[jira] [Assigned] (OFBIZ-5853) The createPartyRole service does not check a duplicate key.
[ https://issues.apache.org/jira/browse/OFBIZ-5853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin reassigned OFBIZ-5853: Assignee: Nicolas Malin The createPartyRole service does not check a duplicate key. --- Key: OFBIZ-5853 URL: https://issues.apache.org/jira/browse/OFBIZ-5853 Project: OFBiz Issue Type: Bug Components: party Affects Versions: Trunk Reporter: Supatthra Nawicha Assignee: Nicolas Malin Priority: Minor Fix For: Trunk Attachments: ofbizbug_CreatePartyroleService.diff The createPartyRole service is changed from minilang to entity-auto which does not check a duplicate key. It effect to the createPartyRelationshipContactAccount service which call the createPartyRole service without check a duplicate key. And it might effect to other code that call the createPartyRole service as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5853) The createPartyRole service does not check a duplicate key.
[ https://issues.apache.org/jira/browse/OFBIZ-5853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin updated OFBIZ-5853: - Attachment: OFBIZ-5853.patch Hello Supatthra, Thanks for your issue, can you try my patch correction, I prefer correct the caller instead of the service call. The createPartyRole service does not check a duplicate key. --- Key: OFBIZ-5853 URL: https://issues.apache.org/jira/browse/OFBIZ-5853 Project: OFBiz Issue Type: Bug Components: party Affects Versions: Trunk Reporter: Supatthra Nawicha Assignee: Nicolas Malin Priority: Minor Fix For: Trunk Attachments: OFBIZ-5853.patch, ofbizbug_CreatePartyroleService.diff The createPartyRole service is changed from minilang to entity-auto which does not check a duplicate key. It effect to the createPartyRelationshipContactAccount service which call the createPartyRole service without check a duplicate key. And it might effect to other code that call the createPartyRole service as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5800) Manage multi pk with sub-sequence on entity-auto
[ https://issues.apache.org/jira/browse/OFBIZ-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin updated OFBIZ-5800: - Attachment: OFBIZ-5800.patch New patch version with * test adaptation * centralize OUT service parameters after entity creation * update created/updated field after set all non pk field to ensure that the field manage only by ofbiz. Manage multi pk with sub-sequence on entity-auto Key: OFBIZ-5800 URL: https://issues.apache.org/jira/browse/OFBIZ-5800 Project: OFBiz Issue Type: Improvement Components: framework Affects Versions: Trunk Reporter: Nicolas Malin Priority: Minor Labels: entity-auto Attachments: OFBIZ-5800.patch, OFBIZ-5800.patch Add the possibility to the entity-auto engine on the create action to manage entities with more than 2 primary keys which one is under sub sequence or fromDate, like PerfReview (employeePartyId, employeeRoleTypeId, *perfReviewId*) or PartyQual (partyId, partyQualTypeId, *fromDate*). Improve return message for the create action if the entity value exist and the delete action if the entity value not exist instead of the database message error. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-5800) Manage multi pk with sub-sequence on entity-auto
[ https://issues.apache.org/jira/browse/OFBIZ-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14197843#comment-14197843 ] Nicolas Malin edited comment on OFBIZ-5800 at 11/5/14 8:27 AM: --- New patch version with * test adaptation * centralize OUT service parameters after entity creation * update created/updated[Date/UserLogin] fields after set all non pk field to ensure that fields manage only by ofbiz. was (Author: soledad): New patch version with * test adaptation * centralize OUT service parameters after entity creation * update created/updated field after set all non pk field to ensure that the field manage only by ofbiz. Manage multi pk with sub-sequence on entity-auto Key: OFBIZ-5800 URL: https://issues.apache.org/jira/browse/OFBIZ-5800 Project: OFBiz Issue Type: Improvement Components: framework Affects Versions: Trunk Reporter: Nicolas Malin Priority: Minor Labels: entity-auto Attachments: OFBIZ-5800.patch, OFBIZ-5800.patch Add the possibility to the entity-auto engine on the create action to manage entities with more than 2 primary keys which one is under sub sequence or fromDate, like PerfReview (employeePartyId, employeeRoleTypeId, *perfReviewId*) or PartyQual (partyId, partyQualTypeId, *fromDate*). Improve return message for the create action if the entity value exist and the delete action if the entity value not exist instead of the database message error. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-5853) The createPartyRole service does not check a duplicate key.
