[jira] [Updated] (OFBIZ-10845) Product Search Constraint on CountBy...methods
[
https://issues.apache.org/jira/browse/OFBIZ-10845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ingo Wolfmayr updated OFBIZ-10845:
--
Attachment: SearchCount.patch
> Product Search Constraint on CountBy...methods
> --
>
> Key: OFBIZ-10845
> URL: https://issues.apache.org/jira/browse/OFBIZ-10845
> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce, product
>Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk,
> Release Branch 15.12, Release Branch 16.11
>Reporter: Ingo Wolfmayr
>Priority: Minor
> Fix For: Release Branch 13.07, Release Branch 14.12, Trunk,
> Release Branch 15.12, Release Branch 16.11
>
> Attachments: SearchCount.patch
>
>
> If a search constraint like featuresId or categorieId is applied, the
> CountBy...methods in the ProductSearchSession fail.
> Error: mainProductId field is missing.
> Attached is a patch that fixes the problem.
> *Test:*
> # Enable LayeredNavigation function in ecommerce module.
> # Add feature "TEXT_BLACK" to product GZ-1000 as standard feature
> # Add "ProductSearchSession.searchAddConstraint(new
> ProductSearch.FeatureConstraint("TEXT_BLACK", true), session);" in
> LayeredNavigation.groovy before "result =
> ProductSearchSession.getProductSearchResult(request, delegator,
> prodCatalogId);"
> # Navigate to the product via category menu.
> # --> GZ-1000 should not be visible + no error message
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (OFBIZ-10845) Product Search Constraint on CountBy...methods
Ingo Wolfmayr created OFBIZ-10845:
-
Summary: Product Search Constraint on CountBy...methods
Key: OFBIZ-10845
URL: https://issues.apache.org/jira/browse/OFBIZ-10845
Project: OFBiz
Issue Type: Bug
Components: ecommerce, product
Affects Versions: Release Branch 16.11, Release Branch 15.12, Trunk,
Release Branch 14.12, Release Branch 13.07
Reporter: Ingo Wolfmayr
Fix For: Release Branch 16.11, Release Branch 15.12, Trunk,
Release Branch 14.12, Release Branch 13.07
If a search constraint like featuresId or categorieId is applied, the
CountBy...methods in the ProductSearchSession fail.
Error: mainProductId field is missing.
Attached is a patch that fixes the problem.
*Test:*
# Enable LayeredNavigation function in ecommerce module.
# Add feature "TEXT_BLACK" to product GZ-1000 as standard feature
# Add "ProductSearchSession.searchAddConstraint(new
ProductSearch.FeatureConstraint("TEXT_BLACK", true), session);" in
LayeredNavigation.groovy before "result =
ProductSearchSession.getProductSearchResult(request, delegator, prodCatalogId);"
# Navigate to the product via category menu.
# --> GZ-1000 should not be visible + no error message
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782712#comment-16782712
]
Jacques Le Roux commented on OFBIZ-10700:
-
It works here with [^OWASP-failure.patch] applied
{noformat}
C:\projectsASF\ofbiz>gradlew -PenableOwasp dependencyCheckAnalyze
> Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing vulnerabilities for dependencies
A new version of dependency-check is available. Consider updating to version
5.0.0.m1.
Unable to download pom.xml for
org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar from
Central; this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.batik.transcoder-1.6.0.jar from
Central; this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.batik.xml-1.6.0.jar from Central;
this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.xerces-2.9.0.jar from Central; this
could result in undetected CPE/CVEs.
Unable to download pom.xml for
org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar from Central;
this could result in undetected CPE/CVEs.
Unable to download pom.xml for Tidy-1.jar from Central; this could result in
undetected CPE/CVEs.
Unable to download pom.xml for org.w3c.css.sac-1.3.0.jar from Central; this
could result in undetected CPE/CVEs.
Unable to download pom.xml for
org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar
from Central; this could result in undetected CPE/CVEs.
Unable to download pom.xml for org.apache.commons.codec-1.3.0.jar from Central;
this could result in undetected CPE/CVEs.
