[jira] [Commented] (OFBIZ-11745) plugins in common-theme/webapp/common/js is not monitored by git
[ https://issues.apache.org/jira/browse/OFBIZ-11745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128415#comment-17128415 ] Jacques Le Roux commented on OFBIZ-11745: - Thanks OLivier, Works for me, +1 for commit > plugins in common-theme/webapp/common/js is not monitored by git > > > Key: OFBIZ-11745 > URL: https://issues.apache.org/jira/browse/OFBIZ-11745 > Project: OFBiz > Issue Type: Bug > Components: git >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Major > Fix For: Trunk > > > in .gitignore in root ofbiz directory there is plugins/ > so all directory plugins are ignored > if the line is replace by plugins/* only root directory plugins is ignored -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11304) Install a Checkstyle pre-push (on every committer machine?)
[ https://issues.apache.org/jira/browse/OFBIZ-11304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128394#comment-17128394 ] Jacques Le Roux commented on OFBIZ-11304: - Hi Aditya, Works for me! Sounds like we are ready and we can announce it in the dev ML thread, could you handle it please? > Install a Checkstyle pre-push (on every committer machine?) > --- > > Key: OFBIZ-11304 > URL: https://issues.apache.org/jira/browse/OFBIZ-11304 > Project: OFBiz > Issue Type: Sub-task >Affects Versions: Trunk >Reporter: Jacques Le Roux >Priority: Minor > Fix For: Upcoming Branch > > > The ofbizTrunkFrameworkPlugins build fails when a lint error is detected by > the check gradle task. It's "hard" to exactly know from where lint errors > come among all still present. > I think we should rely on a Checkstyle pre-commit hook like > https://gist.github.com/davetron5000/37350 to complement > tasks.checkstyleMain.maxErrors. This pre-commit hook prevents to commit when > a lint error is present in the commit. > Every committer would have it installed locally and the problem would be gone > with some committers good will. I started a discussion about it at > https://markmail.org/message/guxbsvdkzky7gtdx. Jacopo made the same > proposition years ago: https://markmail.org/message/gkgmko4axj3vtnv3 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11752) CLONE - Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-11752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128391#comment-17128391
]
Jacques Le Roux commented on OFBIZ-11752:
-
Thanks Aditya,
At 1st glance all is OK with me, + 1 for merging
> CLONE - Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-11752
> URL: https://issues.apache.org/jira/browse/OFBIZ-11752
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Aditya Sharma
>Assignee: Aditya Sharma
>Priority: Major
> Labels: Javascript, retire.js, vulnerabilities
>
> Trunk
> {code:java}
> /ofbiz-framework/plugins/solr/webapp/solr/js/require.js
> ↳ jquery 1.7.1
> jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708,
> bug: 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> https://nvd.nist.gov/vuln/detail/CVE-2012-6708
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> https://nvd.nist.gov/vuln/detail/CVE-2015-9251
> http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
> CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop
> CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of
> Object.prototype pollution;
> https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
> severity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may
> introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-cookies.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-resource.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-route.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
>
[jira] [Commented] (OFBIZ-11745) plugins in common-theme/webapp/common/js is not monitored by git
[ https://issues.apache.org/jira/browse/OFBIZ-11745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128384#comment-17128384 ] Olivier Heintz commented on OFBIZ-11745: Thanks Jacques, corrections done in my comment (a lot of s forgot !! ) > plugins in common-theme/webapp/common/js is not monitored by git > > > Key: OFBIZ-11745 > URL: https://issues.apache.org/jira/browse/OFBIZ-11745 > Project: OFBiz > Issue Type: Bug > Components: git >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Major > Fix For: Trunk > > > in .gitignore in root ofbiz directory there is plugins/ > so all directory plugins are ignored > if the line is replace by plugins/* only root directory plugins is ignored -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11745) plugins in common-theme/webapp/common/js is not monitored by git
