This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 67fbf13e9b Updated several (transitive) dependencies (OFBIZ-13123)
(#819)
67fbf13e9b is described below
commit 67fbf13e9b4e12401cd593ceae34c78e7e7fa721
Author: Danny Trunk <[email protected]>
AuthorDate: Mon Oct 14 11:38:16 2024 +0200
Updated several (transitive) dependencies (OFBIZ-13123) (#819)
* Fixed: Corrections based on Checkstyle errors
* Improved: Upgrade to gradle 8.8
* Revert "Improved: Abandon the Gradle Owasp dependencycheck task
(OFBIZ-13121)"
NVD REST API isn't stable but that shouldn't be the reason to abandon this
feature.
This reverts commit 0a9ee32539a6abe1c3e5d2805fb03df1e8d98144.
* Improved: Update org.owasp.dependencycheck to 10.0.2
* Improved: Set checkstyle.toolVersion
* Improved: Add guava as dependency
It's used in the OFBiz codebase so this should be added as a dependency
* Improved: Update esapi to 2.5.4.0
* Improved: Update jackson-databind to 2.17.1
* Improved: Update derby to 10.16.1.1
* Fixed: Corrections based on Checkstyle errors
* Improved: Update clojure to 1.11.3
* Improved: Update transitive dependency mime4j to 0.8.10
* Improved: Update fop to 2.9
* Improved: Update tika parsers to 2.9.2
* Improved: Update transitive dependency bcprov-jdk18on to 1.78
* Improved: Update Apache CXF Runtime JAX-RS Frontend to 3.6.3
* Improved: Update jdom to 2.0.6.1
* Improved: Update ez-vcard to 0.12.1
* Improved: Update poi to 5.3.0
* Improved: Update Apache MINA sshd to 2.13.1
* Improved: Update Groovy to 4.0.22
* Improved: Update transitive dependency testng to 7.7.0
* Improved: Update Asciidoctor Gradle Plugin to 4.0.2
* Improved: Update Apache CXF Runtime JAX-RS Frontend to 3.6.4
* Improved: Update Apache PDFBox to 2.0.32
---------
Co-authored-by: Jacques Le Roux <[email protected]>
---
README.adoc | 10 +
.../payment/GiftCertificateServices.java | 4 +-
.../thirdparty/gosoftware/RitaServices.java | 2 +-
.../thirdparty/valuelink/ValueLinkServices.java | 4 +-
.../ofbiz/content/ContentManagementServices.java | 2 +-
.../content/webapp/ftl/RenderContentAsText.java | 2 +-
.../content/webapp/ftl/RenderSubContentAsText.java | 2 +-
.../webapp/ftl/RenderSubContentCacheTransform.java | 2 +-
.../manufacturing/techdata/TechDataServices.java | 2 +-
.../java/org/apache/ofbiz/sfa/vcard/VCard.java | 2 +-
.../ofbiz/order/shoppingcart/CheckOutEvents.java | 2 +-
.../order/shoppinglist/ShoppingListEvents.java | 2 +-
.../ofbiz/party/contact/ContactMechServices.java | 2 +-
.../apache/ofbiz/party/party/PartyServices.java | 4 +-
.../org/apache/ofbiz/product/image/ScaleImage.java | 2 +-
.../ofbiz/product/imagemanagement/FrameImage.java | 2 +-
.../imagemanagement/ImageManagementServices.java | 2 +-
.../ofbiz/product/product/ProductServices.java | 6 +-
build.gradle | 28 ++-
dependencies.gradle | 46 ++--
.../org/apache/ofbiz/base/test/SimpleTests.groovy | 4 +-
.../ofbiz/base/conversion/BooleanConverters.java | 2 +-
.../java/org/apache/ofbiz/base/util/SSLUtil.java | 2 +-
.../org/apache/ofbiz/base/util/URLConnector.java | 2 +-
.../org/apache/ofbiz/base/util/UtilDateTime.java | 2 +-
.../java/org/apache/ofbiz/base/util/UtilMisc.java | 2 +-
.../org/apache/ofbiz/base/util/UtilProperties.java | 4 +-
.../apache/ofbiz/common/email/EmailServices.java | 3 +-
.../org/apache/ofbiz/entity/GenericEntity.java | 2 +-
.../org/apache/ofbiz/entity/util/EntityQuery.java | 8 +-
.../ofbiz/service/test/ServicePurgeTest.groovy | 4 +-
.../org/apache/ofbiz/service/job/JobPoller.java | 4 +-
...ScriptTestCase.java => GroovyScriptAssert.java} | 4 +-
.../org/apache/ofbiz/testtools/ModelTestSuite.java | 6 +-
.../widget/artifact/ArtifactInfoGatherer.java | 2 +-
.../apache/ofbiz/widget/model/ModelFormField.java | 4 +-
.../ofbiz/widget/model/ModelScreenCondition.java | 2 +-
gradle/wrapper/gradle-wrapper.properties | 3 +-
gradlew | 269 +++++++++++++--------
gradlew.bat | 34 +--
40 files changed, 289 insertions(+), 202 deletions(-)
diff --git a/README.adoc b/README.adoc
index ddb2ff7b06..36207dc5e4 100644
--- a/README.adoc
+++ b/README.adoc
@@ -649,6 +649,16 @@ want to silence them
`gradlew -PXlint:none build`
+[[run-owasp-tool-to-identify-dependency-vulnerabilities-cves]]
+==== Run OWASP tool to identify dependency vulnerabilities (CVEs)
+
+The below command activates a gradle plugin (OWASP) and Identifies and reports
+known vulnerabilities (CVEs) in OFBiz library dependencies. The task takes time
+to complete, and once done, a report will be generated in
+$OFBIZ_HOME/build/reports/dependency-check-report.html
+
+`gradlew -PenableOwasp dependencyCheckAnalyze`
+
[[setup-eclipse-project-for-ofbiz]]
==== Setup eclipse project for OFBiz
diff --git
a/applications/accounting/src/main/java/org/apache/ofbiz/accounting/payment/GiftCertificateServices.java
b/applications/accounting/src/main/java/org/apache/ofbiz/accounting/payment/GiftCertificateServices.java
index 81050d6f45..fd8f775426 100644
---
a/applications/accounting/src/main/java/org/apache/ofbiz/accounting/payment/GiftCertificateServices.java
+++
b/applications/accounting/src/main/java/org/apache/ofbiz/accounting/payment/GiftCertificateServices.java
@@ -827,8 +827,8 @@ public class GiftCertificateServices {
String orderEmails = orh.getOrderEmailString();
String copyMeField = giftCertSettings.getString("purchSurveyCopyMe");
String copyMeResp = copyMeField != null ? (String)
answerMap.get(copyMeField) : null;
- boolean copyMe = (UtilValidate.isNotEmpty(copyMeField)
- && UtilValidate.isNotEmpty(copyMeResp) &&
"true".equalsIgnoreCase(copyMeResp)) ? true : false;
+ boolean copyMe = UtilValidate.isNotEmpty(copyMeField)
+ && UtilValidate.isNotEmpty(copyMeResp) &&
"true".equalsIgnoreCase(copyMeResp);
int qtyLoop = quantity.intValue();
for (int i = 0; i < qtyLoop; i++) {
diff --git
a/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/gosoftware/RitaServices.java
b/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/gosoftware/RitaServices.java
index a6ae5278e6..c49475d78b 100644
---
a/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/gosoftware/RitaServices.java
+++
b/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/gosoftware/RitaServices.java
@@ -454,7 +454,7 @@ public class RitaServices {
} catch (RuntimeException e) {
Debug.logError(e, MODULE);
}
- boolean ssl = "Y".equals(props.getProperty("ssl", "N")) ? true : false;
+ boolean ssl = "Y".equals(props.getProperty("ssl", "N"));
RitaApi api = null;
if (port > 0 && host != null) {
diff --git
a/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/valuelink/ValueLinkServices.java
b/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/valuelink/ValueLinkServices.java