[ https://issues.apache.org/jira/browse/OFBIZ-5853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14197879#comment-14197879 ] Supatthra Nawicha commented on OFBIZ-5853: -- We use this service call external from OFBiz and do not want to change it. In general it is not a good practice to change a service in compatible with previous version. Please revert your change. The createPartyRole service does not check a duplicate key. --- Key: OFBIZ-5853 URL: https://issues.apache.org/jira/browse/OFBIZ-5853 Project: OFBiz Issue Type: Bug Components: party Affects Versions: Trunk Reporter: Supatthra Nawicha Assignee: Nicolas Malin Priority: Minor Fix For: Trunk Attachments: OFBIZ-5853.patch, ofbizbug_CreatePartyroleService.diff The createPartyRole service is changed from minilang to entity-auto which does not check a duplicate key. It effect to the createPartyRelationshipContactAccount service which call the createPartyRole service without check a duplicate key. And it might effect to other code that call the createPartyRole service as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5844) Convert java files to EntityQuery
[ https://issues.apache.org/jira/browse/OFBIZ-5844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arun Patidar updated OFBIZ-5844: Attachment: OFBIZ-5844-Party.patch Converted java files of 'party' component to EntityQuery. Attached is the patch for the same. Convert java files to EntityQuery - Key: OFBIZ-5844 URL: https://issues.apache.org/jira/browse/OFBIZ-5844 Project: OFBiz Issue Type: Improvement Components: ALL COMPONENTS Affects Versions: Trunk Reporter: Arun Patidar Priority: Minor Attachments: OFBIZ-5844-Party.patch Recently [~lektran] has been converted java files to use Entity Query methods in place of Entity Engine methods. Components that has been converted are as below: - content - humanres - manufacturing - ordermgr (partially converted) - Replaced findOne() method in all components And commit revisions are: r1635380, r1635381, r1635382 and r1635383 Remaining components to be convert are: - product - party - commonext - securityext - workeffort - ordermgr (remaining part) - specialpurpose -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-5844) Convert java files to EntityQuery
[ https://issues.apache.org/jira/browse/OFBIZ-5844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14197996#comment-14197996 ] Scott Gray commented on OFBIZ-5844: --- Hi Arun, So far I've been taking the approach of inlining everything into the query that can be e.g. any variables that are used only in the query preparation such as select field lists, where conditions and order by lists; as well as any post-processing that could be done within the query itself such as EntityUtil.getFirst() or EntityUtil.filterByDate(). Here's a few examples from the first few hunks of your patch (CommunicationEventServices.java): Line 307: SetString fieldsToSelect = UtilMisc.toSet(partyId, preferredContactMechId, fromDate, infoString); can be replaced inline by using EntityQuery.select(...): EntityQuery.use(delegator).select(partyId, preferredContactMechId, fromDate, infoString).from(...) Line 313: ListString orderBy = UtilMisc.toList(-fromDate); can be replaced by using EntityQuery.orderBy(-fromDate) Line 382: GenericValue contactListPartyStatus = EntityUtil.getFirst(contactListPartyStatuses); can be replaced by using EntityQuery.queryFirst() These are just a few examples of things to keep an eye out for. In general I like to get as much of the processing into the query chain as possible so that you can quickly and easily see exactly what data is being returned and worked with. Convert java files to EntityQuery - Key: OFBIZ-5844 URL: https://issues.apache.org/jira/browse/OFBIZ-5844 Project: OFBiz Issue Type: Improvement Components: ALL COMPONENTS Affects Versions: Trunk Reporter: Arun Patidar Priority: Minor Attachments: OFBIZ-5844-Party.patch Recently [~lektran] has been converted java files to use Entity Query methods in place of Entity Engine methods. Components that has been converted are as below: - content - humanres - manufacturing - ordermgr (partially converted) - Replaced findOne() method in all components And commit revisions are: r1635380, r1635381, r1635382 and r1635383 Remaining components to be convert are: - product - party - commonext - securityext - workeffort - ordermgr (remaining part) - specialpurpose -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-5844) Convert java files to EntityQuery
[ https://issues.apache.org/jira/browse/OFBIZ-5844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14198131#comment-14198131 ] Arun Patidar commented on OFBIZ-5844: - Thanks Scott for reviewing and feedback. I will update patch accordingly. Convert java files to EntityQuery - Key: OFBIZ-5844 URL: https://issues.apache.org/jira/browse/OFBIZ-5844 Project: OFBiz Issue Type: Improvement Components: ALL COMPONENTS Affects Versions: Trunk Reporter: Arun Patidar Priority: Minor Attachments: OFBIZ-5844-Party.patch Recently [~lektran] has been converted java files to use Entity Query methods in place of Entity Engine methods. Components that has been converted are as below: - content - humanres - manufacturing - ordermgr (partially converted) - Replaced findOne() method in all components And commit revisions are: r1635380, r1635381, r1635382 and r1635383 Remaining components to be convert are: - product - party - commonext - securityext - workeffort - ordermgr (remaining part) - specialpurpose -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5853) The createPartyRole service does not check a duplicate key.