[ https://issues.apache.org/jira/browse/OFBIZ-11745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128086#comment-17128086 ] Olivier Heintz edited comment on OFBIZ-11745 at 6/8/20, 3:25 PM: - hi Jacques, I mean /plugins/ after previous commit with plugins/* and other commit with plugins as submodule, plugins appear in my eclipse config, and so I generate a .gitignore update for directory plugins, the result was /plugins/ so I search and find that * plugins <= is for all file name plugins * plugins/ <= is for all directory name plugins * plugins/* <= is all files in a directory name plugins * /plugins/ <= the directory plugins in the root directory so my previous commit was wrong, the correct one should be /plugins/ was (Author: holivier): hi Jacques, I mean /plugin/ after previous commit with plugin/* and other commit with plugin as submodule, plugin appear in my eclipse config, and so I generate a .gitignore update for directory plugins, the result was /plugins/ so I search and find that * plugins <= is for all file name plugins * plugins/ <= is for all directory name plugins * plugins/* <= is all files in a directory name plugins * /plugin/ <= the directory plugins in the root directory so my previous commit was wrong, the correct one should be /plugins/ > plugins in common-theme/webapp/common/js is not monitored by git > > > Key: OFBIZ-11745 > URL: https://issues.apache.org/jira/browse/OFBIZ-11745 > Project: OFBiz > Issue Type: Bug > Components: git >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Major > Fix For: Trunk > > > in .gitignore in root ofbiz directory there is plugins/ > so all directory plugins are ignored > if the line is replace by plugins/* only root directory plugins is ignored -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11752) CLONE - Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-11752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128325#comment-17128325
]
Aditya Sharma commented on OFBIZ-11752:
---
Thanks Jacques for the review and reminder about the console error!
I looked into it. It seems to be a very small change, so fixed that into the
same PR. The passing of the document object seems missing from the IIFE call.
https://github.com/apache/ofbiz-framework/pull/186/commits/da0ce0211c05143bbdad50aa7911cc58a4cd1541
> CLONE - Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-11752
> URL: https://issues.apache.org/jira/browse/OFBIZ-11752
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Aditya Sharma
>Assignee: Aditya Sharma
>Priority: Major
> Labels: Javascript, retire.js, vulnerabilities
>
> Trunk
> {code:java}
> /ofbiz-framework/plugins/solr/webapp/solr/js/require.js
> ↳ jquery 1.7.1
> jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708,
> bug: 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> https://nvd.nist.gov/vuln/detail/CVE-2012-6708
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> https://nvd.nist.gov/vuln/detail/CVE-2015-9251
> http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
> CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop
> CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of
> Object.prototype pollution;
> https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
> severity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may
> introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-cookies.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-resource.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-route.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
>
[jira] [Commented] (OFBIZ-11745) plugins in common-theme/webapp/common/js is not monitored by git
[ https://issues.apache.org/jira/browse/OFBIZ-11745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128304#comment-17128304 ] Jacques Le Roux commented on OFBIZ-11745: - Thanks Olivier, Still wondering, /plugin/ or /plugins/ I guess the later, right? > plugins in common-theme/webapp/common/js is not monitored by git > > > Key: OFBIZ-11745 > URL: https://issues.apache.org/jira/browse/OFBIZ-11745 > Project: OFBiz > Issue Type: Bug > Components: git >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Major > Fix For: Trunk > > > in .gitignore in root ofbiz directory there is plugins/ > so all directory plugins are ignored > if the line is replace by plugins/* only root directory plugins is ignored -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11745) plugins in common-theme/webapp/common/js is not monitored by git
[ https://issues.apache.org/jira/browse/OFBIZ-11745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128304#comment-17128304 ] Jacques Le Roux edited comment on OFBIZ-11745 at 6/8/20, 1:37 PM: -- Thanks Olivier, Still wondering, /plugin/ or /plugins/ I guess the later, right? (typo for /plugin/ I guess) was (Author: jacques.le.roux): Thanks Olivier, Still wondering, /plugin/ or /plugins/ I guess the later, right? > plugins in common-theme/webapp/common/js is not monitored by git > > > Key: OFBIZ-11745 > URL: https://issues.apache.org/jira/browse/OFBIZ-11745 > Project: OFBiz > Issue Type: Bug > Components: git >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Major > Fix For: Trunk > > > in .gitignore in root ofbiz directory there is plugins/ > so all directory plugins are ignored > if the line is replace by plugins/* only root directory plugins is ignored -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11752) CLONE - Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-11752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128275#comment-17128275
]
Jacques Le Roux commented on OFBIZ-11752:
-
Hi Aditya,
The PR is OK with me. Did you finally create another PR for the console error
you found?