index 1bf44d749d..7d33fc5702 100644
---
a/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/valuelink/ValueLinkServices.java
+++
b/applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/valuelink/ValueLinkServices.java
@@ -1111,8 +1111,8 @@ public class ValueLinkServices {
String orderEmails = orh.getOrderEmailString();
String copyMeField =
EntityUtilProperties.getPropertyValue(paymentConfig,
"payment.giftcert.purchase.survey.copyMe", delegator);
String copyMeResp = copyMeField != null ? (String)
answerMap.get(copyMeField) : null;
- boolean copyMe = (UtilValidate.isNotEmpty(copyMeField)
- && UtilValidate.isNotEmpty(copyMeResp) &&
"true".equalsIgnoreCase(copyMeResp)) ? true : false;
+ boolean copyMe = UtilValidate.isNotEmpty(copyMeField)
+ && UtilValidate.isNotEmpty(copyMeResp) &&
"true".equalsIgnoreCase(copyMeResp);
int qtyLoop = quantity.intValue();
for (int i = 0; i < qtyLoop; i++) {
diff --git
a/applications/content/src/main/java/org/apache/ofbiz/content/ContentManagementServices.java
b/applications/content/src/main/java/org/apache/ofbiz/content/ContentManagementServices.java
index 7fdaac8529..b4796e70cd 100644
---
a/applications/content/src/main/java/org/apache/ofbiz/content/ContentManagementServices.java
+++
b/applications/content/src/main/java/org/apache/ofbiz/content/ContentManagementServices.java
@@ -816,7 +816,7 @@ public class ContentManagementServices {
}
pkFields.put(fieldName, fieldValue);
}
- boolean doLink = (action != null && "Y".equalsIgnoreCase(action)) ?
true : false;
+ boolean doLink = "Y".equalsIgnoreCase(action);
if (Debug.infoOn()) {
Debug.logInfo("in updateOrRemove, context:" + context, MODULE);
}
diff --git
a/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderContentAsText.java
b/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderContentAsText.java
index 27ad2a37d2..6671698995 100644
---
a/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderContentAsText.java
+++
b/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderContentAsText.java
@@ -76,7 +76,7 @@ public class RenderContentAsText implements
TemplateTransformModel {
}
final String thisContentId = (String) templateRoot.get("contentId");
final String xmlEscape = (String) templateRoot.get("xmlEscape");
- final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId)
? true : false;
+ final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId);
if (Debug.verboseOn()) {
Debug.logVerbose("in Render(0), directAssocMode ." +
directAssocMode, MODULE);
}
diff --git
a/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentAsText.java
b/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentAsText.java
index 9b72309245..879192e498 100644
---
a/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentAsText.java
+++
b/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentAsText.java
@@ -75,7 +75,7 @@ public class RenderSubContentAsText implements
TemplateTransformModel {
if (Debug.infoOn()) {
Debug.logInfo("in Render(0), thisSubContentId ." + thisContentId,
MODULE);
}
- final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId)
? true : false;
+ final boolean directAssocMode = UtilValidate.isNotEmpty(thisContentId);
if (Debug.infoOn()) {
Debug.logInfo("in Render(0), directAssocMode ." + directAssocMode,
MODULE);
}
diff --git
a/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentCacheTransform.java
b/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentCacheTransform.java
index 4d1d2f57db..b4fd54e336 100644
---
a/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentCacheTransform.java
+++
b/applications/content/src/main/java/org/apache/ofbiz/content/webapp/ftl/RenderSubContentCacheTransform.java
@@ -73,7 +73,7 @@ public class RenderSubContentCacheTransform implements
TemplateTransformModel {
String strNullThruDatesOnly = (String)
templateRoot.get("nullThruDatesOnly");
Boolean nullThruDatesOnly = (strNullThruDatesOnly != null &&
"true".equalsIgnoreCase(strNullThruDatesOnly)) ? Boolean.TRUE : Boolean.FALSE;
String thisSubContentId = (String) templateRoot.get("subContentId");
- final boolean directAssocMode =
UtilValidate.isNotEmpty(thisSubContentId) ? true : false;
+ final boolean directAssocMode =
UtilValidate.isNotEmpty(thisSubContentId);
GenericValue val = null;
try {
val = ContentWorker.getCurrentContent(delegator, trail, userLogin,
templateRoot, nullThruDatesOnly, contentAssocPredicateId);
diff --git
a/applications/manufacturing/src/main/java/org/apache/ofbiz/manufacturing/techdata/TechDataServices.java
b/applications/manufacturing/src/main/java/org/apache/ofbiz/manufacturing/techdata/TechDataServices.java
index a6cf80503a..3525b12fa3 100644
---
a/applications/manufacturing/src/main/java/org/apache/ofbiz/manufacturing/techdata/TechDataServices.java
+++
b/applications/manufacturing/src/main/java/org/apache/ofbiz/manufacturing/techdata/TechDataServices.java
@@ -119,7 +119,7 @@ public class TechDataServices {
Timestamp thruDate = (Timestamp) context.get("thruDate");
String create = (String) context.get("create");
- boolean createProcess = (create != null && "Y".equals(create)) ? true
: false;
+ boolean createProcess = "Y".equals(create);
List<GenericValue> listRoutingTaskAssoc = null;
try {
diff --git
a/applications/marketing/src/main/java/org/apache/ofbiz/sfa/vcard/VCard.java
b/applications/marketing/src/main/java/org/apache/ofbiz/sfa/vcard/VCard.java
index 62b6df9d60..3c251745ca 100644
--- a/applications/marketing/src/main/java/org/apache/ofbiz/sfa/vcard/VCard.java
+++ b/applications/marketing/src/main/java/org/apache/ofbiz/sfa/vcard/VCard.java
@@ -295,7 +295,7 @@ public class VCard {
}
String saveToFilename = fullName + ".vcf";
file = FileUtil.getFile(saveToDirectory + "/" + saveToFilename);
- Ezvcard.write(vcard).go(file);
+ Ezvcard.write(vcard).go(file.toPath());
} catch (FileNotFoundException e) {
Debug.logError(e, MODULE);
return ServiceUtil.returnError(UtilProperties.getMessage(RES_ERROR,
diff --git
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java
index d51273f19a..b7a0864b6f 100644
---
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java
+++
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java
@@ -1050,7 +1050,7 @@ public class CheckOutEvents {
requireTerm = requireTermStr == null ||
"true".equalsIgnoreCase(requireTermStr);
}
requireAdditionalParty = requireAdditionalPartyStr == null ||
"true".equalsIgnoreCase(requireAdditionalPartyStr);
- isSingleUsePayment = singleUsePaymentStr != null &&
"Y".equalsIgnoreCase(singleUsePaymentStr) ? true : false;
+ isSingleUsePayment = "Y".equalsIgnoreCase(singleUsePaymentStr);
}
boolean shippingAddressSet = true;
diff --git
