux): Actually let's think about it. I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at [https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:] {quote}Since OFBiz uses Gradle, all dependent libraries (ie also dependencies from the libraries OFBiz uses and recursively) are loaded by Gradle and analysed by the OWASP Dependency Check plugin. So it's materially impossible to check all the possible vulnerabilities. I decided to only check the higher ones, currently (2017-09-29) we have only already know ones: {quote} So one option would be to completly remove this feature, what do you think, should we not discuss that on dev ML? > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782663#comment-16782663 ] Jacques Le Roux commented on OFBIZ-10700: - Mathieu, Please provide a patch... > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782662#comment-16782662 ] Jacques Le Roux commented on OFBIZ-10700: - Michael, I started a convo on dev ML, better discuss there... > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782661#comment-16782661 ] Jacques Le Roux commented on OFBIZ-10700: - Yes, Jira is stupidely adding the ":" in the URL, removed > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782658#comment-16782658 ] Jacques Le Roux edited comment on OFBIZ-10700 at 3/3/19 10:49 AM: -- {quote}Actually let's think about it. I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at [https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check |https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:] {quote} This link does not work for me. {quote}So one option would be to completly remove this feature, what do you think, should we not discuss that on dev ML? {quote} I did not get the point why you want to disable the feature? was (Author: mbrohl): {quote}Actually let's think about it. I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at [https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:] {quote} This link does not work for me. {quote}So one option would be to completly remove this feature, what do you think, should we not discuss that on dev ML? {quote} I did not get the point why you want to disable the feature? > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782660#comment-16782660 ] Mathieu Lirzin commented on OFBIZ-10700: Hello [~mbrohl], the actual link is https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check without the final ':' > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782658#comment-16782658 ] Michael Brohl commented on OFBIZ-10700: --- {quote}Actually let's think about it. I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at [https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:] {quote} This link does not work for me. {quote}So one option would be to completly remove this feature, what do you think, should we not discuss that on dev ML? {quote} I did not get the point why you want to disable the feature? > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782657#comment-16782657 ] Mathieu Lirzin commented on OFBIZ-10700: Hello [~jacques.le.roux], I tried the version proposed by [~shi.jinghai] which fixes the Gradle DSL bug I introduced. However I now get the following error when running {{./gradlew -PenableOwasp dependencyCheckAnalyze}}: {code} > Task :dependencyCheckAnalyze Verifying dependencies for project ofbiz Checking for updates and analyzing vulnerabilities for dependencies IO Exception: Connection reset IO Exception: Connection reset IO Exception: Connection reset IO Exception: Connection reset IO Exception: Connection reset > Task :dependencyCheckAnalyze FAILED Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD. Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. No documents exist Unable to continue dependency-check analysis. IO Exception: Connection reset FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':dependencyCheckAnalyze'. > Analysis failed. * Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights. * Get more help at https://help.gradle.org BUILD FAILED in 8s 1 actionable task: 1 executed {code} Do you get same results? > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782649#comment-16782649 ] Jacques Le Roux commented on OFBIZ-10700: - I start a convo on dev ML... > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782648#comment-16782648 ] Jacques Le Roux commented on OFBIZ-10700: - BTW I just had a look and the report (in build\reports) is barely usable, for instance reports about * apache:xml-rpc:3.1.3 was fixed in OFBiz (it's [CVE-2011-3600|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3600] which is unclear because Archiva and the ASF at large did not report text to the CVE, cf *[CVE-2016-5002|https://nvd.nist.gov/vuln/detail/CVE-2016-5002]*) * groovy-2.4.15.jar not a problem we use groovy-2.4.16.jar * tomcat-catalina-9.0.13.jar, makes no sense, no problem there. I did not dig further, but I believe unfortunately unlike before this report is useless and time wasting. > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782646#comment-16782646 ] Jacques Le Roux commented on OFBIZ-10700: - Actually let's think about it. I added the OWASP Dependency Check feature before we switched to Gradle. It was then really useful, but it's no disputable as explained at [https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:] {quote}Since OFBiz uses Gradle, all dependent libraries (ie also dependencies from the libraries OFBiz uses and recursively) are loaded by Gradle and analysed by the OWASP Dependency Check plugin. So it's materially impossible to check all the possible vulnerabilities. I decided to only check the higher ones, currently (2017-09-29) we have only already know ones: {quote} So one option would be to completly remove this feature, what do you think, should we not discuss that on dev ML? > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Reopened] (OFBIZ-10700) Use the Gradle Plugin DSL
[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux reopened OFBIZ-10700: - Sorry Guys, I reopen, this is what I get on Win7 {noformat} C:\projectsASF\ofbiz>gradlew -PenableOwasp dependencyCheckAnalyze FAILURE: Build failed with an exception. * Where: Build file 'C:\projectsASF\ofbiz\build.gradle' line: 44 * What went wrong: A problem occurred evaluating root project 'ofbiz'. > Could not find method plugins() for arguments > [build_6doovu22fvyxt2xqr7mryg9wi$_run_closure1@327119ce] on root project > 'ofbiz' of type org.gradle.api.Project. * Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights. * Get more help at https://help.gradle.org BUILD FAILED in 0s C:\projectsASF\ofbiz> {noformat} > Use the Gradle Plugin DSL > - > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Mathieu Lirzin >Assignee: Mathieu Lirzin >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)