Unable to download pom.xml for aspectjrt-1.5.3.jar from Central; this could
result in undetected CPE/CVEs.
Unable to download pom.xml for antlr-2.7.6.jar from Central; this could result
in undetected CPE/CVEs.
> Task :dependencyCheckAnalyze
Generating report for project ofbiz
Found 498 vulnerabilities in project ofbiz
One or more dependencies were identified with known vulnerabilities:
asciidoctorj-1.5.7.jar (cpe:/a:jruby:jruby:1.5.7,
org.asciidoctor:asciidoctorj:1.5.7) : CVE-2011-4838, CVE-2012-5370
[...]
{noformat}
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch,
> OWASP-failure.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782674#comment-16782674
]
Mathieu Lirzin edited comment on OFBIZ-10700 at 3/3/19 11:34 AM:
-
Here you are [^OWASP-failure.patch] :)
I observe the same behavior when checking out revision 1854593 which
corresponds to the commit before
[^OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch] has been applied.
In fact the error message I get is not stable, here is what I am getting
currenly when running {{./gradlew -PenableOwasp dependencyCheckAnalyze}}:
{code:java}
> Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing vulnerabilities for dependencies
Unable to update Cached Web DataSource, using local data instead. Results may
not include recent vulnerabilities.
No documents exist
Unable to continue dependency-check analysis.
> Task :dependencyCheckAnalyze FAILED
{code}
was (Author: mthl):
Here you are [^OWASP-failure.patch] :)
I observe the same behavior when checking out revision 1854593 which
correspond the commit before
[^OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch] has been applied.
In fact the error message I get is not stable, here is what I am getting
currenly when running {{./gradlew -PenableOwasp dependencyCheckAnalyze}}:
{code:java}
> Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing vulnerabilities for dependencies
Unable to update Cached Web DataSource, using local data instead. Results may
not include recent vulnerabilities.
No documents exist
Unable to continue dependency-check analysis.
> Task :dependencyCheckAnalyze FAILED
{code}
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch,
> OWASP-failure.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782674#comment-16782674
]
Mathieu Lirzin commented on OFBIZ-10700:
Here you are [^OWASP-failure.patch] :)
I observe the same behavior when checking out revision 1854593 which
correspond the commit before
[^OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch] has been applied.
In fact the error message I get is not stable, here is what I am getting
currenly when running {{./gradlew -PenableOwasp dependencyCheckAnalyze}}:
{code:java}
> Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing vulnerabilities for dependencies
Unable to update Cached Web DataSource, using local data instead. Results may
not include recent vulnerabilities.
No documents exist
Unable to continue dependency-check analysis.
> Task :dependencyCheckAnalyze FAILED
{code}
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch,
> OWASP-failure.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mathieu Lirzin updated OFBIZ-10700:
---
Attachment: OWASP-failure.patch
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch,
> OWASP-failure.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (OFBIZ-10844) Ecommerce AnonContactus.ftl doesn't work
Schumann Ye created OFBIZ-10844: --- Summary: Ecommerce AnonContactus.ftl doesn't work Key: OFBIZ-10844 URL: https://issues.apache.org/jira/browse/OFBIZ-10844 Project: OFBiz Issue Type: Bug Components: ecommerce Affects Versions: 16.11.04 Environment: Win10 + OFBiz 16.11.04 + mysql. Reporter: Schumann Ye Ecommerce "Contact Us" with anonymous login doesn't work after filling in email and all necessary info. The root cause is the simple method "sendContactUsEmailToCompany" within the file \applications\party\minilang\communication\CommunicationEventServices.xml has defined the field "sendFrom" as inputted email address from the anonymous users. To fix it, it should be changed as follows: While the email "yourmailaddr...@example.com" should have been properly set up in your system. It works for me! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10757) Upgrade OFBiz to use Java JDK Version 11
[
https://issues.apache.org/jira/browse/OFBIZ-10757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782667#comment-16782667
]
Deepak Dixit commented on OFBIZ-10757:
--
Done code improvement to fix the warnings at
Trunk at r{color:#22}1853904{color}, r{color:#22}1853905, r1854683,
r1854684, {color}