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
index dbc98caa17..94cdc374c3 100644
---
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
+++
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
@@ -535,7 +535,7 @@ public class ShoppingListEvents {
// check to see if we are okay to load this list
java.sql.Timestamp lastLoad = cart.getLastListRestore();
- boolean okayToLoad = autoSaveListId == null ? false : (lastLoad ==
null ? true : false);
+ boolean okayToLoad = autoSaveListId != null && lastLoad == null;
if (!okayToLoad && lastLoad != null) {
GenericValue shoppingList = null;
try {
diff --git
a/applications/party/src/main/java/org/apache/ofbiz/party/contact/ContactMechServices.java
b/applications/party/src/main/java/org/apache/ofbiz/party/contact/ContactMechServices.java
index 836ed25cf6..6ca63efdf6 100644
---
a/applications/party/src/main/java/org/apache/ofbiz/party/contact/ContactMechServices.java
+++
b/applications/party/src/main/java/org/apache/ofbiz/party/contact/ContactMechServices.java
@@ -903,7 +903,7 @@ public class ContactMechServices {
}
}
Boolean bShowOld = (Boolean) context.get("showOld");
- boolean showOld = (bShowOld != null && bShowOld) ? true : false;
+ boolean showOld = Boolean.TRUE.equals(bShowOld);
String contactMechTypeId = (String) context.get("contactMechTypeId");
List<Map<String, Object>> valueMaps =
ContactMechWorker.getPartyContactMechValueMaps(delegator, partyId, showOld,
contactMechTypeId);
result.put("valueMaps", valueMaps);
diff --git
a/applications/party/src/main/java/org/apache/ofbiz/party/party/PartyServices.java
b/applications/party/src/main/java/org/apache/ofbiz/party/party/PartyServices.java
index 929a41368f..5b2ea3147e 100644
---
a/applications/party/src/main/java/org/apache/ofbiz/party/party/PartyServices.java
+++
b/applications/party/src/main/java/org/apache/ofbiz/party/party/PartyServices.java
@@ -2262,8 +2262,8 @@ public class PartyServices {
String searchPartyFirstContext = (String)
context.get("searchPartyFirst");
String searchAllIdContext = (String) context.get("searchAllId");
- boolean searchPartyFirst =
UtilValidate.isNotEmpty(searchPartyFirstContext) &&
"N".equals(searchPartyFirstContext) ? false : true;
- boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) &&
"Y".equals(searchAllIdContext) ? true : false;
+ boolean searchPartyFirst =
!UtilValidate.isNotEmpty(searchPartyFirstContext) ||
!"N".equals(searchPartyFirstContext);
+ boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) &&
"Y".equals(searchAllIdContext);
GenericValue party = null;
List<GenericValue> partiesFound = null;
diff --git
a/applications/product/src/main/java/org/apache/ofbiz/product/image/ScaleImage.java
b/applications/product/src/main/java/org/apache/ofbiz/product/image/ScaleImage.java
index 92ac0fa332..c7c9ac49bd 100644
---
a/applications/product/src/main/java/org/apache/ofbiz/product/image/ScaleImage.java
+++
b/applications/product/src/main/java/org/apache/ofbiz/product/image/ScaleImage.java
@@ -42,7 +42,7 @@ import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.util.EntityUtilProperties;
import org.apache.ofbiz.service.ModelService;
import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
/**
* ScaleImage Class
diff --git
a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/FrameImage.java
b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/FrameImage.java
index d1873d1760..6eddce884f 100644
---
a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/FrameImage.java
+++
b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/FrameImage.java
@@ -62,7 +62,7 @@ import org.apache.ofbiz.service.DispatchContext;
import org.apache.ofbiz.service.GenericServiceException;
import org.apache.ofbiz.service.LocalDispatcher;
import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
public class FrameImage {
diff --git
a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
index a3f44bf3ed..2c5e35e73e 100644
---
a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
+++
b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
@@ -58,7 +58,7 @@ import org.apache.ofbiz.service.GenericServiceException;
import org.apache.ofbiz.service.LocalDispatcher;
import org.apache.ofbiz.service.ModelService;
import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
/**
* Product Services
diff --git
a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
index 5999991364..e5b546f071 100644
---
a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
+++
b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
@@ -65,7 +65,7 @@ import org.apache.ofbiz.service.GenericServiceException;
import org.apache.ofbiz.service.LocalDispatcher;
import org.apache.ofbiz.service.ModelService;
import org.apache.ofbiz.service.ServiceUtil;
-import org.jdom.JDOMException;
+import org.jdom2.JDOMException;
/**
* Product Services
@@ -1300,8 +1300,8 @@ public class ProductServices {
String searchProductFirstContext = (String)
context.get("searchProductFirst");
String searchAllIdContext = (String) context.get("searchAllId");
- boolean searchProductFirst =
UtilValidate.isNotEmpty(searchProductFirstContext) &&
"N".equals(searchProductFirstContext) ? false : true;
- boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) &&
"Y".equals(searchAllIdContext) ? true : false;
+ boolean searchProductFirst =
!UtilValidate.isNotEmpty(searchProductFirstContext) ||
!"N".equals(searchProductFirstContext);
+ boolean searchAllId = UtilValidate.isNotEmpty(searchAllIdContext) &&
"Y".equals(searchAllIdContext);
GenericValue product = null;
List<GenericValue> productsFound = null;
diff --git a/build.gradle b/build.gradle
index d5d20c61aa..66d4a1dc51 100644
--- a/build.gradle
+++ b/build.gradle
@@ -29,9 +29,9 @@ plugins {
id 'checkstyle'
id 'codenarc'
id 'maven-publish'
- id 'org.asciidoctor.jvm.convert' version '3.3.2' // 4.0.2 does not compile
- id 'org.asciidoctor.jvm.pdf' version '3.3.2' // 4.0.2 does not compile
- id 'org.owasp.dependencycheck' version '9.0.9' apply false //Not tested
after 7.4.4
+ id 'org.asciidoctor.jvm.convert' version '4.0.2'
+ id 'org.asciidoctor.jvm.pdf' version '4.0.2'
+ id 'org.owasp.dependencycheck' version '10.0.2' apply false
id 'se.patrikerdes.use-latest-versions' version '0.2.18' apply false
id 'com.github.ben-manes.versions' version '0.51.0' apply false
id "com.github.ManifestClasspath" version "0.1.0-RELEASE"
@@ -39,6 +39,18 @@ plugins {
id "com.github.node-gradle.node" version '7.0.2' apply false
}
+/* OWASP plugin
+ *
+ * If project property "enableOwasp" is flagged then
+ * gradle will download required dependencies and
+ * activate Gradle's OWASP plugin and its related tasks.
