date:20190923

[jira] [Commented] (FELIX-6185) jQuery <3.4.0 is vulnerable to prototype pollution attacks

2019-09-23 Thread Dale Clarke (Jira)



[ 
https://issues.apache.org/jira/browse/FELIX-6185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16936241#comment-16936241
 ] 

Dale Clarke commented on FELIX-6185:


PR submitted https://github.com/apache/felix/pull/204

> jQuery <3.4.0 is vulnerable to prototype pollution attacks
> --
>
> Key: FELIX-6185
> URL: https://issues.apache.org/jira/browse/FELIX-6185
> Project: Felix
>  Issue Type: Bug
>  Components: Web Console
>Affects Versions: webconsole-4.3.16
>Reporter: Dale Clarke
>Priority: Minor
>  Labels: security
>
> jQuery prior to version 3.4.0 was vulnerable to prototype pollution 
> (https://snyk.io/test/npm/jquery/3.3.1).  The webconsole currently uses 
> jQuery 3.3.1.  jQuery >= 3.4.0 addresses this issues 
> ([https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/).]  I'd propose 
> upgrading to jQuery 3.4.1 and jQuery migrate from 3.0.0 to 3.1.0 to address 
> this issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (FELIX-6185) jQuery <3.4.0 is vulnerable to prototype pollution attacks

2019-09-23 Thread Dale Clarke (Jira)

Dale Clarke created FELIX-6185:
--

 Summary: jQuery <3.4.0 is vulnerable to prototype pollution attacks
 Key: FELIX-6185
 URL: https://issues.apache.org/jira/browse/FELIX-6185
 Project: Felix
  Issue Type: Bug
  Components: Web Console
Affects Versions: webconsole-4.3.16
Reporter: Dale Clarke


jQuery prior to version 3.4.0 was vulnerable to prototype pollution 
(https://snyk.io/test/npm/jquery/3.3.1).  The webconsole currently uses jQuery 
3.3.1.  jQuery >= 3.4.0 addresses this issues 
([https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/).]  I'd propose 
upgrading to jQuery 3.4.1 and jQuery migrate from 3.0.0 to 3.1.0 to address 
this issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

adaptTo() 2019 - Videos and Gallery online

2019-09-23 Thread Stefan Seifert

The video recordings for all talks are now online: 
https://adapt.to/2019/schedule

Visit our YouTube channel: https://www.youtube.com/c/adaptTo

For further impressions check out our image gallery: 
https://adapt.to/2019/gallery

See you next year!

Stefan

[jira] [Commented] (FELIX-6184) NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3

2019-09-23 Thread Karl Pauls (Jira)



[ 
https://issues.apache.org/jira/browse/FELIX-6184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935804#comment-16935804
 ] 

Karl Pauls commented on FELIX-6184:
---

Hi [~kwin], this shouldn't happen assuming you didn't set 
felix.bootdelegation.implicit=false. Can you make sure you didn't have it set 
or if it is set, it was set to true (or you added jdk.internal.* to 
bootdelegation)?

> NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with 
> Oracle JDK 11.0.3
> -
>
> Key: FELIX-6184
> URL: https://issues.apache.org/jira/browse/FELIX-6184
> Project: Felix
>  Issue Type: Bug
>  Components: Framework, SCR Tooling
>Affects Versions: scr-2.1.16
>Reporter: Konrad Windszus
>Priority: Major
>
> I recently ran into the following exception when trying to restart a bundle 
> in Felix
> {code}
> 23.09.2019 13:18:04.359 *ERROR* [Background Update 
> org.apache.sling.scripting.sightly (558)] org.apache.sling.scripting.sightly 
> bundle org.apache.sling.scripting.sightly:1.1.2.1_4_0 
> (558)[org.apache.sling.scripting.sightly.impl.engine.ExtensionRegistryService(4087)]
>  :  Error during instantiation of the implementation object 
> (java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl)
> java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl
>   at java.base/jdk.internal.misc.Unsafe.defineClass0(Native Method)
>   at java.base/jdk.internal.misc.Unsafe.defineClass(Unsafe.java:1192)
>   at 
> java.base/jdk.internal.reflect.ClassDefiner.defineClass(ClassDefiner.java:63)
>   at 
> java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:400)
>   at 
> java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:394)
>   at java.base/java.security.AccessController.doPrivileged(Native Method)
>   at 
> java.base/jdk.internal.reflect.MethodAccessorGenerator.generate(MethodAccessorGenerator.java:393)
>   at 
> java.base/jdk.internal.reflect.MethodAccessorGenerator.generateConstructor(MethodAccessorGenerator.java:92)
>   at 
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:55)
>   at 
> java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>   at 
> java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
>   at 
> org.apache.felix.scr.impl.inject.ComponentConstructor.newInstance(ComponentConstructor.java:309)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:277)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:114)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:982)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:955)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:900)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:348)
>   at 
> org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:248)
>   at 
> org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350)
>   at org.apache.felix.framework.Felix.getService(Felix.java:3954)
>   at 
> org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.java:450)
>   at 
> org.apache.felix.scr.impl.manager.SingleRefPair.getServiceObject(SingleRefPair.java:86)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.inject.BindParameters.getServiceObject(BindParameters.java:47)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.inject.field.FieldHandler$ReferenceMethodImpl.getServiceObject(FieldHandler.java:519)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.DependencyManager.getServiceObject(DependencyManager.java:2308)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.prebind(DependencyManager.java:1154)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.felix.scr.impl.manager.DependencyManager.prebind(DependencyManager.java:1568)
>  [org.apache.felix.scr:2.1.16]
>   at 
> org.apache.f