> CLONE - Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-11752
> URL: https://issues.apache.org/jira/browse/OFBIZ-11752
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Aditya Sharma
>Assignee: Aditya Sharma
>Priority: Major
> Labels: Javascript, retire.js, vulnerabilities
>
> Trunk
> {code:java}
> /ofbiz-framework/plugins/solr/webapp/solr/js/require.js
> ↳ jquery 1.7.1
> jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708,
> bug: 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> https://nvd.nist.gov/vuln/detail/CVE-2012-6708
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> https://nvd.nist.gov/vuln/detail/CVE-2015-9251
> http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
> CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop
> CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of
> Object.prototype pollution;
> https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
> severity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may
> introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-cookies.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-resource.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-route.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
>
[jira] [Closed] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Suraj Khurana closed OFBIZ-11796. - Fix Version/s: 17.12.04 18.12.01 Resolution: Fixed Thanks everyone for your reviews. Closing the ticket. > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Fix For: 18.12.01, 17.12.04 > > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128255#comment-17128255 ] ASF subversion and git services commented on OFBIZ-11796: - Commit 0d285ccaebecf80498479e5317584bf17c7c1a7a in ofbiz-framework's branch refs/heads/release18.12 from Suraj Khurana [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=0d285cc ] Fixed: Unnecessary iterations and setting inventory for all productFacilities in setLastInventoryCount. (OFBIZ-11796) Instead of updating all product facilities records on one inventory item change, we should be changing only specific product facility record for that the inventory item belongs to. Thanks Jacques, Pierre, Pawan and Arun for the review. > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128256#comment-17128256 ] ASF subversion and git services commented on OFBIZ-11796: - Commit f9142039568b93f31eea1f09358ef564d2696cc6 in ofbiz-framework's branch refs/heads/release17.12 from Suraj Khurana [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=f914203 ] Fixed: Unnecessary iterations and setting inventory for all productFacilities in setLastInventoryCount. (OFBIZ-11796) Instead of updating all product facilities records on one inventory item change, we should be changing only specific product facility record for that the inventory item belongs to. Thanks Jacques, Pierre, Pawan and Arun for the review. > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128252#comment-17128252 ] ASF subversion and git services commented on OFBIZ-11796: - Commit a6cf5aafda6561f3fabedeea9007718919d15d02 in ofbiz-framework's branch refs/heads/trunk from Suraj Khurana [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=a6cf5aa ] Fixed: Unnecessary iterations and setting inventory for all productFacilities in setLastInventoryCount. (OFBIZ-11796) Instead of updating all product facilities records on one inventory item change, we should be changing only specific product facility record for that the inventory item belongs to. Thanks Jacques, Pierre, Pawan and Arun for the review. > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128210#comment-17128210 ] Arun Patidar commented on OFBIZ-11796: -- Good catch Suraj !!! > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128205#comment-17128205 ] ASF subversion and git services commented on OFBIZ-11762: - Commit dd1d408bc8aeb77c1c17259b231754544735df92 in ofbiz-plugins's branch refs/heads/trunk from Priya Sharma [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=dd1d408 ] [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762) (#24) * [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762) * [Improved]: Updated all ocurances where we only needed to pass the throwable object, without a message - We have now added one more utility method to handle these cases. (OFBIZ-11762) Co-authored-by: Priya Sharma > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128206#comment-17128206 ] ASF subversion and git services commented on OFBIZ-11762: - Commit dd1d408bc8aeb77c1c17259b231754544735df92 in ofbiz-plugins's branch refs/heads/trunk from Priya Sharma [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=dd1d408 ] [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762) (#24) * [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762) * [Improved]: Updated all ocurances where we only needed to pass the throwable object, without a message - We have now added one more utility method to handle these cases. (OFBIZ-11762) Co-authored-by: Priya Sharma > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128204#comment-17128204 ] ASF subversion and git services commented on OFBIZ-11762: - Commit dd1d408bc8aeb77c1c17259b231754544735df92 in ofbiz-plugins's branch refs/heads/trunk from Priya Sharma [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=dd1d408 ] [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762) (#24) * [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762) * [Improved]: Updated all ocurances where we only needed to pass the throwable object, without a message - We have now added one more utility method to handle these cases. (OFBIZ-11762) Co-authored-by: Priya Sharma > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10791) Unable to add product (of ASSET_USAGE type) in order
[ https://issues.apache.org/jira/browse/OFBIZ-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128202#comment-17128202 ] Priya Sharma commented on OFBIZ-10791: -- Hello Pierre and All, As per my exploration, this issue was specific to the bulk add to cart feature. So I thought of handling it the same way as it is handled for a single item add to cart. In the latter, we are navigated to the product detail page, where you can fill in the reservation start and end date. Thus I have added a condition to render the detail page if the item added is of asset type. But you are still not able to add the details because the submission form does not contain these parameters and it keeps on asking for the required details. Thus updated the markup to enclose the fields in the respective form. !asset-addtocart.png! Please have a look at the approach and suggest if there is a better way to do so. > Unable to add product (of ASSET_USAGE type) in order > > > Key: OFBIZ-10791 > URL: https://issues.apache.org/jira/browse/OFBIZ-10791 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Release Branch 16.11, Release Branch 18.12, Release > Branch 17.12, Trunk >Reporter: Praveen Sharma >Assignee: Priya Sharma >Priority: Major > Labels: ASSET_USAGE, CONTRACT_RENEWAL, PURCHASE_RENTAL, > SALES_RENTAL > Attachments: OFBIZ-10791.patch, Screenshot from 2019-03-09 > 11-05-31.png, Screenshot from 2019-03-09 11-06-20.png, Screenshot from > 2019-03-09 11-06-36.png, asset-addtocart.png > > > Steps to regenerate: > # Login to URL: [https://demo-trunk.ofbiz.apache.org/ordermgr/control/main] > # Click on order entry > # Set customer and click on continue > # Click continue on Enter Order Currency, Agreements, and Ship Dates page > (Please refer attachment: 2-Continue) > # Try to add product from Quick Lookup. > Actual: Unable to add product for order. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10791) Unable to add product (of ASSET_USAGE type) in order
[ https://issues.apache.org/jira/browse/OFBIZ-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Priya Sharma updated OFBIZ-10791: - Attachment: asset-addtocart.png > Unable to add product (of ASSET_USAGE type) in order > > > Key: OFBIZ-10791 > URL: https://issues.apache.org/jira/browse/OFBIZ-10791 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Release Branch 16.11, Release Branch 18.12, Release > Branch 17.12, Trunk >Reporter: Praveen Sharma >Assignee: Priya Sharma >Priority: Major > Labels: ASSET_USAGE, CONTRACT_RENEWAL, PURCHASE_RENTAL, > SALES_RENTAL > Attachments: OFBIZ-10791.patch, Screenshot from 2019-03-09 > 11-05-31.png, Screenshot from 2019-03-09 11-06-20.png, Screenshot from > 2019-03-09 11-06-36.png, asset-addtocart.png > > > Steps to regenerate: > # Login to URL: [https://demo-trunk.ofbiz.apache.org/ordermgr/control/main] > # Click on order entry > # Set customer and click on continue > # Click continue on Enter Order Currency, Agreements, and Ship Dates page > (Please refer attachment: 2-Continue) > # Try to add product from Quick Lookup. > Actual: Unable to add product for order. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128199#comment-17128199 ] ASF subversion and git services commented on OFBIZ-11762: - Commit 5c5af78ffe88059060c0fbdaf87a32fefc3af782 in ofbiz-framework's branch refs/heads/trunk from Priya Sharma [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=5c5af78 ] [Improved]: Overloaded groovy utility method to handle error logging with only throwable object as parameter. (OFBIZ-11762) (#194) Co-authored-by: Priya Sharma > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128200#comment-17128200 ] Jacques Le Roux commented on OFBIZ-11762: - Thanks Priya > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10791) Unable to add product (of ASSET_USAGE type) in order
