[GitHub] [commons-validator] garydgregory merged pull request #126: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #126: URL: https://github.com/apache/commons-validator/pull/126 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-ognl] garydgregory merged pull request #122: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #122: URL: https://github.com/apache/commons-ognl/pull/122 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-rdf] garydgregory merged pull request #127: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #127: URL: https://github.com/apache/commons-rdf/pull/127 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] garydgregory merged pull request #214: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #214: URL: https://github.com/apache/commons-bcel/pull/214 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jxpath] garydgregory merged pull request #60: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #60: URL: https://github.com/apache/commons-jxpath/pull/60 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-fileupload] garydgregory merged pull request #209: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #209: URL: https://github.com/apache/commons-fileupload/pull/209 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-exec] garydgregory merged pull request #101: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #101: URL: https://github.com/apache/commons-exec/pull/101 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-daemon] garydgregory merged pull request #87: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #87: URL: https://github.com/apache/commons-daemon/pull/87 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-configuration] kinow merged pull request #291: Bump slf4j.version from 2.0.5 to 2.0.7
kinow merged PR #291: URL: https://github.com/apache/commons-configuration/pull/291 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-text] garydgregory merged pull request #420: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #420: URL: https://github.com/apache/commons-text/pull/420 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-beanutils] garydgregory merged pull request #167: Bump actions/checkout from 3.3.0 to 3.5.0
garydgregory merged PR #167: URL: https://github.com/apache/commons-beanutils/pull/167 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-beanutils] garydgregory merged pull request #165: Bump actions/cache from 3.3.0 to 3.3.1
garydgregory merged PR #165: URL: https://github.com/apache/commons-beanutils/pull/165 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-configuration] kinow merged pull request #289: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #289: URL: https://github.com/apache/commons-configuration/pull/289 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-imaging] kinow merged pull request #287: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #287: URL: https://github.com/apache/commons-imaging/pull/287 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] hboutemy commented on pull request #9: Improve reproducibility of generated JARs
hboutemy commented on PR #9: URL: https://github.com/apache/commons-parent/pull/9#issuecomment-1483234401 I think this PR is now obsolete -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704739#comment-17704739 ] Gary D. Gregory commented on CONFIGURATION-826: --- Oops, edited this ticket by mistake. > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Major > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory updated CONFIGURATION-826: -- Priority: Major (was: Trivial) > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Major > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (CONFIGURATION-829) Critical security vulnerability in snakeyaml
[ https://issues.apache.org/jira/browse/CONFIGURATION-829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory resolved CONFIGURATION-829. --- Fix Version/s: 2.9.0 Resolution: Fixed > Critical security vulnerability in snakeyaml > > > Key: CONFIGURATION-829 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-829 > Project: Commons Configuration > Issue Type: Bug > Components: File reloading >Affects Versions: 2.8.0 >Reporter: Aaron Coady >Priority: Major > Fix For: 2.9.0 > > > This vulnerability is fixed in snakeyaml 2.0 and requires a backwards > incompatible change in the constructor > [https://nvd.nist.gov/vuln/detail/CVE-2022-1471] > > SnakeYaml's Constructor() class does not restrict types which can be > instantiated during deserialization. Deserializing yaml content provided by > an attacker can lead to remote code execution. We recommend using SnakeYaml's > SafeConsturctor when parsing untrusted content to restrict deserialization. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory updated CONFIGURATION-826: -- Fix Version/s: (was: 2.9.0) > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Trivial > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Reopened] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory reopened CONFIGURATION-826: --- > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Trivial > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CONFIGURATION-829) Critical security vulnerability in snakeyaml