[ https://issues.apache.org/jira/browse/OFBIZ-5853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Supatthra Nawicha updated OFBIZ-5853: - Attachment: (was: ofbizbug_CreatePartyroleService.diff) The createPartyRole service does not check a duplicate key. --- Key: OFBIZ-5853 URL: https://issues.apache.org/jira/browse/OFBIZ-5853 Project: OFBiz Issue Type: Bug Components: party Affects Versions: Trunk Reporter: Supatthra Nawicha Assignee: Nicolas Malin Priority: Minor Fix For: Trunk Attachments: OFBIZ-5853.patch, ofbizbug_CreatePartyroleService.diff The createPartyRole service is changed from minilang to entity-auto which does not check a duplicate key. It effect to the createPartyRelationshipContactAccount service which call the createPartyRole service without check a duplicate key. And it might effect to other code that call the createPartyRole service as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5853) The createPartyRole service does not check a duplicate key.
[ https://issues.apache.org/jira/browse/OFBIZ-5853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Supatthra Nawicha updated OFBIZ-5853: - Attachment: ofbizbug_CreatePartyroleService.diff The createPartyRole service does not check a duplicate key. --- Key: OFBIZ-5853 URL: https://issues.apache.org/jira/browse/OFBIZ-5853 Project: OFBiz Issue Type: Bug Components: party Affects Versions: Trunk Reporter: Supatthra Nawicha Assignee: Nicolas Malin Priority: Minor Fix For: Trunk Attachments: OFBIZ-5853.patch, ofbizbug_CreatePartyroleService.diff The createPartyRole service is changed from minilang to entity-auto which does not check a duplicate key. It effect to the createPartyRelationshipContactAccount service which call the createPartyRole service without check a duplicate key. And it might effect to other code that call the createPartyRole service as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
entitytests.testConverters failed on 1636820
Hello during my test on entity-auto, the non regression entitytests faild on testConverters. I believed at first to an error from my local improvement but after a svn revert and run an other ant clean-all load-demo run-tests, I have one error : org.ofbiz.entity.GenericEntityException: Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.)) (Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.))) |org.ofbiz.entity.GenericEntityException: org.ofbiz.entity.GenericEntityException: Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.)) (Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.))) at org.ofbiz.entity.GenericDelegator.create(GenericDelegator.java:923) at org.ofbiz.entity.GenericDelegator.create(GenericDelegator.java:745) at org.ofbiz.entity.GenericDelegator.create(GenericDelegator.java:731) at org.ofbiz.entity.test.EntityTestSuite.testConverters(EntityTestSuite.java:1218) |I'm only one ? Nicolas -- Nicolas Malin - Consultant - 06 17 66 40 06 - nereide.fr http://nereide.fr
[jira] [Commented] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14198344#comment-14198344 ] Jacques Le Roux commented on OFBIZ-5848: Hi The Poodle fixer, It was not only a Tomcat 7 issue. We had the same un trunk HEAD. Following your indications in above links I found the solution for the trunk and fixed vulnerabilty in trunk HEAD using TLSv1.2 as explained at the bottom of this comment https://blogs.atlassian.com/2014/10/ssl-poodle/#comment-190966 The same apply to supported releases branches since they all use Tomcat 7. Committed in trunk r1636864 R13.07 1636866 R12.04 1636867 We will certainly have to evolve this in the future because this correction forces the protocol to TLSv1.2 Thanks Poodle fixer :) Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Hrc Boston Priority: Critical Labels: patch, security Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz 09-04, which uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz version 09-04? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-5848. -- Resolution: Fixed Fix Version/s: 13.07.02 12.04.06 Upcoming Branch Assignee: Jacques Le Roux Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Hrc Boston Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz 09-04, which uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz version 09-04? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14198355#comment-14198355 ] Jacques Le Roux commented on OFBIZ-5848: I have also committed a fix for Tomcat 6 which might be used in appserver trunk r1636869 R12.04 1636870 Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Hrc Boston Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz 09-04, which uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz version 09-04? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
