from:"ChenYuwang \\\(Jira\\\)"

[jira] [Updated] (CONFIGURATION-826) INIConfiguration collection property support

2022-11-10 Thread ChenYuwang (Jira)



 [ 
https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ChenYuwang updated CONFIGURATION-826:
-
Issue Type: Bug  (was: Improvement)

> INIConfiguration collection property support
> 
>
> Key: CONFIGURATION-826
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-826
> Project: Commons Configuration
>  Issue Type: Bug
>  Components: Expression engine
>Affects Versions: 2.8.0
>Reporter: ChenYuwang
>Priority: Blocker
> Fix For: Nightly Builds, 2.9.0
>
> Attachments: image-2022-11-11-11-36-20-196.png
>
>
> [https://shiro.apache.org/configuration.html]
> !image-2022-11-11-11-36-20-196.png!
> The comma-separated string after the = needs to be the whole as the value.For 
> example "a=b,c,d", the current parsing becomes a=b



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CONFIGURATION-826) INIConfiguration collection property support

2022-11-10 Thread ChenYuwang (Jira)

ChenYuwang created CONFIGURATION-826:


 Summary: INIConfiguration collection property support
 Key: CONFIGURATION-826
 URL: https://issues.apache.org/jira/browse/CONFIGURATION-826
 Project: Commons Configuration
  Issue Type: Improvement
  Components: Expression engine
Affects Versions: 2.8.0
Reporter: ChenYuwang
 Fix For: Nightly Builds, 2.9.0
 Attachments: image-2022-11-11-11-36-20-196.png

[https://shiro.apache.org/configuration.html]

!image-2022-11-11-11-36-20-196.png!

The comma-separated string after the = needs to be the whole as the value.For 
example "a=b,c,d", the current parsing becomes a=b



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CONFIGURATION-645) INIConfiguration: comment lines are removed after saving changes

2022-11-10 Thread ChenYuwang (Jira)



[ 
https://issues.apache.org/jira/browse/CONFIGURATION-645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17632032#comment-17632032
 ] 

ChenYuwang commented on CONFIGURATION-645:
--

I have the same problem, hope someone solve it

> INIConfiguration: comment lines are removed after saving changes
> 
>
> Key: CONFIGURATION-645
> URL: https://issues.apache.org/jira/browse/CONFIGURATION-645
> Project: Commons Configuration
>  Issue Type: Bug
>Affects Versions: 2.1
>Reporter: javix
>Priority: Major
>
> I have a very large ini file with multiple sections. I added some comment 
> lines to my sections.
> Before closing my app some values will be changed. But afterwards the changed 
> file does not contains my comments.
> Here is a example:
> {noformat}
> [SECTION]
> ;comment for this section
> lastTimeStamp=(here some date)
> {noformat}
> After saving the file contains following content:
> {noformat}
> [SECTION]
> lastTimeStamp=(here some date)
> {noformat}
> I think it is a bug, because the comments are allowed and very useful content 
> of a ini file and should not be removed.
> (sorry for my not perfect english)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CONFIGURATION-825) INIConfiguration marks exceptions that will not be thrown

2022-11-10 Thread ChenYuwang (Jira)

ChenYuwang created CONFIGURATION-825:


 Summary:  INIConfiguration marks exceptions that will not be thrown
 Key: CONFIGURATION-825
 URL: https://issues.apache.org/jira/browse/CONFIGURATION-825
 Project: Commons Configuration
  Issue Type: Improvement
  Components: Expression engine
Affects Versions: 2.8.0
 Environment: java 8，win ，the file content is "/error/"
Reporter: ChenYuwang
 Fix For: 2.9.0


INIConfiguration.read() & INIConfiguration.write() marks 
ConfigurationException, but has no chance to throw. I understand that a 
ConfigurationException should be thrown if INIConfiguration read something that 
is not  ini‘s format, but currently it doesn't. INIConfiguration just ignores 
everything it doesn't recognize. For example, the file content is "/error/"



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (JXPATH-199) OSS-Fuzz Integration of JXPath

2022-10-12 Thread ChenYuwang (Jira)



[ 
https://issues.apache.org/jira/browse/JXPATH-199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17616742#comment-17616742
 ] 

ChenYuwang commented on JXPATH-199:
---

Looking forward to the community to fix this vulnerability as soon as possible

> OSS-Fuzz Integration of JXPath
> --
>
> Key: JXPATH-199
> URL: https://issues.apache.org/jira/browse/JXPATH-199
> Project: Commons JXPath
>  Issue Type: Improvement
>Reporter: Roman Wagner
>Priority: Major
>
> Hi all,
> I have prepared the initial integration 
> [https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/77378631c5593c7538193ecbff4f6edf8338ffe8]
>  of JXPath into [google oss-fuzz|https://github.com/google/oss-fuzz]. This 
> will enable continuous fuzzing of this project, which will be conducted by 
> Google. Bugs that will be found by fuzzing will be reported to you. After the 
> initial integration of this project into oss-fuzz, I will continue to add 
> additional fuzz tests to improve the code coverage over time.
> The integration requires a primary contact, someone to deal with the bug 
> reports submitted by oss-fuzz. The email address needs to belong to an 
> established project committer and be associated with a Google account as per 
> [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/].
>  When a bug is found, you will receive an email that will provide you with 
> access to ClusterFuzz, crash reports, and fuzzer statistics. More than 1 
> person can be included. Please let me know who I should include, if anyone.
> [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] is used for 
> fuzzing Java applications. Jazzer is a coverage-guided, in-process fuzzer for 
> the JVM platform developed by Code Intelligence. It is based on libFuzzer and 
> brings many of its instrumentation-powered mutation features to the JVM. 
> Jazzer has already found several bugs in JVM applications: [Jazzer 
> Findings|https://github.com/CodeIntelligenceTesting/jazzer#findings]
> Please let me know if you have any questions regarding fuzzing or the 
> oss-fuzz integration.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (JXPATH-200) CVE-2022-41852 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

2022-10-12 Thread ChenYuwang (Jira)



[ 
https://issues.apache.org/jira/browse/JXPATH-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17616741#comment-17616741
 ] 

ChenYuwang commented on JXPATH-200:
---

Looking forward to the community to fix this vulnerability as soon as possible

> CVE-2022-41852 Use of Externally-Controlled Input to Select Classes or Code 
> ('Unsafe Reflection')
> -
>
> Key: JXPATH-200
> URL: https://issues.apache.org/jira/browse/JXPATH-200
> Project: Commons JXPath
>  Issue Type: Bug
>Affects Versions: 1.3
>Reporter: Nicolò Mendola
>Priority: Blocker
> Fix For: 1.4
>
>
> There is a CVE detected in jxpath 1.3. and prior. Could you take a look?
> Use of Externally-Controlled Input to Select Classes or Code ('Unsafe 
> Reflection')
> [https://avd.aquasec.com/nvd/2022/cve-2022-41852/]
> Best Regards



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CONFIGURATION-826) INIConfiguration collection property support

[jira] [Created] (CONFIGURATION-826) INIConfiguration collection property support

[jira] [Commented] (CONFIGURATION-645) INIConfiguration: comment lines are removed after saving changes

[jira] [Created] (CONFIGURATION-825) INIConfiguration marks exceptions that will not be thrown

[jira] [Commented] (JXPATH-199) OSS-Fuzz Integration of JXPath

[jira] [Commented] (JXPATH-200) CVE-2022-41852 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

6 matches

Site Navigation

Mail list logo

Footer information