[jira] [Commented] (FELIX-6185) jQuery <3.4.0 is vulnerable to prototype pollution attacks
[ https://issues.apache.org/jira/browse/FELIX-6185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16936241#comment-16936241 ] Dale Clarke commented on FELIX-6185: PR submitted https://github.com/apache/felix/pull/204 > jQuery <3.4.0 is vulnerable to prototype pollution attacks > -- > > Key: FELIX-6185 > URL: https://issues.apache.org/jira/browse/FELIX-6185 > Project: Felix > Issue Type: Bug > Components: Web Console >Affects Versions: webconsole-4.3.16 >Reporter: Dale Clarke >Priority: Minor > Labels: security > > jQuery prior to version 3.4.0 was vulnerable to prototype pollution > (https://snyk.io/test/npm/jquery/3.3.1). The webconsole currently uses > jQuery 3.3.1. jQuery >= 3.4.0 addresses this issues > ([https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/).] I'd propose > upgrading to jQuery 3.4.1 and jQuery migrate from 3.0.0 to 3.1.0 to address > this issue. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FELIX-6185) jQuery <3.4.0 is vulnerable to prototype pollution attacks
Dale Clarke created FELIX-6185: -- Summary: jQuery <3.4.0 is vulnerable to prototype pollution attacks Key: FELIX-6185 URL: https://issues.apache.org/jira/browse/FELIX-6185 Project: Felix Issue Type: Bug Components: Web Console Affects Versions: webconsole-4.3.16 Reporter: Dale Clarke jQuery prior to version 3.4.0 was vulnerable to prototype pollution (https://snyk.io/test/npm/jquery/3.3.1). The webconsole currently uses jQuery 3.3.1. jQuery >= 3.4.0 addresses this issues ([https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/).] I'd propose upgrading to jQuery 3.4.1 and jQuery migrate from 3.0.0 to 3.1.0 to address this issue. -- This message was sent by Atlassian Jira (v8.3.4#803005)
adaptTo() 2019 - Videos and Gallery online
The video recordings for all talks are now online: https://adapt.to/2019/schedule Visit our YouTube channel: https://www.youtube.com/c/adaptTo For further impressions check out our image gallery: https://adapt.to/2019/gallery See you next year! Stefan
[jira] [Commented] (FELIX-6184) NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3
[ https://issues.apache.org/jira/browse/FELIX-6184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935804#comment-16935804 ] Karl Pauls commented on FELIX-6184: --- Hi [~kwin], this shouldn't happen assuming you didn't set felix.bootdelegation.implicit=false. Can you make sure you didn't have it set or if it is set, it was set to true (or you added jdk.internal.* to bootdelegation)? > NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with > Oracle JDK 11.0.3 > - > > Key: FELIX-6184 > URL: https://issues.apache.org/jira/browse/FELIX-6184 > Project: Felix > Issue Type: Bug > Components: Framework, SCR Tooling >Affects Versions: scr-2.1.16 >Reporter: Konrad Windszus >Priority: Major > > I recently ran into the following exception when trying to restart a bundle > in Felix > {code} > 23.09.2019 13:18:04.359 *ERROR* [Background Update > org.apache.sling.scripting.sightly (558)] org.apache.sling.scripting.sightly > bundle org.apache.sling.scripting.sightly:1.1.2.1_4_0 > (558)[org.apache.sling.scripting.sightly.impl.engine.ExtensionRegistryService(4087)] > : Error during instantiation of the implementation object > (java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl) > java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl > at java.base/jdk.internal.misc.Unsafe.defineClass0(Native Method) > at java.base/jdk.internal.misc.Unsafe.defineClass(Unsafe.java:1192) > at > java.base/jdk.internal.reflect.ClassDefiner.defineClass(ClassDefiner.java:63) > at > java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:400) > at > java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:394) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at > java.base/jdk.internal.reflect.MethodAccessorGenerator.generate(MethodAccessorGenerator.java:393) > at > java.base/jdk.internal.reflect.MethodAccessorGenerator.generateConstructor(MethodAccessorGenerator.java:92) > at > java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:55) > at > java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at > java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) > at > org.apache.felix.scr.impl.inject.ComponentConstructor.newInstance(ComponentConstructor.java:309) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:277) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:114) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:982) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:955) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:900) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:348) > at > org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:248) > at > org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350) > at org.apache.felix.framework.Felix.getService(Felix.java:3954) > at > org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.java:450) > at > org.apache.felix.scr.impl.manager.SingleRefPair.getServiceObject(SingleRefPair.java:86) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.inject.BindParameters.getServiceObject(BindParameters.java:47) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.inject.field.FieldHandler$ReferenceMethodImpl.getServiceObject(FieldHandler.java:519) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.DependencyManager.getServiceObject(DependencyManager.java:2308) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.prebind(DependencyManager.java:1154) > [org.apache.felix.scr:2.1.16] > at > org.apache.felix.scr.impl.manager.DependencyManager.prebind(DependencyManager.java:1568) > [org.apache.felix.scr:2.1.16] > at > org.apache.f
[jira] [Created] (FELIX-6184) NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3
Konrad Windszus created FELIX-6184: -- Summary: NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl with Oracle JDK 11.0.3 Key: FELIX-6184 URL: https://issues.apache.org/jira/browse/FELIX-6184 Project: Felix Issue Type: Bug Components: Framework, SCR Tooling Affects Versions: scr-2.1.16 Reporter: Konrad Windszus I recently ran into the following exception when trying to restart a bundle in Felix {code} 23.09.2019 13:18:04.359 *ERROR* [Background Update org.apache.sling.scripting.sightly (558)] org.apache.sling.scripting.sightly bundle org.apache.sling.scripting.sightly:1.1.2.1_4_0 (558)[org.apache.sling.scripting.sightly.impl.engine.ExtensionRegistryService(4087)] : Error during instantiation of the implementation object (java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl) java.lang.NoClassDefFoundError: jdk/internal/reflect/ConstructorAccessorImpl at java.base/jdk.internal.misc.Unsafe.defineClass0(Native Method) at java.base/jdk.internal.misc.Unsafe.defineClass(Unsafe.java:1192) at java.base/jdk.internal.reflect.ClassDefiner.defineClass(ClassDefiner.java:63) at java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:400) at java.base/jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:394) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/jdk.internal.reflect.MethodAccessorGenerator.generate(MethodAccessorGenerator.java:393) at java.base/jdk.internal.reflect.MethodAccessorGenerator.generateConstructor(MethodAccessorGenerator.java:92) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:55) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) at org.apache.felix.scr.impl.inject.ComponentConstructor.newInstance(ComponentConstructor.java:309) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:277) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:114) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:982) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:955) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:900) [org.apache.felix.scr:2.1.16] at org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:348) at org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:248) at org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350) at org.apache.felix.framework.Felix.getService(Felix.java:3954) at org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.java:450) at org.apache.felix.scr.impl.manager.SingleRefPair.getServiceObject(SingleRefPair.java:86) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.inject.BindParameters.getServiceObject(BindParameters.java:47) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.inject.field.FieldHandler$ReferenceMethodImpl.getServiceObject(FieldHandler.java:519) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.DependencyManager.getServiceObject(DependencyManager.java:2308) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.prebind(DependencyManager.java:1154) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.DependencyManager.prebind(DependencyManager.java:1568) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.AbstractComponentManager.collectDependencies(AbstractComponentManager.java:1029) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:935) [org.apache.felix.scr:2.1.16] at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:900) [org.apache.felix.scr:2.1.16] at org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:348) at org.apache.felix.framework.ServiceRegistrati