{color:#22}and{color}
{color:#22}R18.12 at r1854689, r1854690, r1854692, r1854693
{color}
> Upgrade OFBiz to use Java JDK Version 11
>
>
> Key: OFBIZ-10757
> URL: https://issues.apache.org/jira/browse/OFBIZ-10757
> Project: OFBiz
> Issue Type: Improvement
>Reporter: Taher Alkhateeb
>Priority: Minor
> Attachments: OFBIZ-10757-framework.patch,
> OFBIZ-10757-framework.patch, OFBIZ-10757-framework.patch,
> OFBIZ-10757-framework.patch, OFBIZ-10757-plugins.patch,
> OFBIZ-10757-plugins.patch
>
>
> To implement as per [Discussion
> Thread|https://lists.apache.org/thread.html/71b8c1048f1dd4c5b3f104233c9af7b2cbc690863fe35b08ef91fcf5@%3Cdev.ofbiz.apache.org%3E]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782646#comment-16782646
]
Jacques Le Roux edited comment on OFBIZ-10700 at 3/3/19 10:53 AM:
--
Actually let's think about it. I added the OWASP Dependency Check feature
before we switched to Gradle. It was then really useful, but it's no disputable
as explained at
[https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check]
{quote}Since OFBiz uses Gradle, all dependent libraries (ie also dependencies
from the libraries OFBiz uses and recursively) are loaded by Gradle and
analysed by the OWASP Dependency Check plugin. So it's materially impossible to
check all the possible vulnerabilities. I decided to only check the higher
ones, currently (2017-09-29) we have only already know ones:
{quote}
So one option would be to completly remove this feature, what do you think,
should we not discuss that on dev ML?
was (Author: jacques.le.roux):
Actually let's think about it. I added the OWASP Dependency Check feature
before we switched to Gradle. It was then really useful, but it's no disputable
as explained at
[https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:]
{quote}Since OFBiz uses Gradle, all dependent libraries (ie also dependencies
from the libraries OFBiz uses and recursively) are loaded by Gradle and
analysed by the OWASP Dependency Check plugin. So it's materially impossible to
check all the possible vulnerabilities. I decided to only check the higher
ones, currently (2017-09-29) we have only already know ones:
{quote}
So one option would be to completly remove this feature, what do you think,
should we not discuss that on dev ML?
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782663#comment-16782663
]
Jacques Le Roux commented on OFBIZ-10700:
-
Mathieu,
Please provide a patch...
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782662#comment-16782662
]
Jacques Le Roux commented on OFBIZ-10700:
-
Michael,
I started a convo on dev ML, better discuss there...
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782661#comment-16782661
]
Jacques Le Roux commented on OFBIZ-10700:
-
Yes, Jira is stupidely adding the ":" in the URL, removed
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782658#comment-16782658
]
Jacques Le Roux edited comment on OFBIZ-10700 at 3/3/19 10:49 AM:
--
{quote}Actually let's think about it. I added the OWASP Dependency Check
feature before we switched to Gradle. It was then really useful, but it's no
disputable as explained at
[https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
|https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:]
{quote}
This link does not work for me.
{quote}So one option would be to completly remove this feature, what do you
think, should we not discuss that on dev ML?
{quote}
I did not get the point why you want to disable the feature?
was (Author: mbrohl):
{quote}Actually let's think about it. I added the OWASP Dependency Check
feature before we switched to Gradle. It was then really useful, but it's no
disputable as explained at
[https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:]
{quote}
This link does not work for me.
{quote}So one option would be to completly remove this feature, what do you
think, should we not discuss that on dev ML?
{quote}
I did not get the point why you want to disable the feature?
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782660#comment-16782660
]
Mathieu Lirzin commented on OFBIZ-10700:
Hello [~mbrohl],
the actual link is
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
without the final ':'
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782658#comment-16782658
]
Michael Brohl commented on OFBIZ-10700:
---
{quote}Actually let's think about it. I added the OWASP Dependency Check
feature before we switched to Gradle. It was then really useful, but it's no
disputable as explained at
[https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:]
{quote}
This link does not work for me.