Re: entitytests.testConverters failed on 1636820
On Nov 5, 2014, at 1:47 PM, Nicolas Malin nicolas.ma...@nereide.fr wrote: |I'm only one ? I actually got it too a few days ago but it was intermittent. Since then it didn't happen again. I will have to further investigate. Jacopo
Re: entitytests.testConverters failed on 1636820
Le 05/11/2014 14:46, Jacopo Cappellato a écrit : Since then it didn't happen again. I will have to further investigate. No problem, I continue tomorrow my test and I will check it in the same time Nicolas
Re: entitytests.testConverters failed on 1636820
Hi Nicolas, Yes it's a new random error in testConverters indeed I 1st sent this message http://markmail.org/message/yevxxy5k2bleqics Could help to trace the initial reason... Thanks Jacques Le 05/11/2014 14:58, Nicolas Malin a écrit : Le 05/11/2014 14:46, Jacopo Cappellato a écrit : Since then it didn't happen again. I will have to further investigate. No problem, I continue tomorrow my test and I will check it in the same time Nicolas
Re: entitytests.testConverters failed on 1636820
I committed a fix in rev 1636896. Please let me know if it solves the problem. Adrian Crum Sandglass Software www.sandglass-software.com On 11/5/2014 12:47 PM, Nicolas Malin wrote: Hello during my test on entity-auto, the non regression entitytests faild on testConverters. I believed at first to an error from my local improvement but after a svn revert and run an other ant clean-all load-demo run-tests, I have one error : org.ofbiz.entity.GenericEntityException: Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.)) (Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.))) |org.ofbiz.entity.GenericEntityException: org.ofbiz.entity.GenericEntityException: Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.)) (Error while inserting: [GenericEntity:Testing][createdStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][createdTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][description,Testing JSON Converters(java.lang.String)][lastUpdatedStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][lastUpdatedTxStamp,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingDate,2014-11-05 09:33:30.509(java.sql.Timestamp)][testingId,JSON_TEST(java.lang.String)][testingSize,123(java.lang.Long)][testingTypeId,TEST-UPDATE-1(java.lang.String)] (SQL Exception while executing the following:INSERT INTO OFBIZ.TESTING (TESTING_ID, TESTING_TYPE_ID, TESTING_NAME, DESCRIPTION, COMMENTS, TESTING_SIZE, TESTING_DATE, LAST_UPDATED_STAMP, LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (INSERT on table 'TESTING' caused a violation of foreign key constraint 'ENTITY_ENTY_TYP' for key (TEST-UPDATE-1). The statement has been rolled back.))) at org.ofbiz.entity.GenericDelegator.create(GenericDelegator.java:923) at org.ofbiz.entity.GenericDelegator.create(GenericDelegator.java:745) at org.ofbiz.entity.GenericDelegator.create(GenericDelegator.java:731) at org.ofbiz.entity.test.EntityTestSuite.testConverters(EntityTestSuite.java:1218) |I'm only one ? Nicolas
Re: entitytests.testConverters failed on 1636820
BUILD SUCCESSFUL Total time: 5 minutes 45 seconds Thanks Adrian ! Nicolas Le 05/11/2014 16:35, Adrian Crum a écrit : I committed a fix in rev 1636896. Please let me know if it solves the problem. Adrian Crum Sandglass Software www.sandglass-software.com
[jira] [Commented] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14198596#comment-14198596 ] Jacques Le Roux commented on OFBIZ-5848: For those that are interested by this vulnerability here are 2 references for browser and server sides: https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers https://wiki.mozilla.org/Security/Server_Side_TLS In trunk and releases branches I forced the protocol to TLS 1.2. This is a moot point (we could use TLS 1.0). Good to know: most web browsers support TLS 1.0 (not enabled by default in Internet Explorer 6). Browsers that by default support the latest TLS 1.2 version are: * Google Chrome 30+ * Mozilla Firefox 27+ * Microsoft Internet Explorer 11+ * Opera 17+ * Apple Safari 7+ But time will quickly pass, with modern browsers updated online. So since I was forced to force a protocol version I picked the last one. Also because my tests with nmap were clear/sure with TLS 1.1/2 but not TLS 1.0. Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Hrc Boston Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz 09-04, which uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz version 09-04? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14198596#comment-14198596 ] Jacques Le Roux edited comment on OFBIZ-5848 at 11/5/14 5:51 PM: - For those who are interested by this vulnerability, here are 2 references for browser and server sides: https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers https://wiki.mozilla.org/Security/Server_Side_TLS In trunk and releases branches I forced the protocol to TLS 1.2. This is a moot point (we could use TLS 1.0). Good to know: most web browsers support TLS 1.0 (not enabled by default in Internet Explorer 6). Browsers that by default support the latest TLS 1.2 version are: * Google Chrome 30+ * Mozilla Firefox 27+ * Microsoft Internet Explorer 11+ * Opera 17+ * Apple Safari 7+ But time will quickly pass, with modern browsers updated online. So since I was forced to force a protocol version I picked the last one. Also because my tests with nmap were clear/sure with TLS 1.1/2 but not TLS 1.0. was (Author: jacques.le.roux): For those that are interested by this vulnerability here are 2 references for browser and server sides: https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers https://wiki.mozilla.org/Security/Server_Side_TLS In trunk and releases branches I forced the protocol to TLS 1.2. This is a moot point (we could use TLS 1.0). Good to know: most web browsers support TLS 1.0 (not enabled by default in Internet Explorer 6). Browsers that by default support the latest TLS 1.2 version are: * Google Chrome 30+ * Mozilla Firefox 27+ * Microsoft Internet Explorer 11+ * Opera 17+ * Apple Safari 7+ But time will quickly pass, with modern browsers updated online. So since I was forced to force a protocol version I picked the last one. Also because my tests with nmap were clear/sure with TLS 1.1/2 but not TLS 1.0. Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Hrc Boston Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz 09-04, which uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz version 09-04? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Poodle Fixer updated OFBIZ-5848: Description: Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) was: Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz 09-04, which uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz version 09-04? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14196357#comment-14196357 ] Poodle Fixer edited comment on OFBIZ-5848 at 11/5/14 7:27 PM: -- Hi there--you can follow this thread here. http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-td4657772.html#a4657792 I wonder if this ticket is worth addressing for newer versions well? ofbiz is an ecommerce platform so this is going to be an important issue for anyone using external companies to pass sensetive data to... over https... anyway, food for thought. was (Author: hrcboston): Hi there--you can follow this thread here. http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-td4657772.html#a4657792 I wonder if this ticket is worth addressing for newer versions well? ofbiz is an ecommerce platform so this is going to be an important issue for anyone using external companies to pass sensetive data to... over https... anyway, food for thought. RD Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14196357#comment-14196357 ] Poodle Fixer edited comment on OFBIZ-5848 at 11/5/14 7:27 PM: -- Hi there--you can follow this thread here. http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-td4657772.html#a4657792 I wonder if this ticket is worth addressing for newer versions well? ofbiz is an ecommerce platform so this is going to be an important issue for anyone using external companies to pass sensetive data to... over https... anyway, food for thought. RD was (Author: hrcboston): Hi there--you can follow this thread here which I have been updating. Right now, we are thinking of using our network to somehow not use sslv3 as we are hitting a block with ofbiz itself. http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-td4657772.html#a4657792 I wonder if this ticket is worth addressing for newer versions well? ofbiz an ecommerce platform so this is going to be an important issue for anyone using external companies to pass sensetive data to... over https... anyway, food for thought. RD Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14196605#comment-14196605 ] Poodle Fixer edited comment on OFBIZ-5848 at 11/5/14 8:01 PM: -- we had success with this when developing locally: property name=sslProtocol value=TLSv1/ property name=protocols value=TLSv1/ the reason is that it is undoucmented to use protocols instead of sslEnabledProtocols see https://blogs.atlassian.com/2014/10/ssl-poodle/ http://tomcat.10.x6.nabble.com/How-to-allow-only-TLS-1-1-connections-to-Tomcat-6-0-server-with-https we get this when trying to connect with ssl3 locally openssl s_client -connect localhost:portnumberhere -ssl3 CONNECTED(0003) 6990:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/OpenSSL/src/ssl/s3_pkt.c:290: was (Author: hrcboston): we had success with this when developing locally: property name=sslProtocol value=TLSv1/ property name=protocols value=TLSv1/ the reason is that it is undoucmented to use protocols instead of sslEnabledProtocols see https://blogs.atlassian.com/2014/10/ssl-poodle/ http://tomcat.10.x6.nabble.com/How-to-allow-only-TLS-1-1-connections-to-Tomcat-6-0-server-with-https we get this when trying to connect with ssl3 locally openssl s_client -connect localhost:portnumberhere -ssl3 CONNECTED(0003) 6990:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/SourceCache/OpenSSL098/OpenSSL098-47.2/src/ssl/s3_pkt.c:290: Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14199883#comment-14199883 ] Vikas Mayur edited comment on OFBIZ-5848 at 11/6/14 6:29 AM: - Two Questions on how we handle security vulnerabilities: 1. Should we also update the information on the news section on the site for such security/critical fixes? 2. Does it affect the regular release cycle in any manner or should we have a different release strategy for such bugs. The bug will be fixed with release 12.04.06 and 13.07.02 but that won't be happening in next 4-5 months. Pardon me if its already discussed but I don't find any information in the archives. was (Author: vikasmayur): Two Questions on security vulnerabilities: 1. Should we also update the information on the news section on the site for such security/critical fixes? 2. Does it affect the regular release cycle in any manner or should we have a different release strategy for such bugs. The bug will be fixed with release 12.04.06 and 13.07.02 but that won't be happening in next 4-5 months. Pardon me if its already discussed but I don't find any information in the archives. Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14199883#comment-14199883 ] Vikas Mayur commented on OFBIZ-5848: Two Questions on security vulnerabilities: 1. Should we also update the information on the news section on the site for such security/critical fixes? 2. Does it affect the regular release cycle in any manner or should we have a different release strategy for such bugs. The bug will be fixed with release 12.04.06 and 13.07.02 but that won't be happening in next 4-5 months. Pardon me if its already discussed but I don't find any information in the archives. Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (OFBIZ-5854) Order On Hold Auto Approves When Edited
Vikas Mayur created OFBIZ-5854: -- Summary: Order On Hold Auto Approves When Edited Key: OFBIZ-5854 URL: https://issues.apache.org/jira/browse/OFBIZ-5854 Project: OFBiz Issue Type: Bug Components: order Affects Versions: Trunk Reporter: Vikas Mayur Priority: Minor Fix For: Upcoming Branch, 12.04.06, 13.07.02 If you put an approved order on hold and then later cancel an item on the order, the order is auto approved. Order must have two line items to test the behavior. The expected result is that order should stay on hold. In this chain of events, following eca is triggered. The service 'checkOrderItemStatus' should be fixed such that it also check the current order header status before cancel/approve/complete the order. {code} eca service=changeOrderItemStatus event=commit condition field-name=statusId operator=equals value=ITEM_CANCELLED/ action service=cancelOrderInventoryReservation mode=sync/ action service=recalcTaxTotal mode=sync/ action service=resetGrandTotal mode=sync/ action service=checkOrderItemStatus mode=sync/ /eca {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (OFBIZ-5855) There is no way to add Party Type (legal, informal etc.) in party manager application
Ejaz Ahmed created OFBIZ-5855: - Summary: There is no way to add Party Type (legal, informal etc.) in party manager application Key: OFBIZ-5855 URL: https://issues.apache.org/jira/browse/OFBIZ-5855 Project: OFBiz Issue Type: Bug Components: party Affects Versions: Trunk, Release Branch 13.07 Reporter: Ejaz Ahmed When find party screen is selected, it shows a drop down list for Type which can be legal organization, informal group, party group, person, team etc. The person and party group types can be selected when we create a party (create new party group, create new person options). However, there is no way to assign the types such as legal organization, informal groups etc which appear in this list to the parties created. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5854) Order On Hold Auto Approves When Edited