[ https://issues.apache.org/jira/browse/OFBIZ-10791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Priya Sharma updated OFBIZ-10791: - Attachment: OFBIZ-10791.patch > Unable to add product (of ASSET_USAGE type) in order > > > Key: OFBIZ-10791 > URL: https://issues.apache.org/jira/browse/OFBIZ-10791 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Release Branch 16.11, Release Branch 18.12, Release > Branch 17.12, Trunk >Reporter: Praveen Sharma >Assignee: Priya Sharma >Priority: Major > Labels: ASSET_USAGE, CONTRACT_RENEWAL, PURCHASE_RENTAL, > SALES_RENTAL > Attachments: OFBIZ-10791.patch, Screenshot from 2019-03-09 > 11-05-31.png, Screenshot from 2019-03-09 11-06-20.png, Screenshot from > 2019-03-09 11-06-36.png > > > Steps to regenerate: > # Login to URL: [https://demo-trunk.ofbiz.apache.org/ordermgr/control/main] > # Click on order entry > # Set customer and click on continue > # Click continue on Enter Order Currency, Agreements, and Ship Dates page > (Please refer attachment: 2-Continue) > # Try to add product from Quick Lookup. > Actual: Unable to add product for order. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128187#comment-17128187 ] Priya Sharma commented on OFBIZ-11762: -- Hi [~jleroux] I have updated the PR for plugins and I did not find similar occurrences in the framework component, so only created PR for the new utility method. [https://github.com/apache/ofbiz-framework/pull/194] > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ofbiz-framework] JacquesLeRoux commented on pull request #117: Improved: Update Data Sets (OFBIZ-6976)
JacquesLeRoux commented on pull request #117: URL: https://github.com/apache/ofbiz-framework/pull/117#issuecomment-640248142 Hi Pierre, Maybe because they improved the rules This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (OFBIZ-11752) CLONE - Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-11752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128142#comment-17128142
]
Aditya Sharma commented on OFBIZ-11752:
---
Hi [~jleroux],
Should I proceed with merging the PR?
> CLONE - Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-11752
> URL: https://issues.apache.org/jira/browse/OFBIZ-11752
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Aditya Sharma
>Assignee: Aditya Sharma
>Priority: Major
> Labels: Javascript, retire.js, vulnerabilities
>
> Trunk
> {code:java}
> /ofbiz-framework/plugins/solr/webapp/solr/js/require.js
> ↳ jquery 1.7.1
> jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708,
> bug: 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> https://nvd.nist.gov/vuln/detail/CVE-2012-6708
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> https://nvd.nist.gov/vuln/detail/CVE-2015-9251
> http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
> CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop
> CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of
> Object.prototype pollution;
> https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
> severity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may
> introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-cookies.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-resource.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS
> in $sanitize in Safari/Firefox;
> https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
> /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-route.min.js
> ↳ angularjs 1.3.8
> angularjs 1.3.8 has known vulnerabilities: severity: medium; summary:
> Prototype pollution;
> https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a
>
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19
> severity: medium; summary: The attribute usemap can be used as a security
> exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21
> severity: medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
>
[GitHub] [ofbiz-framework] priyasharma1 opened a new pull request #194: [Improved]: Overload groovy utility method to handle error logging with only throwable object as parameter. (OFBIZ-11762)
priyasharma1 opened a new pull request #194: URL: https://github.com/apache/ofbiz-framework/pull/194 (OFBIZ-11762) This will help us log errors even without passing a custom error message. Please refer PR https://github.com/apache/ofbiz-plugins/pull/24 Thanks: Jacques This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (OFBIZ-11304) Install a Checkstyle pre-push (on every committer machine?)