+ *
+ * Syntax: gradlew -PenableOwasp dependencyCheckAnalyze
+ */
+if (project.hasProperty('enableOwasp')) {
+ apply plugin: 'org.owasp.dependencycheck'
+}
+
/* DependencyUpdates plugin
*
* If project property "enableDependencyUpdates" is flagged then
@@ -94,7 +106,7 @@ javadoc {
links(
'https://docs.oracle.com/javase/17/docs/api',
'https://tomcat.apache.org/tomcat-9.0-doc/servletapi/',
- 'http://docs.groovy-lang.org/docs/groovy-3.0.20/html/api',
+ 'http://docs.groovy-lang.org/docs/groovy-4.0.22/html/api',
'https://commons.apache.org/proper/commons-cli/apidocs'
)
}
@@ -276,8 +288,12 @@ checkstyle {
// 'checkstyle' tool present in the framework and in the official
// plugins.
tasks.checkstyleMain.maxErrors = 0
+ // Increase memory for checkstyleMain required for Gradle 8+.
+ tasks.checkstyleMain.maxHeapSize = '1g'
// Currently there are no errors so we can show new one when they appear
showViolations = true
+ // Specify tool version so we can keep it up-to-date
+ toolVersion = '10.17.0'
}
gitHooks {
hooks = ['pre-push': 'checkstyleMain codenarcMain codenarcTest']
@@ -492,8 +508,8 @@ task createTenant(group: ofbizServer, description: 'Create
a new tenant in your
// ========== Documentation tasks ==========
tasks.withType(AsciidoctorTask) { task ->
- inProcess = JAVA_EXEC
- forkOptions {
+ executionMode = JAVA_EXEC
+ jvm {
jvmArgs("--add-opens","java.base/sun.nio.ch=ALL-UNNAMED","--add-opens","java.base/java.io=ALL-UNNAMED")
}
outputOptions {
diff --git a/dependencies.gradle b/dependencies.gradle
index 38f4138979..3601c21633 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -18,9 +18,10 @@
*/
dependencies {
implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
+ implementation 'com.google.guava:guava:33.2.1-jre'
implementation 'com.google.zxing:core:3.5.3'
implementation
'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
- implementation 'com.googlecode.ez-vcard:ez-vcard:0.11.3' // 0.12.1 does
not compile
+ implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.1'
implementation
'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20220608.1'
implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.31'
implementation 'com.ibm.icu:icu4j:74.2'
@@ -51,35 +52,34 @@ dependencies {
implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
implementation 'org.apache.logging.log4j:log4j-api:2.20.0' // the API of
log4j 2
implementation 'org.apache.logging.log4j:log4j-core:2.20.0' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
- implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'.
Received status code 401 from server
- implementation 'org.apache.pdfbox:pdfbox:2.0.31' // 3.0.1 does not compile
+ implementation 'org.apache.poi:poi:5.3.0'
+ implementation 'org.apache.pdfbox:pdfbox:2.0.32' // 3.0.1 does not compile
implementation 'org.apache.shiro:shiro-core:1.13.0'
implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.0'
- implementation 'org.apache.sshd:sshd-core:2.10.0'
- implementation 'org.apache.sshd:sshd-sftp:2.10.0'
+ implementation 'org.apache.sshd:sshd-core:2.13.1'
+ implementation 'org.apache.sshd:sshd-sftp:2.13.1'
implementation 'org.apache.tika:tika-core:2.9.2'
- implementation 'org.apache.tika:tika-parsers:2.5.0'
- implementation 'org.apache.tika:tika-parser-pdf-module:2.5.0'
- implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.5.6' // 4.0.3 does
not compile
+ implementation 'org.apache.tika:tika-parsers:2.9.2'
+ implementation 'org.apache.tika:tika-parser-pdf-module:2.9.2'
+ implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.6.4' // 4.x+
requires javax.xml.bind -> jakarta.xml.bind namespace change
implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.91' // Remember
to change the version number (9 now) in javadoc block if needed.