[ https://issues.apache.org/jira/browse/CONFIGURATION-829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704737#comment-17704737 ] Gary D. Gregory commented on CONFIGURATION-829: --- This is already in git master and the snapshot repository for the upcoming to 2.9.0 as you can see in the POM. > Critical security vulnerability in snakeyaml > > > Key: CONFIGURATION-829 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-829 > Project: Commons Configuration > Issue Type: Bug > Components: File reloading >Affects Versions: 2.8.0 >Reporter: Aaron Coady >Priority: Major > Fix For: 2.9.0 > > > This vulnerability is fixed in snakeyaml 2.0 and requires a backwards > incompatible change in the constructor > [https://nvd.nist.gov/vuln/detail/CVE-2022-1471] > > SnakeYaml's Constructor() class does not restrict types which can be > instantiated during deserialization. Deserializing yaml content provided by > an attacker can lead to remote code execution. We recommend using SnakeYaml's > SafeConsturctor when parsing untrusted content to restrict deserialization. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory resolved CONFIGURATION-826. --- Fix Version/s: 2.9.0 Resolution: Fixed This is already in git master and the snapshot repository. > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Trivial > Fix For: 2.9.0 > > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826 ] Gary D. Gregory deleted comment on CONFIGURATION-826: --- was (Author: garydgregory): This is already in git master and the snapshot repository. > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Trivial > Fix For: 2.9.0 > > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory updated CONFIGURATION-826: -- Priority: Trivial (was: Blocker) > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Trivial > Fix For: Nightly Builds, 2.9.0 > > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory updated CONFIGURATION-826: -- Fix Version/s: (was: Nightly Builds) (was: 2.9.0) > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Trivial > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (CONFIGURATION-829) Critical security vulnerability in snakeyaml
[ https://issues.apache.org/jira/browse/CONFIGURATION-829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704668#comment-17704668 ] Aaron Coady edited comment on CONFIGURATION-829 at 3/24/23 5:30 PM: It appears this has already been addressed by [https://github.com/apache/commons-configuration/pull/282] The version in the pom was bumped in this PR https://github.com/apache/commons-configuration/pull/283 What release can this be included in? was (Author: acoady): It appears this has already been addressed by [https://github.com/apache/commons-configuration/pull/282] Should we bump the version of snakeyaml in the pom to address this? What release can this be included in? > Critical security vulnerability in snakeyaml > > > Key: CONFIGURATION-829 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-829 > Project: Commons Configuration > Issue Type: Bug > Components: File reloading >Affects Versions: 2.8.0 >Reporter: Aaron Coady >Priority: Major > > This vulnerability is fixed in snakeyaml 2.0 and requires a backwards > incompatible change in the constructor > [https://nvd.nist.gov/vuln/detail/CVE-2022-1471] > > SnakeYaml's Constructor() class does not restrict types which can be > instantiated during deserialization. Deserializing yaml content provided by > an attacker can lead to remote code execution. We recommend using SnakeYaml's > SafeConsturctor when parsing untrusted content to restrict deserialization. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-lang] kinow merged pull request #1044: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #1044: URL: https://github.com/apache/commons-lang/pull/1044 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-codec] kinow merged pull request #181: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #181: URL: https://github.com/apache/commons-codec/pull/181 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (CONFIGURATION-829) Critical security vulnerability in snakeyaml