[ https://issues.apache.org/jira/browse/OFBIZ-11304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128133#comment-17128133 ] Aditya Sharma commented on OFBIZ-11304: --- Thanks [~jleroux] for trying out the solution! >> Allows a committer to push changes even if they increase the number of check >> style issues. Then we could use OFBIZ-11304 only. I have made the changes I suggested above and fixed the tasks.checkstyleMain.maxErrors value. Could you please try that once more? > Install a Checkstyle pre-push (on every committer machine?) > --- > > Key: OFBIZ-11304 > URL: https://issues.apache.org/jira/browse/OFBIZ-11304 > Project: OFBiz > Issue Type: Sub-task >Affects Versions: Trunk >Reporter: Jacques Le Roux >Priority: Minor > Fix For: Upcoming Branch > > > The ofbizTrunkFrameworkPlugins build fails when a lint error is detected by > the check gradle task. It's "hard" to exactly know from where lint errors > come among all still present. > I think we should rely on a Checkstyle pre-commit hook like > https://gist.github.com/davetron5000/37350 to complement > tasks.checkstyleMain.maxErrors. This pre-commit hook prevents to commit when > a lint error is present in the commit. > Every committer would have it installed locally and the problem would be gone > with some committers good will. I started a discussion about it at > https://markmail.org/message/guxbsvdkzky7gtdx. Jacopo made the same > proposition years ago: https://markmail.org/message/gkgmko4axj3vtnv3 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ofbiz-plugins] sonarcloud[bot] commented on pull request #24: WIP: [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762)
sonarcloud[bot] commented on pull request #24: URL: https://github.com/apache/ofbiz-plugins/pull/24#issuecomment-640490624 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_ofbiz-plugins=24) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_ofbiz-plugins=24=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-plugins=24=new_duplicated_lines_density=list) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [ofbiz-plugins] sonarcloud[bot] removed a comment on pull request #24: WIP: [Improved]: Use GroovyBaseScript's logging utility methods instead of using Debug (OFBIZ-11762)
sonarcloud[bot] removed a comment on pull request #24: URL: https://github.com/apache/ofbiz-plugins/pull/24#issuecomment-637986063 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-plugins=24=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_ofbiz-plugins=24) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_ofbiz-plugins=24=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-plugins=24=new_duplicated_lines_density=list) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (OFBIZ-11745) plugins in common-theme/webapp/common/js is not monitored by git
[ https://issues.apache.org/jira/browse/OFBIZ-11745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128086#comment-17128086 ] Olivier Heintz commented on OFBIZ-11745: hi Jacques, I mean /plugin/ after previous commit with plugin/* and other commit with plugin as submodule, plugin appear in my eclipse config, and so I generate a .gitignore update for directory plugins, the result was /plugins/ so I search and find that * plugins <= is for all file name plugins * plugins/ <= is for all directory name plugins * plugins/* <= is all files in a directory name plugins * /plugin/ <= the directory plugins in the root directory so my previous commit was wrong, the correct one should be /plugins/ > plugins in common-theme/webapp/common/js is not monitored by git > > > Key: OFBIZ-11745 > URL: https://issues.apache.org/jira/browse/OFBIZ-11745 > Project: OFBiz > Issue Type: Bug > Components: git >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Major > Fix For: Trunk > > > in .gitignore in root ofbiz directory there is plugins/ > so all directory plugins are ignored > if the line is replace by plugins/* only root directory plugins is ignored -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128075#comment-17128075 ] Pawan Verma commented on OFBIZ-11796: - +1 Suraj, looks good. > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11806) Create Jira components for web apps in components
[ https://issues.apache.org/jira/browse/OFBIZ-11806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128065#comment-17128065 ] Pierre Smits commented on OFBIZ-11806: -- Hey Jacques,, Works for me. IMO such place holders should be integrated into others more. > Create Jira components for web apps in components > - > > Key: OFBIZ-11806 > URL: https://issues.apache.org/jira/browse/OFBIZ-11806 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Reporter: Pierre Smits >Assignee: Jacques Le Roux >Priority: Major > Labels: refactoring, usability > > As per discussion in dev ml (see link), > Create Jira components web apps for all appropriate components: > * content > ** content > ** contentImages > * product > ** product/catalog > ** product/facility > * marketing > ** marketing/marketing > ** marketing/sfa > * workeffort > ** workeffort > ** ical > * assetmaint > ** assetmaint > ** ismgr -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128060#comment-17128060 ] Pierre Smits commented on OFBIZ-11796: -- Wel done, Suraj, I guess there may a lot more of these kinds of overlooked issues. > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11809) Access to the current screen from any widget element