{quote}So one option would be to completly remove this feature, what do you
think, should we not discuss that on dev ML?
{quote}
I did not get the point why you want to disable the feature?
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782657#comment-16782657
]
Mathieu Lirzin commented on OFBIZ-10700:
Hello [~jacques.le.roux],
I tried the version proposed by [~shi.jinghai] which fixes the Gradle DSL bug I
introduced. However I now get the following error when running {{./gradlew
-PenableOwasp dependencyCheckAnalyze}}:
{code}
> Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing vulnerabilities for dependencies
IO Exception: Connection reset
IO Exception: Connection reset
IO Exception: Connection reset
IO Exception: Connection reset
IO Exception: Connection reset
> Task :dependencyCheckAnalyze FAILED
Unable to download the NVD CVE data; the results may not include the most
recent CPE/CVEs from the NVD.
Unable to update Cached Web DataSource, using local data instead. Results may
not include recent vulnerabilities.
No documents exist
Unable to continue dependency-check analysis.
IO Exception: Connection reset
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':dependencyCheckAnalyze'.
> Analysis failed.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug
option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 8s
1 actionable task: 1 executed
{code}
Do you get same results?
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782649#comment-16782649
]
Jacques Le Roux commented on OFBIZ-10700:
-
I start a convo on dev ML...
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782648#comment-16782648
]
Jacques Le Roux commented on OFBIZ-10700:
-
BTW I just had a look and the report (in build\reports) is barely usable, for
instance reports about
* apache:xml-rpc:3.1.3 was fixed in OFBiz (it's
[CVE-2011-3600|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3600]
which is unclear because Archiva and the ASF at large did not report text to
the CVE, cf *[CVE-2016-5002|https://nvd.nist.gov/vuln/detail/CVE-2016-5002]*)
* groovy-2.4.15.jar not a problem we use groovy-2.4.16.jar
* tomcat-catalina-9.0.13.jar, makes no sense, no problem there.
I did not dig further, but I believe unfortunately unlike before this report is
useless and time wasting.
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16782646#comment-16782646
]
Jacques Le Roux commented on OFBIZ-10700:
-
Actually let's think about it. I added the OWASP Dependency Check feature
before we switched to Gradle. It was then really useful, but it's no disputable
as explained at
[https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check:]
{quote}Since OFBiz uses Gradle, all dependent libraries (ie also dependencies
from the libraries OFBiz uses and recursively) are loaded by Gradle and
analysed by the OWASP Dependency Check plugin. So it's materially impossible to
check all the possible vulnerabilities. I decided to only check the higher
ones, currently (2017-09-29) we have only already know ones:
{quote}
So one option would be to completly remove this feature, what do you think,
should we not discuss that on dev ML?
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Reopened] (OFBIZ-10700) Use the Gradle Plugin DSL
[
https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux reopened OFBIZ-10700:
-
Sorry Guys,
I reopen, this is what I get on Win7
{noformat}
C:\projectsASF\ofbiz>gradlew -PenableOwasp dependencyCheckAnalyze
FAILURE: Build failed with an exception.
* Where:
Build file 'C:\projectsASF\ofbiz\build.gradle' line: 44
* What went wrong:
A problem occurred evaluating root project 'ofbiz'.
> Could not find method plugins() for arguments
> [build_6doovu22fvyxt2xqr7mryg9wi$_run_closure1@327119ce] on root project
> 'ofbiz' of type org.gradle.api.Project.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug
option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 0s
C:\projectsASF\ofbiz>
{noformat}
> Use the Gradle Plugin DSL
> -
>
> Key: OFBIZ-10700
> URL: https://issues.apache.org/jira/browse/OFBIZ-10700
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
>Affects Versions: Trunk
>Reporter: Mathieu Lirzin
>Assignee: Mathieu Lirzin
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch
>
>
> Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for
> binary plugins instead of the “traditional” {{apply()}} method. See
> [here|https://docs.gradle.org/current/userguide/plugins.html] for more
> details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