[ https://issues.apache.org/jira/browse/OFBIZ-5854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vikas Mayur updated OFBIZ-5854: --- Attachment: order.patch Order On Hold Auto Approves When Edited --- Key: OFBIZ-5854 URL: https://issues.apache.org/jira/browse/OFBIZ-5854 Project: OFBiz Issue Type: Bug Components: order Affects Versions: Trunk Reporter: Vikas Mayur Priority: Minor Fix For: Upcoming Branch, 12.04.06, 13.07.02 Attachments: order.patch If you put an approved order on hold and then later cancel an item on the order, the order is auto approved. Order must have two line items to test the behavior. The expected result is that order should stay on hold. In this chain of events, following eca is triggered. The service 'checkOrderItemStatus' should be fixed such that it also check the current order header status before cancel/approve/complete the order. {code} eca service=changeOrderItemStatus event=commit condition field-name=statusId operator=equals value=ITEM_CANCELLED/ action service=cancelOrderInventoryReservation mode=sync/ action service=recalcTaxTotal mode=sync/ action service=resetGrandTotal mode=sync/ action service=checkOrderItemStatus mode=sync/ /eca {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5854) Order On Hold Auto Approves When Edited
[ https://issues.apache.org/jira/browse/OFBIZ-5854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vikas Mayur updated OFBIZ-5854: --- Description: If you put an approved order on hold and then later cancel an item on the order, the order is auto approved. Order must have two line items to test the behavior. The expected result is that order should stay on hold. In this chain of events, following eca is triggered. The service 'checkOrderItemStatus' should be fixed such that it also check the current order header status before it approve the order. {code} eca service=changeOrderItemStatus event=commit condition field-name=statusId operator=equals value=ITEM_CANCELLED/ action service=cancelOrderInventoryReservation mode=sync/ action service=recalcTaxTotal mode=sync/ action service=resetGrandTotal mode=sync/ action service=checkOrderItemStatus mode=sync/ /eca {code} was: If you put an approved order on hold and then later cancel an item on the order, the order is auto approved. Order must have two line items to test the behavior. The expected result is that order should stay on hold. In this chain of events, following eca is triggered. The service 'checkOrderItemStatus' should be fixed such that it also check the current order header status before cancel/approve/complete the order. {code} eca service=changeOrderItemStatus event=commit condition field-name=statusId operator=equals value=ITEM_CANCELLED/ action service=cancelOrderInventoryReservation mode=sync/ action service=recalcTaxTotal mode=sync/ action service=resetGrandTotal mode=sync/ action service=checkOrderItemStatus mode=sync/ /eca {code} Order On Hold Auto Approves When Edited --- Key: OFBIZ-5854 URL: https://issues.apache.org/jira/browse/OFBIZ-5854 Project: OFBiz Issue Type: Bug Components: order Affects Versions: Trunk Reporter: Vikas Mayur Priority: Minor Fix For: Upcoming Branch, 12.04.06, 13.07.02 Attachments: order.patch If you put an approved order on hold and then later cancel an item on the order, the order is auto approved. Order must have two line items to test the behavior. The expected result is that order should stay on hold. In this chain of events, following eca is triggered. The service 'checkOrderItemStatus' should be fixed such that it also check the current order header status before it approve the order. {code} eca service=changeOrderItemStatus event=commit condition field-name=statusId operator=equals value=ITEM_CANCELLED/ action service=cancelOrderInventoryReservation mode=sync/ action service=recalcTaxTotal mode=sync/ action service=resetGrandTotal mode=sync/ action service=checkOrderItemStatus mode=sync/ /eca {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (OFBIZ-5856) js form.null.focus() error if no focusFieldName set
Leon created OFBIZ-5856: --- Summary: js form.null.focus() error if no focusFieldName set Key: OFBIZ-5856 URL: https://issues.apache.org/jira/browse/OFBIZ-5856 Project: OFBiz Issue Type: Bug Components: framework Affects Versions: Trunk Reporter: Leon Fix For: Trunk In current revision, the modelForm.getfocusFieldName() returns null instead of empty string if there's no focus-field-name set to form element. Then string null is written out when call StringWriter.append(focusFieldName) method. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5856) js form.null.focus() error if no focusFieldName set