[ https://issues.apache.org/jira/browse/OFBIZ-11809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128035#comment-17128035 ] Nicolas Malin commented on OFBIZ-11809: --- This patch [^OFBIZ-11808-OFBIZ-11809.patch] load the new class to manage the stack during the rendering, and add a UEL to call the stack directly from xml screen (usefull for the decorator) > Access to the current screen from any widget element > > > Key: OFBIZ-11809 > URL: https://issues.apache.org/jira/browse/OFBIZ-11809 > Project: OFBiz > Issue Type: Sub-task > Components: framework/widget >Affects Versions: Trunk >Reporter: Nicolas Malin >Priority: Major > Labels: screen, widget > Attachments: OFBIZ-11808-OFBIZ-11809.patch > > > During the rendering process, an element have no information on the screen > that it depend. This not really help to automatism some refresh treatment and > force the developer to know the screen structure where is the element. > To solve this situation we implement a new class, ScreenStack that permit at > every time for an element to identify who it depend. This help to resolve the > unique Id that the screen take and can be exploit by the theme. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11809) Access to the current screen from any widget element
[ https://issues.apache.org/jira/browse/OFBIZ-11809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin updated OFBIZ-11809: -- Attachment: OFBIZ-11808-OFBIZ-11809.patch > Access to the current screen from any widget element > > > Key: OFBIZ-11809 > URL: https://issues.apache.org/jira/browse/OFBIZ-11809 > Project: OFBiz > Issue Type: Sub-task > Components: framework/widget >Affects Versions: Trunk >Reporter: Nicolas Malin >Priority: Major > Labels: screen, widget > Attachments: OFBIZ-11808-OFBIZ-11809.patch > > > During the rendering process, an element have no information on the screen > that it depend. This not really help to automatism some refresh treatment and > force the developer to know the screen structure where is the element. > To solve this situation we implement a new class, ScreenStack that permit at > every time for an element to identify who it depend. This help to resolve the > unique Id that the screen take and can be exploit by the theme. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ofbiz-framework] JacquesLeRoux commented on pull request #150: OFBIZ-11468 Improved: Convert ShipmentReceiptServices.xml mini lang to groovy
JacquesLeRoux commented on pull request #150: URL: https://github.com/apache/ofbiz-framework/pull/150#issuecomment-640464452 Hi Wiebke, After a break, I'll continue to review, sorry for the delay. I agree with Pierre. It does not make sense to have directories with a single file named "as" the directory, like it's in XML currently. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127992#comment-17127992 ] Jacques Le Roux commented on OFBIZ-11762: - Yes please Priya, for logError too. > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11745) plugins in common-theme/webapp/common/js is not monitored by git
[ https://issues.apache.org/jira/browse/OFBIZ-11745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17128006#comment-17128006 ] Jacques Le Roux commented on OFBIZ-11745: - Hi Olivier, You say: bq. the correct value seem to be /plugin/ the first slash to exclude only at the root directory Do you mean /plugins/ or /plugins/* ? Could you explain more why? What did you cross? TIA > plugins in common-theme/webapp/common/js is not monitored by git > > > Key: OFBIZ-11745 > URL: https://issues.apache.org/jira/browse/OFBIZ-11745 > Project: OFBiz > Issue Type: Bug > Components: git >Affects Versions: Trunk >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Major > Fix For: Trunk > > > in .gitignore in root ofbiz directory there is plugins/ > so all directory plugins are ignored > if the line is replace by plugins/* only root directory plugins is ignored -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-11806) Create Jira components for web apps in components