implementation 'org.apache.tomcat:tomcat-jasper:9.0.91'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
implementation 'org.apache.xmlgraphics:batik-anim:1.17'
implementation 'org.apache.xmlgraphics:batik-util:1.17'
implementation 'org.apache.xmlgraphics:batik-bridge:1.17'
- implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4
dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle
- implementation 'org.clojure:clojure:1.11.1'
- implementation 'org.codehaus.groovy:groovy-all:3.0.21'
+ implementation 'org.apache.xmlgraphics:fop:2.9'
+ implementation 'org.clojure:clojure:1.11.3'
+ implementation 'org.apache.groovy:groovy-all:4.0.22'
implementation 'org.freemarker:freemarker:2.3.34-SNAPSHOT' // Remember to
change the version number in FreeMarkerWorker class when upgrading. See
OFBIZ-10019 if >= 2.4
-
- implementation 'org.owasp.esapi:esapi:2.5.3.1'
+ implementation 'org.owasp.esapi:esapi:2.5.4.0'
implementation 'org.cyberneko:html:1.9.8'
implementation 'org.springframework:spring-test:5.3.29' // 6.1.4 does not
compile
- implementation 'com.fasterxml.jackson.core:jackson-databind:2.15.2'
+ implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.1'
implementation 'oro:oro:2.0.8'
implementation 'wsdl4j:wsdl4j:1.6.3'
implementation 'com.auth0:java-jwt:4.4.0'
- implementation 'org.jdom:jdom:1.1.3' // don't upgrade above 1.1.3, makes a
lot of not obvious and useless complications, see last commits of OFBIZ-12092
for more
+ implementation 'org.jdom:jdom2:2.0.6.1'
implementation 'com.google.re2j:re2j:1.7'
implementation 'xerces:xercesImpl:2.12.2'
implementation('org.mustangproject:library:2.8.0') { // 2.10.0 did not
work, cf. OFBIZ-12920
(https://github.com/apache/ofbiz-framework/pull/712#issuecomment-1968960963)
@@ -98,7 +98,8 @@ dependencies {
runtimeOnly 'net.sf.barcode4j:barcode4j:2.1'
runtimeOnly 'org.apache.axis2:axis2-transport-http:1.8.2'
runtimeOnly 'org.apache.axis2:axis2-transport-local:1.8.2'
- runtimeOnly 'org.apache.derby:derby:10.14.2.0' // 10.17.1.0 does not
compile
+ runtimeOnly 'org.apache.derby:derby:10.16.1.1' // 10.17.x.x requires Java
21
+ runtimeOnly 'org.apache.derby:derbytools:10.16.1.1' // 10.17.x.x requires
Java 21
runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1'
runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.20.0' // for
external jars using the old log4j1.2: routes logging to log4j 2
runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.20.0' // for external
jars using the java.util.logging: routes logging to log4j 2
@@ -108,4 +109,17 @@ dependencies {
// specify last codenarc version for java 17 compliance
codenarc('org.codenarc:CodeNarc:3.4.0')
+
+ // use constraints to update transitive dependencies
+ constraints {
+ implementation('org.apache.james:apache-mime4j-core:0.8.10') {
+ because 'CVE-2024-21742'
+ }
+ implementation('org.bouncycastle:bcprov-jdk18on:1.78') {
+ because 'CVE-2024-29857, CVE-2024-30171, CVE-2024-30172,
CVE-2024-34447'
+ }
+ implementation('org.testng:testng:7.7.0') {
+ because 'CVE-2022-4065'
+ }
+ }
}
diff --git
a/framework/base/src/main/groovy/org/apache/ofbiz/base/test/SimpleTests.groovy
b/framework/base/src/main/groovy/org/apache/ofbiz/base/test/SimpleTests.groovy
index edec636c55..8ca4ff0cd6 100644
---
a/framework/base/src/main/groovy/org/apache/ofbiz/base/test/SimpleTests.groovy
+++
b/framework/base/src/main/groovy/org/apache/ofbiz/base/test/SimpleTests.groovy
@@ -18,12 +18,12 @@
*/
package org.apache.ofbiz.base.test
-import org.apache.ofbiz.testtools.GroovyScriptTestCase
+import org.apache.ofbiz.testtools.GroovyScriptAssert
/**
* Class validating groovy scripts test engine.
*/
-class SimpleTests extends GroovyScriptTestCase {
+class SimpleTests extends GroovyScriptAssert {
void testTrue() {
assert 1 + 1 == 2
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/conversion/BooleanConverters.java
b/framework/base/src/main/java/org/apache/ofbiz/base/conversion/BooleanConverters.java
index 163d7b7a3e..16568997e3 100644
---
a/framework/base/src/main/java/org/apache/ofbiz/base/conversion/BooleanConverters.java
+++
b/framework/base/src/main/java/org/apache/ofbiz/base/conversion/BooleanConverters.java
@@ -63,7 +63,7 @@ public class BooleanConverters implements ConverterLoader {
@Override
public Boolean convert(Integer obj) throws ConversionException {
- return obj == 0 ? false : true;
+ return obj != 0;
}
}
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java
index 24b5c100e7..2f8596f3ca 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java
@@ -68,7 +68,7 @@ public final class SSLUtil {
SSLUtil.loadJsseProperties();
}
- private static class TrustAnyManager implements X509TrustManager {
+ private static final class TrustAnyManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] certs, String string)
throws CertificateException {
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/URLConnector.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/URLConnector.java
index 7855c3b8b1..dc4c31de8e 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/URLConnector.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/URLConnector.java
@@ -117,7 +117,7 @@ public class URLConnector {
}
// special thread to open the connection
- private class URLConnectorThread implements Runnable {
+ private final class URLConnectorThread implements Runnable {
@Override
public void run() {
URLConnection con = null;
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilDateTime.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilDateTime.java
index 9ced64d53a..ded8bc626e 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilDateTime.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilDateTime.java
@@ -1019,7 +1019,7 @@ public final class UtilDateTime {
}
// Private lazy-initializer class
- private static class TimeZoneHolder {
+ private static final class TimeZoneHolder {
private static final List<TimeZone> AVAIL_TIME_ZONE_LIST =
getTimeZones();
private static List<TimeZone> getTimeZones() {
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilMisc.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilMisc.java
index 878f222f6c..d14536361a 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilMisc.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilMisc.java
@@ -674,7 +674,7 @@ public final class UtilMisc {
}
// Private lazy-initializer class
- private static class LocaleHolder {
+ private static final class LocaleHolder {
private static final List<Locale> AVAIL_LOCALE_LIST =
