[jira] [Updated] (VELTOOLS-183) beanutils 1.9.4 breaks velocity-tools

Thu, 22 Aug 2019 02:35:10 -0700 


     [ 
https://issues.apache.org/jira/browse/VELTOOLS-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ajbanck updated VELTOOLS-183:
-----------------------------
    Description: 
beanutils 1.9.4 was release to mitigate CVE-2014-0114.  For this  the *default* 
behaviour of the BeanUtilsBean was changed to not allow class level access, see 
BEANUTILS-520.

When using velocity-tools in a project that manages/enforces beanutils to 
version 1.9.4 velocity-tools stops working as expected. This is easily 
demonstrated with the unittests.

Running the velocity-tools unit tests will fail on ConfigTests.testXmlConfig
 # In velocity-tools-generic/pom.xml update commons-beanutils to 1.9.4
 # run mvn verify

Result
{noformat}
[ERROR] 
testPropsPlusXmlConfig(org.apache.velocity.tools.test.whitebox.ConfigTests)  
Time elapsed: 0.007 s  <<< ERROR!
[ERROR]testPropsPlusXmlConfig(org.apache.velocity.tools.test.whitebox.ConfigTests)
  Time elapsed: 0.007 s  <<< ERROR!
org.apache.velocity.tools.config.NullKeyException: Key is null for tool whose 
class is 'null'
 at 
org.apache.velocity.tools.test.whitebox.ConfigTests.assertConfigEquals(ConfigTests.java:428)
 at 
org.apache.velocity.tools.test.whitebox.ConfigTests.testPropsPlusXmlConfig(ConfigTests.java:120)

[ERROR] testXmlConfig(org.apache.velocity.tools.test.whitebox.ConfigTests)  
Time elapsed: 0.003 s  <<< FAILURE!
java.lang.AssertionError: 

**** Unexpected Invalid Configuration ****

FactoryConfiguration from 2 sources including 1 data with 2 toolboxes:
  Toolbox 'application' with 1 properties [scope -auto-> application; ] and 2 
tools:
   Tool 'null' => null with 1 properties [locale -auto-> fr; ]
   Tool 'calc' => null with 1 properties [key -auto-> calc; ]{noformat}
 

  was:
beanutils 1.9.4 was release to mitigate CVE-2014-0114.  For this  the *default* 
behaviour of the BeanUtilsBean was changed to not allow class level access, see 
BEANUTILS-520.

When using velocity-tools in a project that manages/enforces beanutils to 
version 1.9.4 velocity-tools stops working as expected. This is easily 
demonstrated with the unittests.

Running the velocity-tools unit tests will fail on ConfigTests.testXmlConfig
 # In velocity-tools-generic/pom.xml update commons-beanutils to 1.9.4
 # run mvn verify

Result
{noformat}
org.apache.velocity.tools.config.NullKeyException: Key is null for tool whose 
class is 'null'org.apache.velocity.tools.config.NullKeyException: Key is null 
for tool whose class is 'null' at 
org.apache.velocity.tools.test.whitebox.ConfigTests.assertConfigEquals(ConfigTests.java:428)
 at 
org.apache.velocity.tools.test.whitebox.ConfigTests.testPropsPlusXmlConfig(ConfigTests.java:120)
[ERROR] testXmlConfig(org.apache.velocity.tools.test.whitebox.ConfigTests)  
Time elapsed: 0.003 s  <<< FAILURE!java.lang.AssertionError: 
**** Unexpected Invalid Configuration ****
FactoryConfiguration from 2 sources including 1 data with 2 toolboxes:  Toolbox 
'application' with 1 properties [scope -auto-> application; ] and 2 tools:   
Tool 'null' => null with 1 properties [locale -auto-> fr; ]  Tool 'calc' => 
null with 1 properties [key -auto-> calc; ] {noformat}
 


> beanutils 1.9.4 breaks velocity-tools
> -------------------------------------
>
>                 Key: VELTOOLS-183
>                 URL: https://issues.apache.org/jira/browse/VELTOOLS-183
>             Project: Velocity Tools
>          Issue Type: Bug
>            Reporter: ajbanck
>            Priority: Major
>
> beanutils 1.9.4 was release to mitigate CVE-2014-0114.  For this  the 
> *default* behaviour of the BeanUtilsBean was changed to not allow class level 
> access, see BEANUTILS-520.
> When using velocity-tools in a project that manages/enforces beanutils to 
> version 1.9.4 velocity-tools stops working as expected. This is easily 
> demonstrated with the unittests.
> Running the velocity-tools unit tests will fail on ConfigTests.testXmlConfig
>  # In velocity-tools-generic/pom.xml update commons-beanutils to 1.9.4
>  # run mvn verify
> Result
> {noformat}
> [ERROR] 
> testPropsPlusXmlConfig(org.apache.velocity.tools.test.whitebox.ConfigTests)  
> Time elapsed: 0.007 s  <<< ERROR!
> [ERROR]testPropsPlusXmlConfig(org.apache.velocity.tools.test.whitebox.ConfigTests)
>   Time elapsed: 0.007 s  <<< ERROR!
> org.apache.velocity.tools.config.NullKeyException: Key is null for tool whose 
> class is 'null'
>  at 
> org.apache.velocity.tools.test.whitebox.ConfigTests.assertConfigEquals(ConfigTests.java:428)
>  at 
> org.apache.velocity.tools.test.whitebox.ConfigTests.testPropsPlusXmlConfig(ConfigTests.java:120)
> [ERROR] testXmlConfig(org.apache.velocity.tools.test.whitebox.ConfigTests)  
> Time elapsed: 0.003 s  <<< FAILURE!
> java.lang.AssertionError: 
> **** Unexpected Invalid Configuration ****
> FactoryConfiguration from 2 sources including 1 data with 2 toolboxes:
>   Toolbox 'application' with 1 properties [scope -auto-> application; ] and 2 
> tools:
>    Tool 'null' => null with 1 properties [locale -auto-> fr; ]
>    Tool 'calc' => null with 1 properties [key -auto-> calc; ]{noformat}
>  



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to