[ https://issues.apache.org/jira/browse/CONFIGURATION-829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704668#comment-17704668 ] Aaron Coady edited comment on CONFIGURATION-829 at 3/24/23 3:41 PM: It appears this has already been addressed by [https://github.com/apache/commons-configuration/pull/282] Should we bump the version of snakeyaml in the pom to address this? What release can this be included in? was (Author: acoady): It appears this has already been addressed by https://github.com/apache/commons-configuration/pull/282 > Critical security vulnerability in snakeyaml > > > Key: CONFIGURATION-829 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-829 > Project: Commons Configuration > Issue Type: Bug > Components: File reloading >Affects Versions: 2.8.0 >Reporter: Aaron Coady >Priority: Major > > This vulnerability is fixed in snakeyaml 2.0 and requires a backwards > incompatible change in the constructor > [https://nvd.nist.gov/vuln/detail/CVE-2022-1471] > > SnakeYaml's Constructor() class does not restrict types which can be > instantiated during deserialization. Deserializing yaml content provided by > an attacker can lead to remote code execution. We recommend using SnakeYaml's > SafeConsturctor when parsing untrusted content to restrict deserialization. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CONFIGURATION-829) Critical security vulnerability in snakeyaml
[ https://issues.apache.org/jira/browse/CONFIGURATION-829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704668#comment-17704668 ] Aaron Coady commented on CONFIGURATION-829: --- It appears this has already been addressed by https://github.com/apache/commons-configuration/pull/282 > Critical security vulnerability in snakeyaml > > > Key: CONFIGURATION-829 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-829 > Project: Commons Configuration > Issue Type: Bug > Components: File reloading >Affects Versions: 2.8.0 >Reporter: Aaron Coady >Priority: Major > > This vulnerability is fixed in snakeyaml 2.0 and requires a backwards > incompatible change in the constructor > [https://nvd.nist.gov/vuln/detail/CVE-2022-1471] > > SnakeYaml's Constructor() class does not restrict types which can be > instantiated during deserialization. Deserializing yaml content provided by > an attacker can lead to remote code execution. We recommend using SnakeYaml's > SafeConsturctor when parsing untrusted content to restrict deserialization. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (CONFIGURATION-829) Critical security vulnerability in snakeyaml
Aaron Coady created CONFIGURATION-829: - Summary: Critical security vulnerability in snakeyaml Key: CONFIGURATION-829 URL: https://issues.apache.org/jira/browse/CONFIGURATION-829 Project: Commons Configuration Issue Type: Bug Components: File reloading Affects Versions: 2.8.0 Reporter: Aaron Coady This vulnerability is fixed in snakeyaml 2.0 and requires a backwards incompatible change in the constructor [https://nvd.nist.gov/vuln/detail/CVE-2022-1471] SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-vfs] ivakegg commented on a diff in pull request #383: fixes #VFS-834: Updated to avoid prematurely closing file objects.
ivakegg commented on code in PR #383: URL: https://github.com/apache/commons-vfs/pull/383#discussion_r1147656897 ## commons-vfs2/src/test/java/org/apache/commons/vfs2/AbstractProviderTestCase.java: ## @@ -114,14 +114,22 @@ protected void assertSameContent(final String expected, final FileObject file) t * are encoded using UTF-8. */ protected void assertSameURLContent(final String expected, final URLConnection connection) throws Exception { +assertSameURLContent(expected, connection.getInputStream(), connection); Review Comment: good catch, thank you -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] ivakegg commented on a diff in pull request #383: fixes #VFS-834: Updated to avoid prematurely closing file objects.
ivakegg commented on code in PR #383: URL: https://github.com/apache/commons-vfs/pull/383#discussion_r1147652916 ## commons-vfs2/src/test/java/org/apache/commons/vfs2/AbstractProviderTestCase.java: ## @@ -114,14 +114,22 @@ protected void assertSameContent(final String expected, final FileObject file) t * are encoded using UTF-8. */ protected void assertSameURLContent(final String expected, final URLConnection connection) throws Exception { +assertSameURLContent(expected, connection.getInputStream(), connection); Review Comment: I can add an additional try-catch however -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] ivakegg commented on a diff in pull request #383: fixes #VFS-834: Updated to avoid prematurely closing file objects.
ivakegg commented on code in PR #383: URL: https://github.com/apache/commons-vfs/pull/383#discussion_r1147651610 ## commons-vfs2/src/test/java/org/apache/commons/vfs2/AbstractProviderTestCase.java: ## @@ -114,14 +114,22 @@ protected void assertSameContent(final String expected, final FileObject file) t * are encoded using UTF-8. */ protected void assertSameURLContent(final String expected, final URLConnection connection) throws Exception { +assertSameURLContent(expected, connection.getInputStream(), connection); Review Comment: This is what the previous method essentially did. The inner assertSameURLContent closes it within a try-catch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] ivakegg commented on pull request #383: fixes #VFS-834: Updated to avoid prematurely closing file objects.