getAvailableLocaleList();
private static List<Locale> getAvailableLocaleList() {
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilProperties.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilProperties.java
index e2f8fea9ab..75b7c88f89 100644
---
a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilProperties.java
+++
b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilProperties.java
@@ -725,7 +725,7 @@ public final class UtilProperties implements Serializable {
// ========= Classes and Methods for expanded Properties file support
========== //
// Private lazy-initializer class
- private static class FallbackLocaleHolder {
+ private static final class FallbackLocaleHolder {
private static final Locale FALLBACK_LOCALE = getFallbackLocale();
private static Locale getFallbackLocale() {
@@ -771,7 +771,7 @@ public final class UtilProperties implements Serializable {
}
// Private lazy-initializer class
- private static class CandidateLocalesHolder {
+ private static final class CandidateLocalesHolder {
private static Set<Locale> defaultCandidateLocales =
getDefaultCandidateLocales();
private static Set<Locale> getDefaultCandidateLocales() {
diff --git
a/framework/common/src/main/java/org/apache/ofbiz/common/email/EmailServices.java
b/framework/common/src/main/java/org/apache/ofbiz/common/email/EmailServices.java
index 6bbc5ae842..659bedc280 100644
---
a/framework/common/src/main/java/org/apache/ofbiz/common/email/EmailServices.java
+++
b/framework/common/src/main/java/org/apache/ofbiz/common/email/EmailServices.java
@@ -208,8 +208,7 @@ public class EmailServices {
socketFactoryFallback =
EntityUtilProperties.getPropertyValue("general",
"mail.smtp.socketFactory.fallback", "false", delegator);
}
if (sendPartial == null) {
- sendPartial =
EntityUtilProperties.propertyValueEqualsIgnoreCase("general",
"mail.smtp.sendpartial", "true", delegator)
- ? true : false;
+ sendPartial =
EntityUtilProperties.propertyValueEqualsIgnoreCase("general",
"mail.smtp.sendpartial", "true", delegator);
}
if (isStartTLSEnabled == null) {
isStartTLSEnabled =
EntityUtilProperties.propertyValueEqualsIgnoreCase("general",
"mail.smtp.starttls.enable", "true", delegator);
diff --git
a/framework/entity/src/main/java/org/apache/ofbiz/entity/GenericEntity.java
b/framework/entity/src/main/java/org/apache/ofbiz/entity/GenericEntity.java
index e2b94edaf5..50a5ed227d 100644
--- a/framework/entity/src/main/java/org/apache/ofbiz/entity/GenericEntity.java
+++ b/framework/entity/src/main/java/org/apache/ofbiz/entity/GenericEntity.java
@@ -1772,7 +1772,7 @@ public class GenericEntity implements Map<String,
Object>, LocalizedMap<Object>,
* @return the boolean
*/
public boolean originalDbValuesAvailable() {
- return this.originalDbValues != null ? true : false;
+ return this.originalDbValues != null;
}
/**
diff --git
a/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityQuery.java
b/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityQuery.java
index 8da955250c..2fae14bfa0 100644
---
a/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityQuery.java
+++
b/framework/entity/src/main/java/org/apache/ofbiz/entity/util/EntityQuery.java
@@ -107,7 +107,7 @@ public class EntityQuery {
* @param fields - Strings containing the field names to be selected
* @return this EntityQuery object, to enable chaining
*/
- public EntityQuery select(String...fields) {
+ public EntityQuery select(String... fields) {
this.fieldsToSelect = UtilMisc.toSetArray(fields);
return this;
}
@@ -157,7 +157,7 @@ public class EntityQuery {
* @param fields - A series of field names/values to be ANDed together as
the where clause for the query
* @return this EntityQuery object, to enable chaining
*/
- public EntityQuery where(Object...fields) {
+ public EntityQuery where(Object... fields) {
this.whereEntityCondition =
EntityCondition.makeCondition(UtilMisc.toMap(fields));
return this;
}
@@ -167,7 +167,7 @@ public class EntityQuery {
* @param entityCondition - A series of EntityConditions to be ANDed
together as the where clause for the query
* @return this EntityQuery object, to enable chaining
*/
- public EntityQuery where(EntityCondition...entityCondition) {
+ public EntityQuery where(EntityCondition... entityCondition) {
this.whereEntityCondition =
EntityCondition.makeCondition(Arrays.asList(entityCondition));
return this;
}
@@ -209,7 +209,7 @@ public class EntityQuery {
* @param fields - The fields of the named entity to order the resultset by
* @return this EntityQuery object, to enable chaining
*/
- public EntityQuery orderBy(String...fields) {
+ public EntityQuery orderBy(String... fields) {
this.orderBy = Arrays.asList(fields);
return this;
}
diff --git
a/framework/service/src/main/groovy/org/apache/ofbiz/service/test/ServicePurgeTest.groovy
b/framework/service/src/main/groovy/org/apache/ofbiz/service/test/ServicePurgeTest.groovy
index d9f9fb5bc8..24ecb5f309 100644
---
a/framework/service/src/main/groovy/org/apache/ofbiz/service/test/ServicePurgeTest.groovy
+++
b/framework/service/src/main/groovy/org/apache/ofbiz/service/test/ServicePurgeTest.groovy
@@ -22,9 +22,9 @@ import org.apache.ofbiz.base.util.UtilDateTime
import org.apache.ofbiz.entity.GenericValue
import org.apache.ofbiz.entity.util.EntityQuery
import org.apache.ofbiz.service.config.ServiceConfigUtil
-import org.apache.ofbiz.testtools.GroovyScriptTestCase
+import org.apache.ofbiz.testtools.GroovyScriptAssert
-class ServicePurgeTest extends GroovyScriptTestCase {
+class ServicePurgeTest extends GroovyScriptAssert {
// ./gradlew "ofbiz --test component=service --test suitename=servicetests
--test case=service-purge-test"
diff --git
a/framework/service/src/main/java/org/apache/ofbiz/service/job/JobPoller.java
b/framework/service/src/main/java/org/apache/ofbiz/service/job/JobPoller.java
index 5565d77eb5..a1edb54e13 100644
---
a/framework/service/src/main/java/org/apache/ofbiz/service/job/JobPoller.java
+++
b/framework/service/src/main/java/org/apache/ofbiz/service/job/JobPoller.java
@@ -237,7 +237,7 @@ public final class JobPoller implements
ServiceConfigListener {
Debug.logInfo("JobPoller shutdown completed.", MODULE);
}
- private static class JobInvokerThreadFactory implements ThreadFactory {
+ private static final class JobInvokerThreadFactory implements
ThreadFactory {
@Override
public Thread newThread(Runnable runnable) {
@@ -246,7 +246,7 @@ public final class JobPoller implements
ServiceConfigListener {
}
// Polls all registered JobManagers for jobs to queue.
