The GitHub Actions job "Java CI with Gradle" on ofbiz-framework.git has succeeded. Run started by GitHub user asfgit (triggered by asfgit).
Head commit for run: 76976bf9f03537b450af531638ac8031571ba154 / Jacques Le Roux <jacques.le.r...@les7arts.com> Fixed: Manufacturing - MRP Run Failure (OFBIZ-12716) This was broken by "Preventing possible DOS attack done using Java deserialisation" done with OFBIZ-12592 The exact solution was not an easy find. Because, despite knowing that it was related to serialization filtering (ie using '-Djdk.serialFilter=maxarray=100000;maxdepth=20;maxrefs=500;maxbytes=500000' in build.gradle) and suspecting that it was not related to a class because adding an all classes allowed filter (ie *) to -Djdk.serialFilter, ie '-Djdk.serialFilter=*;maxarray=100000;maxdepth=20;maxrefs=500;maxbytes=500000' that did not fix the problem. So it was, at least, one of values of the 4 other parameters initially chosen based on default values often suggested. With trial and error tactic, I finally found I needed only to increase maxrefs*. I picked 1000. It should allow bigger MRP needs and should not be an issue for DOS attacks. * The maximum number of internal references Note that I could have used the "Logging Filter Actions" suggestion at bottom of https://docs.oracle.com/javase/10/core/serialization-filtering1.htm but trial and error tactic turned to be faster. I guess, if I refer to https://access.redhat.com/discussions/5577051, that it could be due to using Tomcat or to OFBiz log4j2.xml setting. Anyway Java 17 seems to have a better solution for that** and we need to turn to it in 2023 (EOL of Java 11) ** https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk thanks: Yannong Huang for report Report URL: https://github.com/apache/ofbiz-framework/actions/runs/3558375734 With regards, GitHub Actions via GitBox