ivakegg commented on PR #383: URL: https://github.com/apache/commons-vfs/pull/383#issuecomment-1482886790 Gary, This is not a multi-threading issue. This is an issue where multiple resources are loaded for the same file in the SAME thread. Then the input stream of one is closed before the other is read. Apparently this can happen with spring when loading a context. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-validator] dermoritz commented on pull request #68: Add validator for UUIDs
dermoritz commented on PR #68: URL: https://github.com/apache/commons-validator/pull/68#issuecomment-1482867206 sad about seeing this closed :-(. So to validate a string to be an UUID in Java still needs to copy paste the regex around? pulling hibernate seems to be a bad option -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-jexl] garydgregory merged pull request #170: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #170: URL: https://github.com/apache/commons-jexl/pull/170 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] garydgregory commented on a diff in pull request #383: fixes #VFS-834: Updated to avoid prematurely closing file objects.
garydgregory commented on code in PR #383: URL: https://github.com/apache/commons-vfs/pull/383#discussion_r1147017362 ## commons-vfs2/src/test/java/org/apache/commons/vfs2/AbstractProviderTestCase.java: ## @@ -114,14 +114,22 @@ protected void assertSameContent(final String expected, final FileObject file) t * are encoded using UTF-8. */ protected void assertSameURLContent(final String expected, final URLConnection connection) throws Exception { +assertSameURLContent(expected, connection.getInputStream(), connection); Review Comment: This does not look right, the method that allocates the resource should release it: The `connection.getInputStream()` should be used in a try-with-resources. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-pool] kinow merged pull request #217: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #217: URL: https://github.com/apache/commons-pool/pull/217 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-collections] kinow merged pull request #387: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #387: URL: https://github.com/apache/commons-collections/pull/387 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-csv] kinow merged pull request #315: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #315: URL: https://github.com/apache/commons-csv/pull/315 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (VFS-833) Make constructor FileSystemOptions(Map) public
[ https://issues.apache.org/jira/browse/VFS-833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory resolved VFS-833. - Fix Version/s: 2.10.0 Resolution: Fixed In git master and the snapshot repository. > Make constructor FileSystemOptions(Map) public > -- > > Key: VFS-833 > URL: https://issues.apache.org/jira/browse/VFS-833 > Project: Commons VFS > Issue Type: Bug >Affects Versions: 2.9.0 >Reporter: Kannan Ramamoorthy >Priority: Major > Fix For: 2.10.0 > > > *Problem:* > The map `org.apache.commons.vfs2.FileSystemOptions#options` is TreeMap. The > datastructure is not thread-safe and resulting in situations like > [this|https://ivoanjo.me/blog/2018/07/21/writing-to-a-java-treemap-concurrently-can-lead-to-an-infinite-loop-during-reads/] > when used in multithreaded environments. > *Workaround:* > As a workaround, we have to synchronize the `FileSystemOptions` in all the > places of the code. > *Solution:* > * If there is no issue, the constructor ` > protected FileSystemOptions(Map options)` can be > made public, so that users will have an option to pass a synchronized map > when they have to. * Or, wrap the `TreeMap` instance with > `java.util.Collections#synchronizedMap`, ensuring thread safety at the core. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (VFS-833) Make constructor FileSystemOptions(Map) public
[ https://issues.apache.org/jira/browse/VFS-833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory updated VFS-833: Summary: Make constructor FileSystemOptions(Map) public (was: org.apache.commons.vfs2.FileSystemOptions#options is not synchronized) > Make constructor FileSystemOptions(Map) public > -- > > Key: VFS-833 > URL: https://issues.apache.org/jira/browse/VFS-833 > Project: Commons VFS > Issue Type: Bug >Affects Versions: 2.9.0 >Reporter: Kannan Ramamoorthy >Priority: Major > > *Problem:* > The map `org.apache.commons.vfs2.FileSystemOptions#options` is TreeMap. The > datastructure is not thread-safe and resulting in situations like > [this|https://ivoanjo.me/blog/2018/07/21/writing-to-a-java-treemap-concurrently-can-lead-to-an-infinite-loop-during-reads/] > when used in multithreaded environments. > *Workaround:* > As a workaround, we have to synchronize the `FileSystemOptions` in all the > places of the code. > *Solution:* > * If there is no issue, the constructor ` > protected FileSystemOptions(Map options)` can be > made public, so that users will have an option to pass a synchronized map > when they have to. * Or, wrap the `TreeMap` instance with > `java.util.Collections#synchronizedMap`, ensuring thread safety at the core. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-vfs] garydgregory merged pull request #384: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #384: URL: https://github.com/apache/commons-vfs/pull/384 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-skin] garydgregory merged pull request #51: Bump github/codeql-action from 2.2.7 to 2.2.8