- private class JobManagerPoller implements Runnable {
+ private final class JobManagerPoller implements Runnable {
// Do not check for interrupts in this method. The design requires the
// thread to complete the job manager poll uninterrupted.
diff --git
a/framework/testtools/src/main/java/org/apache/ofbiz/testtools/GroovyScriptTestCase.java
b/framework/testtools/src/main/java/org/apache/ofbiz/testtools/GroovyScriptAssert.java
similarity index 95%
rename from
framework/testtools/src/main/java/org/apache/ofbiz/testtools/GroovyScriptTestCase.java
rename to
framework/testtools/src/main/java/org/apache/ofbiz/testtools/GroovyScriptAssert.java
index 5b8b689b7b..b95d1274d0 100644
---
a/framework/testtools/src/main/java/org/apache/ofbiz/testtools/GroovyScriptTestCase.java
+++
b/framework/testtools/src/main/java/org/apache/ofbiz/testtools/GroovyScriptAssert.java
@@ -18,7 +18,7 @@
*******************************************************************************/
package org.apache.ofbiz.testtools;
-import groovy.util.GroovyTestCase;
+import groovy.test.GroovyAssert;
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.security.Security;
import org.apache.ofbiz.service.LocalDispatcher;
@@ -26,7 +26,7 @@ import org.apache.ofbiz.service.LocalDispatcher;
/**
* This test case engine allow writing test in groovy script that do not need
compilation.
*/
-public class GroovyScriptTestCase extends GroovyTestCase {
+public class GroovyScriptAssert extends GroovyAssert {
private Delegator delegator;
private LocalDispatcher dispatcher;
diff --git
a/framework/testtools/src/main/java/org/apache/ofbiz/testtools/ModelTestSuite.java
b/framework/testtools/src/main/java/org/apache/ofbiz/testtools/ModelTestSuite.java
index 547f9cc1ae..a13c596f44 100644
---
a/framework/testtools/src/main/java/org/apache/ofbiz/testtools/ModelTestSuite.java
+++
b/framework/testtools/src/main/java/org/apache/ofbiz/testtools/ModelTestSuite.java
@@ -205,12 +205,12 @@ public class ModelTestSuite {
((OFBizTestCase) test).setDispatcher(dispatcher);
}
// CHECKSTYLE_ON: ALMOST_ALL
- } else if (test instanceof GroovyScriptTestCase) {
- prepareGroovyScriptTestCase((GroovyScriptTestCase) test);
+ } else if (test instanceof GroovyScriptAssert) {
+ prepareGroovyScriptAssert((GroovyScriptAssert) test);
}
}
- private void prepareGroovyScriptTestCase(GroovyScriptTestCase test) {
+ private void prepareGroovyScriptAssert(GroovyScriptAssert test) {
test.setDelegator(delegator);
test.setDispatcher(dispatcher);
test.setSecurity(dispatcher.getSecurity());
diff --git
a/framework/widget/src/main/java/org/apache/ofbiz/widget/artifact/ArtifactInfoGatherer.java
b/framework/widget/src/main/java/org/apache/ofbiz/widget/artifact/ArtifactInfoGatherer.java
index e31f31f0d7..290a854221 100644
---
a/framework/widget/src/main/java/org/apache/ofbiz/widget/artifact/ArtifactInfoGatherer.java
+++
b/framework/widget/src/main/java/org/apache/ofbiz/widget/artifact/ArtifactInfoGatherer.java
@@ -382,7 +382,7 @@ public final class ArtifactInfoGatherer implements
ModelWidgetVisitor, ModelActi
public void visit(Tree tree) throws Exception {
}
- private class FieldInfoGatherer implements ModelFieldVisitor {
+ private final class FieldInfoGatherer implements ModelFieldVisitor {
private void addRequestLocations(String target, String urlMode) {
try {
diff --git
a/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
b/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
index 1907d2f016..847de50a04 100644
---
a/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
+++
b/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
@@ -5485,9 +5485,9 @@ public final class ModelFormField {
this.defaultOption = UtilProperties.getPropertyValue("widget",
"widget.form.defaultTextFindOption", "contains");
}
this.hideIgnoreCase =
"true".equals(element.getAttribute("hide-options"))
- ||
"ignore-case".equals(element.getAttribute("hide-options")) ? true : false;
+ || "ignore-case".equals(element.getAttribute("hide-options"));
this.hideOptions =
"true".equals(element.getAttribute("hide-options"))
- || "options".equals(element.getAttribute("hide-options"))
? true : false;
+ || "options".equals(element.getAttribute("hide-options"));
this.ignoreCase =
"true".equals(element.getAttribute("ignore-case"));
}
diff --git
a/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelScreenCondition.java
b/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelScreenCondition.java
index 31ca8521fe..4b7d4f63d6 100644
---
a/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelScreenCondition.java
+++
b/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelScreenCondition.java
@@ -75,7 +75,7 @@ public final class ModelScreenCondition {
}
}
- private static class ScreenConditionFactory extends
DefaultConditionFactory {
+ private static final class ScreenConditionFactory extends
DefaultConditionFactory {
@Override
public ModelCondition newInstance(ModelWidget modelWidget, Element
conditionElement) {
diff --git a/gradle/wrapper/gradle-wrapper.properties
b/gradle/wrapper/gradle-wrapper.properties
index 070cb702f0..2617362fd0 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
index fbd7c51583..65dcd68d65 100755
--- a/gradlew
+++ b/gradlew
@@ -1,7 +1,7 @@
-#!/usr/bin/env sh
+#!/bin/sh
#
-# Copyright 2015 the original author or authors.
+# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,67 +17,101 @@
#
##############################################################################
-##
-## Gradle start up script for UN*X
-##
+#
+# Gradle start up script for POSIX generated by Gradle.
+#
+# Important for running:
+#
+# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+# noncompliant, but you have some other compliant shell such as ksh or
+# bash, then to run this script, type that shell name before the whole
+# command line, like:
+#
+# ksh Gradle
+#
+# Busybox and similar reduced shells will NOT work, because this script
+# requires all of these POSIX shell features:
+# * functions;
+# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+# * compound commands having a testable exit status, especially «case»;
+# * various built-in commands including «command», «set», and «ulimit».
+#
+# Important for patching:
+#
+# (2) This script targets any POSIX shell, so it avoids extensions provided
+# by Bash, Ksh, etc; in particular arrays are avoided.
+#
+# The "traditional" practice of packing multiple parameters into a
+# space-separated string is a well documented source of bugs and security
+# problems, so this is (mostly) avoided, by progressively accumulating
+# options in "$@", and eventually passing that to Java.
+#
+# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+# see the in-line comments for details.
+#
+# There are tweaks for specific operating systems such as AIX, CygWin,
+# Darwin, MinGW, and NonStop.
+#
+# (3) This script is generated from the Groovy template
+#
https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+# within the Gradle project.
+#
+# You can find Gradle at https://github.com/gradle/gradle/.
