-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
I just upgraded an application from commons-beanutils-1.9.3 to
commons-beanutils-1.9.4 that is using Velocity 1.7 and Tools 2.0 and
I'm getting this error on startup:
javax.servlet.ServletException: Servlet.init() for servlet [velocity]
threw exception
[...]
Caused by: org.apache.velocity.tools.config.NullKeyException: Key is
null for tool whose class is 'null'
at
org.apache.velocity.tools.config.ToolConfiguration.validate(ToolConfigur
ation.java:348)
at
org.apache.velocity.tools.config.CompoundConfiguration.validate(Compound
Configuration.java:115)
at
org.apache.velocity.tools.config.ToolboxConfiguration.validate(ToolboxCo
nfiguration.java:108)
at
org.apache.velocity.tools.config.CompoundConfiguration.validate(Compound
Configuration.java:115)
at
org.apache.velocity.tools.config.FactoryConfiguration.validate(FactoryCo
nfiguration.java:232)
at
org.apache.velocity.tools.ToolboxFactory.configure(ToolboxFactory.java:8
0)
at
org.apache.velocity.tools.ToolManager.configure(ToolManager.java:90)
at
org.apache.velocity.tools.view.ViewToolManager.configure(ViewToolManager
.java:222)
at
org.apache.velocity.tools.view.VelocityView.configure(VelocityView.java:
508)
at
org.apache.velocity.tools.view.VelocityView.init(VelocityView.java:313)
at
org.apache.velocity.tools.view.VelocityView.<init>(VelocityView.java:213
)
at
org.apache.velocity.tools.view.ServletUtils.createView(ServletUtils.java
:156)
at
org.apache.velocity.tools.view.ServletUtils.getVelocityView(ServletUtils
.java:142)
at
org.apache.velocity.tools.view.ServletUtils.getVelocityView(ServletUtils
.java:104)
at
org.apache.velocity.tools.view.VelocityViewServlet.getVelocityView(Veloc
ityViewServlet.java:155)
at
org.apache.velocity.tools.view.VelocityViewServlet.init(VelocityViewServ
let.java:122)
at
org.apache.velocity.tools.view.VelocityLayoutServlet.init(VelocityLayout
Servlet.java:133)
at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.jav
a:1142)
... 89 more
I don't believe I've changed my tools.xml file for a long time (svn
says no). The changelog for commons-beanutils says their change is to
fix CVE-2014-0114 / CVE-2019-10086 which has to do with whether or not
a "class" may be specified under certain conditions.
I haven't (yet) looked at the code, but is it possible that this
upgrade has broken Velocity Tools 2.0? I realize this is a somewhat
older release; upgrading will take some time, patching is the
preferred source of action at the moment.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl451RYACgkQHPApP6U8
pFh8bg/+IvYBoK+cQCp+Zxw8obleefonlHsJOjtCK/DIkvC1hbtLX27xURkmCQ3r
pOI9lsEv3L1GYAN2GF090FWjDj3QFiE2m5HD9pHtscpCKoDqBXVgE/JanHYiQn5b
+B9v/eSYQzhlRULlPFTSBHv5W0C8yGk/RYr4eI2uIECWcPRMpVN11mkBFOsUqcrK
nP6bOlKDszS40V9JSeqmv8qELsu23q19M7nT7ECGsGxMqcy1Jc4TDECgfL9odaFZ
8u3FaVrWSXrmCRXLqBTlMtO2xoD5mq1OuRePKFShtbsUnFvG38cjbAwy5Yq++Uxl
/7d2TkBLq2yKu+vrFPjmrc5mSrH0lT1Er7GjogFI5ywiRGrLjvC0N/PZAqmqqVQl
hyY7KA5DmKyFB6eIgiKFg1PZVF69UmRyyl1aMwVYKt/R1d/B0/yvM/fuYJdPiGo3
sWn3S5alxckqug7gN9btMnayd5e4Sfrj4WhTFwS5VDc6Gj7LfMNwgsKVxh9kVCKe
PwHH/QPBNLK1ad5yI1yztS8N4nw2TXUKno8PamPxnZmMEjfzCXD7Av4O+5dqiNaH
Q+9YDDPBdwPZlJxcHklsLIl3v2AmNrijy2zIVUE6u8wUH7iNx9QHvx5PvpkMuVO5
gN2xEtYWHJgmSmt5U25oVbFjMYbVBDECkiRbdRLvyL4f9DQ32oI=
=YRv4
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org