[ https://issues.apache.org/jira/browse/OFBIZ-5856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leon updated OFBIZ-5856: Attachment: OFBIZ-5856.patch use empty string for focusFieldName if it's null. Note that is a temporary workaround. According w3c, better to set attribute to empty string if element does not have attribute and no default value either. js form.null.focus() error if no focusFieldName set - Key: OFBIZ-5856 URL: https://issues.apache.org/jira/browse/OFBIZ-5856 Project: OFBiz Issue Type: Bug Components: framework Affects Versions: Trunk Reporter: Leon Fix For: Trunk Attachments: OFBIZ-5856.patch In current revision, the modelForm.getfocusFieldName() returns null instead of empty string if there's no focus-field-name set to form element. Then string null is written out when call StringWriter.append(focusFieldName) method. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14199962#comment-14199962 ] Jacques Le Roux commented on OFBIZ-5848: Hi Vikas, Thanks for your good questions. # We have already https://ofbiz.apache.org/download.html#vulnerabilities but we could indeed put a link to that from the news section on main page # There is currently a discussion within the PMC about this subject. I don't unveil any important secrets by saying that for this bug we tend rather to send a notice on the user ML. Because fixing the bug in the releases branches is not enough. People with not supported releases would not be aware of the issue. And we don't want to create a new release right now because this bug is not really part of the OFBiz code and only need a configuration change. I suggested to put the notice sent to the user ML also on the Dowload page where it will stay as a reminder. This last point as not been yet discussed. Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14198344#comment-14198344 ] Jacques Le Roux edited comment on OFBIZ-5848 at 11/6/14 7:54 AM: - Hi The Poodle fixer, It was not only a Tomcat 7 issue. We had the same un trunk HEAD. Following your indications in above links I found the solution for the trunk and fixed vulnerabilty in trunk HEAD using TLSv1.2 as explained at the bottom of this comment https://blogs.atlassian.com/2014/10/ssl-poodle/#comment-190966 The same apply to supported releases branches since they all use Tomcat 7. Committed in trunk r1636864 R13.07 1636866 R12.04 1636867 {panel:title= WARNING|bgColor=red} *We will certainly have to evolve this in the future because this correction forces the protocol to TLSv1.2* {panel} Thanks Poodle fixer :) was (Author: jacques.le.roux): Hi The Poodle fixer, It was not only a Tomcat 7 issue. We had the same un trunk HEAD. Following your indications in above links I found the solution for the trunk and fixed vulnerabilty in trunk HEAD using TLSv1.2 as explained at the bottom of this comment https://blogs.atlassian.com/2014/10/ssl-poodle/#comment-190966 The same apply to supported releases branches since they all use Tomcat 7. Committed in trunk r1636864 R13.07 1636866 R12.04 1636867 We will certainly have to evolve this in the future because this correction forces the protocol to TLSv1.2 Thanks Poodle fixer :) Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-5848) Poodle-disable sslv3
[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-5848: --- Description: {panel:title= WARNING ABOUT THE FIX|bgColor=red} *We will certainly have to evolve this in the future because this correction forces the protocol to TLSv1.2* {panel} Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) was: Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) Poodle-disable sslv3 Key: OFBIZ-5848 URL: https://issues.apache.org/jira/browse/OFBIZ-5848 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Environment: unix Reporter: Poodle Fixer Assignee: Jacques Le Roux Priority: Critical Labels: patch, security Fix For: Upcoming Branch, 12.04.06, 13.07.02 {panel:title= WARNING ABOUT THE FIX|bgColor=red} *We will certainly have to evolve this in the future because this correction forces the protocol to TLSv1.2* {panel} Hi there-- This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. I am in process of trying to disable sslv3 on our version of of ofbiz uses tomcat 6. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. property name=sslProtocol value=TLS/ property name=sslEnabledProtocols value=TLSv1/ Has anyone else had luck fixing the poodle issue on Apache ofbiz? Or in any of biz products… where is the best place to fix this in of biz?? Thanks! The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)