[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 PJ Fanning changed: What|Removed |Added Resolution|--- |FIXED Status|REOPENED|RESOLVED --- Comment #14 from PJ Fanning --- added r1897568 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #13 from PJ Fanning --- I had a look at the XMLHelper and its code that logs issues at most once every 5 minutes may not be ideal. The code doesn't differentiate between events. If we log one event, then we don't log any for next 5 mins. Maybe it would be better to log once the event once and remember what we logged so we don't log it again? This would use up some memory - keeping track of all the messages we've already logged but if we're careful with the implementation, we may not use up too much. I favour not removing logging because I think it is useful to warn users that their parser implementation does not support all the security settings. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #12 from PJ Fanning --- Using a parser/transformer that causes logging like this means that users are using sub-optimal implementations and expose themselves to security issues -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #11 from PJ Fanning --- POI uses JAXP API - it users' responsibility to configure their JVM to use the best parsers/transformers -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 Bernhard Schuhmann changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #10 from Bernhard Schuhmann --- Would like to reopen this issue as there are still warnings for accessExternalSchema - from XMLHelper.getDocumentBuilderFactory(): 2021-11-24 16:09:55,799 WARN [pool-4-thread-1] (XMLHelper.java:307) - SAX Feature unsupported [log suppressed for 5 minutes]http://javax.xml.XMLConstants/property/accessExternalSchema java.lang.IllegalArgumentException: Property 'http://javax.xml.XMLConstants/property/accessExternalSchema' is not recognized. at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source) ~[xerces_impl-2.12.1b.jar:?] at org.apache.poi.util.XMLHelper.trySet(XMLHelper.java:284) ~[poi-5.1.0.jar:5.1.0] at org.apache.poi.util.XMLHelper.getDocumentBuilderFactory(XMLHelper.java:114) ~[poi-5.1.0.jar:5.1.0] at org.apache.poi.util.XMLHelper.(XMLHelper.java:85) ~[poi-5.1.0.jar:5.1.0] at org.apache.poi.ooxml.util.DocumentHelper.newDocumentBuilder(DocumentHelper.java:47) ~[poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.ooxml.util.DocumentHelper.(DocumentHelper.java:36) ~[poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.internal.ContentTypeManager.save(ContentTypeManager.java:429) ~[poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.ZipPackage.saveImpl(ZipPackage.java:554) ~[poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.OPCPackage.save(OPCPackage.java:1487) ~[poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.ooxml.POIXMLDocument.write(POIXMLDocument.java:227) ~[poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.xssf.streaming.SXSSFWorkbook.write(SXSSFWorkbook.java:963) ~[poi-ooxml-5.1.0.jar:5.1.0] This is with external Xerces library. Forcing POI to use the internal Xerces implementation from Java runtime yields no warnings. We're now forcing the internal implementations of Xerces and Xalan to be used with POI to get rid of the warnings. Maybe POI could use them directly instead of relying on what the runtime offers as default? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #9 from PJ Fanning --- I raised https://bz.apache.org/bugzilla/show_bug.cgi?id=65700 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 PJ Fanning changed: What|Removed |Added Resolution|--- |FIXED Status|REOPENED|RESOLVED --- Comment #8 from PJ Fanning --- This issue is not about accessExternalDTD - it is about accessExternalSchema - a different property - closing -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #7 from Johannes Weberhofer --- I see the issue in an Springboot 2.6, Java Java 1.8.0_312 based application. I don't see the warning using POI 5.0.0. org.apache.poi.util.XMLHelper: SAX Feature unsupported [log suppressed for 5 minutes]http://javax.xml.XMLConstants/property/accessExternalDTD java.lang.IllegalArgumentException: Nicht unterstützt: http://javax.xml.XMLConstants/property/accessExternalDTD at org.apache.xalan.processor.TransformerFactoryImpl.setAttribute(TransformerFactoryImpl.java:571) ~[xalan-2.7.2.jar:na] at org.apache.poi.util.XMLHelper.trySet(XMLHelper.java:284) [poi-5.1.0.jar:5.1.0] at org.apache.poi.util.XMLHelper.getTransformerFactory(XMLHelper.java:224) [poi-5.1.0.jar:5.1.0] at org.apache.poi.util.XMLHelper.newTransformer(XMLHelper.java:231) [poi-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.StreamHelper.saveXmlInStream(StreamHelper.java:56) [poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.internal.ZipContentTypeManager.saveImpl(ZipContentTypeManager.java:68) [poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.internal.ContentTypeManager.save(ContentTypeManager.java:450) [poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.ZipPackage.saveImpl(ZipPackage.java:554) [poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.openxml4j.opc.OPCPackage.save(OPCPackage.java:1487) [poi-ooxml-5.1.0.jar:5.1.0] at