garydgregory merged PR #51: URL: https://github.com/apache/commons-skin/pull/51 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-skin] garydgregory merged pull request #50: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #50: URL: https://github.com/apache/commons-skin/pull/50 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] garydgregory closed pull request #219: Bump maven-resources-plugin from 3.3.0 to 3.3.1
garydgregory closed pull request #219: Bump maven-resources-plugin from 3.3.0 to 3.3.1 URL: https://github.com/apache/commons-crypto/pull/219 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] garydgregory commented on pull request #219: Bump maven-resources-plugin from 3.3.0 to 3.3.1
garydgregory commented on PR #219: URL: https://github.com/apache/commons-crypto/pull/219#issuecomment-1482724143 Close: Pick up from parent. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-crypto] garydgregory merged pull request #218: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #218: URL: https://github.com/apache/commons-crypto/pull/218 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] garydgregory merged pull request #245: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #245: URL: https://github.com/apache/commons-parent/pull/245 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-parent] garydgregory merged pull request #246: Bump github/codeql-action from 2.2.7 to 2.2.8
garydgregory merged PR #246: URL: https://github.com/apache/commons-parent/pull/246 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] garydgregory merged pull request #386: Bump hadoop.version from 3.3.4 to 3.3.5
garydgregory merged PR #386: URL: https://github.com/apache/commons-vfs/pull/386 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bsf] garydgregory merged pull request #88: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #88: URL: https://github.com/apache/commons-bsf/pull/88 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-logging] kinow merged pull request #139: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #139: URL: https://github.com/apache/commons-logging/pull/139 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-dbutils] garydgregory merged pull request #185: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #185: URL: https://github.com/apache/commons-dbutils/pull/185 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-cli] garydgregory merged pull request #170: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #170: URL: https://github.com/apache/commons-cli/pull/170 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] garydgregory merged pull request #145: Bump actions/checkout from 3.4.0 to 3.5.0
garydgregory merged PR #145: URL: https://github.com/apache/commons-build-plugin/pull/145 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-build-plugin] garydgregory merged pull request #144: Bump github/codeql-action from 2.2.7 to 2.2.8
garydgregory merged PR #144: URL: https://github.com/apache/commons-build-plugin/pull/144 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-release-plugin] kinow merged pull request #181: Bump commons-compress from 1.22 to 1.23.0
kinow merged PR #181: URL: https://github.com/apache/commons-release-plugin/pull/181 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-release-plugin] kinow merged pull request #179: Bump maven.dependency.version from 3.9.0 to 3.9.1
kinow merged PR #179: URL: https://github.com/apache/commons-release-plugin/pull/179 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-release-plugin] kinow merged pull request #180: Bump maven-scm.version from 1.13.0 to 2.0.0
kinow merged PR #180: URL: https://github.com/apache/commons-release-plugin/pull/180 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (DIGESTER-199) Noisy debug
[ https://issues.apache.org/jira/browse/DIGESTER-199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704539#comment-17704539 ] Mark Thomas commented on DIGESTER-199: -- Please provide a copy of the file that is being parsed. > Noisy debug > --- > > Key: DIGESTER-199 > URL: https://issues.apache.org/jira/browse/DIGESTER-199 > Project: Commons Digester > Issue Type: Bug >Affects Versions: 3.2 >Reporter: Delany >Priority: Major > > Large sections of a whitespace in the debug logs > [https://github.com/revelc/formatter-maven-plugin/issues/713] > https://issues.apache.org/jira/browse/MNG-7747 > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-release-plugin] kinow merged pull request #178: Bump actions/checkout from 3.4.0 to 3.5.0
kinow merged PR #178: URL: https://github.com/apache/commons-release-plugin/pull/178 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org