+#
##############################################################################
# Attempt to set APP_HOME
+
# Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
- ls=`ls -ld "$PRG"`
- link=`expr "$ls" : '.*-> \(.*\)$'`
- if expr "$link" : '/.*' > /dev/null; then
- PRG="$link"
- else
- PRG=`dirname "$PRG"`"/$link"
- fi
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+ APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no
leading path
+ [ -h "$app_path" ]
+do
+ ls=$( ls -ld "$app_path" )
+ link=${ls#*' -> '}
+ case $link in #(
+ /*) app_path=$link ;; #(
+ *) app_path=$APP_HOME$link ;;
+ esac
done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null
-APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to
pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
+MAX_FD=maximum
warn () {
echo "$*"
-}
+} >&2
die () {
echo
echo "$*"
echo
exit 1
-}
+} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
-case "`uname`" in
- CYGWIN* )
- cygwin=true
- ;;
- Darwin* )
- darwin=true
- ;;
- MINGW* )
- msys=true
- ;;
- NONSTOP* )
- nonstop=true
- ;;
+case "$( uname )" in #(
+ CYGWIN* ) cygwin=true ;; #(
+ Darwin* ) darwin=true ;; #(
+ MSYS* | MINGW* ) msys=true ;; #(
+ NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
@@ -87,9 +121,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
- JAVACMD="$JAVA_HOME/jre/sh/java"
+ JAVACMD=$JAVA_HOME/jre/sh/java
else
- JAVACMD="$JAVA_HOME/bin/java"
+ JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@@ -98,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to
match the
location of your Java installation."
fi
else
- JAVACMD="java"
+ JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no
'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
@@ -106,80 +140,105 @@ location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ;
then
- MAX_FD_LIMIT=`ulimit -H -n`
- if [ $? -eq 0 ] ; then
- if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
- MAX_FD="$MAX_FD_LIMIT"
- fi
- ulimit -n $MAX_FD
- if [ $? -ne 0 ] ; then
- warn "Could not set maximum file descriptor limit: $MAX_FD"
- fi
- else
- warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
- fi
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+ case $MAX_FD in #(
+ max*)
+ # In POSIX sh, ulimit -H is undefined. That's why the result is
checked to see if it worked.
+ # shellcheck disable=SC3045
+ MAX_FD=$( ulimit -H -n ) ||
+ warn "Could not query maximum file descriptor limit"
+ esac
+ case $MAX_FD in #(
+ '' | soft) :;; #(
+ *)
+ # In POSIX sh, ulimit -n is undefined. That's why the result is
checked to see if it worked.
+ # shellcheck disable=SC3045
+ ulimit -n "$MAX_FD" ||
+ warn "Could not set maximum file descriptor limit to $MAX_FD"
+ esac
fi
-# For Darwin, add options to specify how the application appears in the dock
-if $darwin; then
- GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\"
\"-Xdock:icon=$APP_HOME/media/gradle.icns\""
-fi
+# Collect all arguments for the java command, stacking in reverse order:
+# * args from the command line
+# * the main class name
+# * -classpath
+# * -D...appname settings
+# * --module-path (only if needed)
+# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
-if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
- APP_HOME=`cygpath --path --mixed "$APP_HOME"`
- CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
-
- JAVACMD=`cygpath --unix "$JAVACMD"`
-
- # We build the pattern for arguments to be converted via cygpath
- ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
- SEP=""
- for dir in $ROOTDIRSRAW ; do
- ROOTDIRS="$ROOTDIRS$SEP$dir"
- SEP="|"
- done
- OURCYGPATTERN="(^($ROOTDIRS))"
- # Add a user-defined pattern to the cygpath arguments
- if [ "$GRADLE_CYGPATTERN" != "" ] ; then
- OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
- fi
+if "$cygwin" || "$msys" ; then
+ APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+ CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+ JAVACMD=$( cygpath --unix "$JAVACMD" )
+
# Now convert the arguments - kludge to limit ourselves to /bin/sh
- i=0
- for arg in "$@" ; do
- CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
- CHECK2=`echo "$arg"|egrep -c "^-"` ###
Determine if an option
-
- if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ###
Added a condition
- eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
- else
- eval `echo args$i`="\"$arg\""
+ for arg do
+ if
+ case $arg in #(
+ -*) false ;; # don't mess with
options #(
+ /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX
filepath
+ [ -e "$t" ] ;; #(
+ *) false ;;
+ esac
+ then
+ arg=$( cygpath --path --ignore --mixed "$arg" )
fi
- i=`expr $i + 1`
+ # Roll the args list around exactly as many times as the number of
+ # args, so each arg winds up back in the position where it started, but
+ # possibly modified.
+ #
+ # NB: a `for` loop captures its iteration list before it begins, so
+ # changing the positional parameters here affects neither the number of
+ # iterations, nor the values presented in `arg`.
+ shift # remove old arg
+ set -- "$@" "$arg" # push replacement arg
done
- case $i in
- 0) set -- ;;
- 1) set -- "$args0" ;;
- 2) set -- "$args0" "$args1" ;;
- 3) set -- "$args0" "$args1" "$args2" ;;
- 4) set -- "$args0" "$args1" "$args2" "$args3" ;;
- 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
- 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
- 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5"
"$args6" ;;
- 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5"
"$args6" "$args7" ;;
- 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5"
"$args6" "$args7" "$args8" ;;
- esac
fi
-# Escape application args
-save () {
- for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ;
done
- echo " "
-}
-APP_ARGS=`save "$@"`
+# Collect all arguments for the java command;
+# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+# shell script including quotes and variable substitutions, so put them in
+# double quotes to make sure that they get re-expanded; and
+# * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+ "-Dorg.gradle.appname=$APP_BASE_NAME" \
+ -classpath "$CLASSPATH" \
+ org.gradle.wrapper.GradleWrapperMain \
+ "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+ die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes
removed.
+#
+# In Bash we could simply go:
+#
+# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+# set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
-# Collect all arguments for the java command, following the shell quoting and
substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
"\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\""
org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+eval "set -- $(
+ printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+ xargs -n1 |
+ sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+ tr '\n' ' '
+ )" '"$@"'
exec "$JAVACMD" "$@"
diff --git a/gradlew.bat b/gradlew.bat
index 5093609d51..93e3f59f13 100644
--- a/gradlew.bat
+++ b/gradlew.bat
@@ -14,7 +14,7 @@
@rem limitations under the License.
@rem
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@@ -25,7 +25,8 @@
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your
PATH.
@@ -54,7 +55,7 @@ goto fail
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -64,21 +65,6 @@ echo location of your Java installation.
goto fail
-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
:execute
@rem Setup the command line
@@ -86,17 +72,19 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS%
"-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%"
org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS%
"-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%"
org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code
instead of
rem the _cmd.exe /c_ return code!
-if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