org.apache.poi.ooxml.POIXMLDocument.write(POIXMLDocument.java:227) [poi-ooxml-5.1.0.jar:5.1.0] at org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBodyReturnValueHandler$StreamingResponseBodyTask.call(StreamingResponseBodyReturnValueHandler.java:111) ~[spring-webmvc-5.3.13.jar:5.3.13] at org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBodyReturnValueHandler$StreamingResponseBodyTask.call(StreamingResponseBodyReturnValueHandler.java:98) ~[spring-webmvc-5.3.13.jar:5.3.13] at org.springframework.web.context.request.async.WebAsyncManager.lambda$startCallableProcessing$4(WebAsyncManager.java:337) ~[spring-web-5.3.13.jar:5.3.13] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[na:1.8.0_312] at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_312] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_312] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_312] at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_312] -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 Fabio changed: What|Removed |Added CC||fabio.h...@dvbern.ch -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #6 from Cody Lerum --- Unfortunately it still is a 404 for me, but I suspect that is a cloudfront cache issue based on the headers. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #5 from PJ Fanning --- https://repo1.maven.org/maven2/org/apache/poi/poi/5.1.0/poi-5.1.0-sources.jar is working now -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 Cody Lerum changed: What|Removed |Added CC||cody.le...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #4 from Cody Lerum --- PJ, Everything looks like I'm using 5.1.0 but I'm not able to easily verify the sources or debug it as https://repo1.maven.org/maven2/org/apache/poi/poi/5.1.0/poi-5.1.0-sources.jar is returning a 404 I can update the logging in my application server to only show ERROR level or higher for org.apache.poi.util.XMLHelper as it logs as a warn level in a wildfly application server. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 --- Comment #3 from PJ Fanning --- Cody, your stacktrace seems to indicate that you are not using poi-5.1.0.jar - that you are using an older jar. XMLHelper line 224 does not set accessExternalSchema param in latest code. https://github.com/apache/poi/blob/trunk/poi/src/main/java/org/apache/poi/util/XMLHelper.java#L224 If the logging upsets you, can't you change your log configuration so the XMLHelper does not emit info level logs? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 Cody Lerum changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #2 from Cody Lerum --- I'm receiving this message still in 5.1.0 running JDK 17. Did the change to remove the logging make it in to 5.1.0? It does seem to raise every 5 minutes is this something that everyone is going to need to mute in their logging configuration? 2021-11-16 17:12:54,452 WARN [org.apache.poi.util.XMLHelper] (default task-402) SAX Feature unsupported [log suppressed for 5 minutes]http://javax.xml.XMLConstants/property/accessExternalDTD: java.lang.IllegalArgumentException: TransformerFactory does not recognise attribute 'http://javax.xml.XMLConstants/property/accessExternalDTD'. at org.apache.xalan//org.apache.xalan.xsltc.trax.TransformerFactoryImpl.setAttribute(TransformerFactoryImpl.java:373) at __redirected.__TransformerFactory.setAttribute(__TransformerFactory.java:119) at deployment.ROOT.war//org.apache.poi.util.XMLHelper.trySet(XMLHelper.java:284) at deployment.ROOT.war//org.apache.poi.util.XMLHelper.getTransformerFactory(XMLHelper.java:224) at deployment.ROOT.war//org.apache.poi.util.XMLHelper.newTransformer(XMLHelper.java:231) at deployment.ROOT.war//org.apache.poi.openxml4j.opc.StreamHelper.saveXmlInStream(StreamHelper.java:56) at deployment.ROOT.war//org.apache.poi.openxml4j.opc.internal.ZipContentTypeManager.saveImpl(ZipContentTypeManager.java:68) at deployment.ROOT.war//org.apache.poi.openxml4j.opc.internal.ContentTypeManager.save(ContentTypeManager.java:450) at deployment.ROOT.war//org.apache.poi.openxml4j.opc.ZipPackage.saveImpl(ZipPackage.java:554) at deployment.ROOT.war//org.apache.poi.openxml4j.opc.OPCPackage.save(OPCPackage.java:1487) at deployment.ROOT.war//org.apache.poi.ooxml.POIXMLDocument.write(POIXMLDocument.java:227) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
[Bug 65326] multiple warning log about accessExternalSchema
https://bz.apache.org/bugzilla/show_bug.cgi?id=65326 PJ Fanning changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from PJ Fanning --- this is benign - I've tried to relax the code so the logging won't happen (after v5.1.0 is released) - r1894032 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org