[
https://issues.apache.org/jira/browse/CONFIGURATION-788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17071829#comment-17071829
]
Gary D. Gregory commented on CONFIGURATION-788:
-----------------------------------------------
Oops, I did not realize that you are talking about the 1.x branch; is that
really the case? As opposed to 2.x?
I am doubtful that we'll release anything from the 1.x line unless a CVE shows
up. At least 1.x is nowhere on my to-do list.
> AbstractHierarchicalFileConfiguration can lose data when #save() is
> interrupted by JVM abort/power failure
> ----------------------------------------------------------------------------------------------------------
>
> Key: CONFIGURATION-788
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-788
> Project: Commons Configuration
> Issue Type: Bug
> Components: File reloading
> Affects Versions: 1.10
> Environment: This occurs in any environment with any use of
> AbstractFileConfiguration#save(), AbstractFileConfiguration#save(URL) or
> AbstractFileConfiguration#save(File).
> Reporter: Michael Noack
> Priority: Major
> Labels: newbie
> Attachments:
> 0001-Implemented-keep-backup-feature-for-file-configurati.patch,
> 0002-CHANGED-AbstractFileConfiguration-Fixed-potential-NP.patch
>
>
> When saving the current configuration, either using any of the #save()
> Methods or when setting a property while auto-save is enabled the method
> AbstractFileConfiguration#save(URL) effectively wipes the file content when
> opening the OutputStream.
> If the JVM gets destroyed or the machine powered down before the new
> configuration has been serialized to the file an empty file remains with no
> configuration at all.
>
> I've created a patch on top of the RELEASE_1_10_BRANCH which introduces a
> mitigation. The mitigation consists of a "keep backup" flag in
> AbstractFileConfiguration which, if set, creates a copy of the current
> configuration file before writing into it.
> When a configuration exception occurs upon loading the configuration again
> the exception will be caught and loading of the backup is attempted first
> before rethrowing the exception when this fails as well.
> To allow existing implementations to profit from this without touching all
> instances a global flag has been added to
> AbstractHierarchicalFileConfiguration which is then inherited by all future
> delegates added to any instance of AbstractHierarchicalFileConfiguration.
> Four unit tests for this mitigation feature have been added to
> TestHierarchicalXMLConfiguration.
> I've uploaded a repository with the commit to github:
> https://github.com/noamik/commons-configuration/tree/RELEASE_1_11_BRANCH
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