[jira] [Created] (FELIX-6184) NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3

2019-09-23 Thread Konrad Windszus (Jira)

Konrad Windszus created FELIX-6184:
--

 Summary: NoClassDefFoundError: 
jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3
 Key: FELIX-6184
 URL: https://issues.apache.org/jira/browse/FELIX-6184
 Project: Felix
  Issue Type: Bug
  Components: Framework, SCR Tooling
Affects Versions: scr-2.1.16
Reporter: Konrad Windszus


I recently ran into the following exception when trying to restart a bundle in 
Felix

{code}
23.09.2019 13:18:04.359 *ERROR* [Background Update 
org.apache.sling.scripting.sightly (558)] org.apache.sling.scripting.sightly 
bundle org.apache.sling.scripting.sightly:1.1.2.1_4_0 
(558)[org.apache.sling.scripting.sightly.impl.engine.ExtensionRegistryService(4087)]
 :  Error during instantiation of the implementation object 
(java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl)
java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl
at java.base/jdk.internal.misc.Unsafe.defineClass0(Native Method)
at java.base/jdk.internal.misc.Unsafe.defineClass(Unsafe.java:1192)
at 
java.base/jdk.internal.reflect.ClassDefiner.defineClass(ClassDefiner.java:63)
at 
java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:400)
at 
java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:394)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at 
java.base/jdk.internal.reflect.MethodAccessorGenerator.generate(MethodAccessorGenerator.java:393)
at 
java.base/jdk.internal.reflect.MethodAccessorGenerator.generateConstructor(MethodAccessorGenerator.java:92)
at 
java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:55)
at 
java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at 
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at 
org.apache.felix.scr.impl.inject.ComponentConstructor.newInstance(ComponentConstructor.java:309)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:277)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:114)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:982)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:955)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:900)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:348)
at 
org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:248)
at 
org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350)
at org.apache.felix.framework.Felix.getService(Felix.java:3954)
at 
org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.java:450)
at 
org.apache.felix.scr.impl.manager.SingleRefPair.getServiceObject(SingleRefPair.java:86)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.inject.BindParameters.getServiceObject(BindParameters.java:47)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.inject.field.FieldHandler$ReferenceMethodImpl.getServiceObject(FieldHandler.java:519)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.DependencyManager.getServiceObject(DependencyManager.java:2308)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.prebind(DependencyManager.java:1154)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.DependencyManager.prebind(DependencyManager.java:1568)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.AbstractComponentManager.collectDependencies(AbstractComponentManager.java:1029)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:935)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:900)
 [org.apache.felix.scr:2.1.16]
at 
org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:348)
at 
org.apache.felix.framework.ServiceRegistrati

[jira] [Commented] (FELIX-6185) jQuery <3.4.0 is vulnerable to prototype pollution attacks

[jira] [Created] (FELIX-6185) jQuery <3.4.0 is vulnerable to prototype pollution attacks

adaptTo() 2019 - Videos and Gallery online

[jira] [Commented] (FELIX-6184) NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3

[jira] [Created] (FELIX-6184) NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3

5 matches

Site Navigation

Mail list logo

Footer information