[ https://issues.apache.org/jira/browse/OFBIZ-11806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-11806. --- Resolution: Done Hi Pierre, I did not create contentimage. It's mainly a placeholder, like ordermgr-js or some others are (see in Birt for instance). If ever an issue needs them we will create them then, thanks. > Create Jira components for web apps in components > - > > Key: OFBIZ-11806 > URL: https://issues.apache.org/jira/browse/OFBIZ-11806 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Reporter: Pierre Smits >Assignee: Jacques Le Roux >Priority: Major > Labels: refactoring, usability > > As per discussion in dev ml (see link), > Create Jira components web apps for all appropriate components: > * content > ** content > ** contentImages > * product > ** product/catalog > ** product/facility > * marketing > ** marketing/marketing > ** marketing/sfa > * workeffort > ** workeffort > ** ical > * assetmaint > ** assetmaint > ** ismgr -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127955#comment-17127955 ] Priya Sharma commented on OFBIZ-11762: -- Sure, Jacques. Please confirm, do we want to overload one more utility method to honour logError(e)?? I will update the PRs for framework and plugins both. > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11796) Unnecessary iterations for all productFacilities in setLastInventoryCount
[ https://issues.apache.org/jira/browse/OFBIZ-11796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127952#comment-17127952 ] Jacques Le Roux commented on OFBIZ-11796: - Hi Suraj, Weird that nobody thought about that before. I guess nobody crossed performance issue before, excellent spot Suraj: +1 for commit (only reviewed, but so simple I'm confident) > Unnecessary iterations for all productFacilities in setLastInventoryCount > - > > Key: OFBIZ-11796 > URL: https://issues.apache.org/jira/browse/OFBIZ-11796 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > Attachments: OFBIZ-11796.patch > > > In the service setLastInventoryCount, which updates lastInventoryCount for > product facility records, it works on inventoryItemDetail changes on > availableToPromiseDiff. > In parameter: InventoryItemId > So it should be updating productFacilities entertaining both productId and > facilityId of same inventoryItemId. > Currently, it it unnecessary updating all the facilities inventory on a > single inventory item update. > It can be major performance factor on a production system working highly on > inventory updates. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11762) Use GroovyBaseScript's logging utility methods instead of using Debug in each Groovy files
[ https://issues.apache.org/jira/browse/OFBIZ-11762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127942#comment-17127942 ] Jacques Le Roux commented on OFBIZ-11762: - Hi Priya, Yes indeed forgot the plugins. Could you please apply the same simplification than for framework before the merge? TIA > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > -- > > Key: OFBIZ-11762 > URL: https://issues.apache.org/jira/browse/OFBIZ-11762 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Priya Sharma >Priority: Minor > Fix For: Upcoming Branch > > > Use GroovyBaseScript's logging utility methods instead of using Debug in each > Groovy files > *Currently used:* Debug.logError(MESSAGE) > *Proposed Use:* logError(MESSAGE) > > It will benefit us to remove the module from each groovy file as it is > already handled in GroovyBaseScript. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-8459) InventoryItemStatus is not updated to INV_PROMISED status while creating sales order for serialized product
[ https://issues.apache.org/jira/browse/OFBIZ-8459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17127920#comment-17127920 ] Pawan Verma commented on OFBIZ-8459: Thanks, Jacques. It got messy and I tried to revert it, Idk what happened. Commit [https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=3a4d227] Anyways, thanks again for taking care of it :) > InventoryItemStatus is not updated to INV_PROMISED status while creating > sales order for serialized product > --- > > Key: OFBIZ-8459 > URL: https://issues.apache.org/jira/browse/OFBIZ-8459 > Project: OFBiz > Issue Type: Bug > Components: product >Affects Versions: Release Branch 14.12, Release Branch 15.12, Trunk >Reporter: Vaibhav Jain >Assignee: Pawan Verma >Priority: Major > Fix For: 18.12.01, 17.12.04 > > Attachments: OFBIZ-8459.patch, OFBIZ-8459.patch > > > Steps to regenerate the issue: > # Create a serialized product and receive single inventory item (feed serial > number) of the specific product. > # Check the status of the inventory item in InventoryItem and > InventoryItemStatus entities it should be INV_AVAILABLE. > # Create sales order of this serialized product. > # Status of the inventory item in InventoryItem entity is changed to > 'INV_PROMISED' but InventoryItemStatus entity still shows 'INV_AVAILABLE'. > Expected : > In InventoryItemStatus current status should also be 'INV_PROMISED' as of > InventoryItem. -- This message was sent by Atlassian Jira (v8.3.4#803005)
