[VOTE] Release Apache Sling Resource Resolver 1.8.4
Hi, we solved four issues in this release https://issues.apache.org/jira/projects/SLING/versions/12351241 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2596/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2596 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Carsten -- Carsten Ziegeler Adobe cziege...@apache.org
[VOTE] Release Apache Sling Tenant 1.1.6
Hi, we solved one issue in this release https://issues.apache.org/jira/projects/SLING/versions/12344841 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2595/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2595 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Carsten -- Carsten Ziegeler Adobe cziege...@apache.org
[jira] [Resolved] (SLING-11106) sling-org-apache-sling-performance fails with NPE for JCR Resource 2.1.0
[ https://issues.apache.org/jira/browse/SLING-11106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler resolved SLING-11106. -- Resolution: Fixed Thanks [~reschke] > sling-org-apache-sling-performance fails with NPE for JCR Resource 2.1.0 > > > Key: SLING-11106 > URL: https://issues.apache.org/jira/browse/SLING-11106 > Project: Sling > Issue Type: Bug > Components: Testing >Reporter: Julian Reschke >Priority: Minor > Time Spent: 10m > Remaining Estimate: 0h > > See > [https://ci-builds.apache.org/job/Sling/job/modules/job/sling-org-apache-sling-performance/job/master/:] > > For instance: > > runTest(org.apache.sling.performance.PerformanceTest) Time elapsed: 0.001 > sec <<< ERROR! > java.lang.NullPointerException: null > at > org.apache.sling.api.resource.ResourceUtil.normalize(ResourceUtil.java:42) > at > org.apache.sling.api.resource.ResourceUtil.getParent(ResourceUtil.java:129) > at > org.apache.sling.performance.tests.ResolveNonExistingWithManyAliasTest.runTest(ResolveNonExistingWithManyAliasTest.java:120) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) > at > org.apache.sling.performance.FrameworkPerformanceMethod.invokeExplosively(FrameworkPerformanceMethod.java:153) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at > org.apache.sling.performance.PerformanceRunner.run(PerformanceRunner.java:108) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-performance] cziegeler merged pull request #1: SLING-11106: fix NPE in tests of jcr-resource-2.1.0
cziegeler merged pull request #1: URL: https://github.com/apache/sling-org-apache-sling-performance/pull/1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling Testing Clients version 3.0.10
+1 On Tue, Feb 8, 2022 at 12:05 PM Radu Cotescu wrote: > +1 > > > On 7 Feb 2022, at 17:41, Andrei Dulvac wrote: > > > > Please vote to approve this release: > > > > [ ] +1 Approve the release > > [ ] 0 Don't care > > [ ] -1 Don't release, because ... > >
[GitHub] [sling-org-apache-sling-scripting-core] karlpauls commented on a change in pull request #13: SLING-11119 - Optimise the service retrieval for bundled scripts
karlpauls commented on a change in pull request #13:
URL:
https://github.com/apache/sling-org-apache-sling-scripting-core/pull/13#discussion_r802067459
##
File path:
src/main/java/org/apache/sling/scripting/core/impl/bundled/AbstractBundledRenderUnit.java
##
@@ -101,83 +95,37 @@ public BundleContext getBundleContext() {
return scriptExtension;
}
+@Override
+public @NotNull ServiceCache getServiceCache() {
+return serviceCache;
+}
+
@Override
@Nullable
@SuppressWarnings("unchecked")
public T getService(@NotNull String className) {
-LOG.debug("Attempting to load class {} as an OSGi service.",
className);
-T result = (this.services == null ? null : (T)
this.services.get(className));
-if (result == null) {
-final ServiceReference ref =
this.bundleContext.getServiceReference(className);
-if (ref != null) {
-result = (T) this.bundleContext.getService(ref);
-if (result != null) {
-if (this.services == null) {
-this.services = new HashMap<>();
-}
-if (this.references == null) {
-this.references = new ArrayList<>();
-}
-this.references.add(ref);
-this.services.put(className, result);
-return result;
-}
-}
+try {
+ClassLoader bundleClassloader =
getBundle().adapt(BundleWiring.class).getClassLoader();
+return (T)
serviceCache.getService(bundleClassloader.loadClass(className));
+} catch (ClassNotFoundException e) {
+LOG.error("Unable to retrieve a service of type " + className + "
for bundled script " + path, e);
}
-return result;
+return null;
}
@Override
@Nullable
@SuppressWarnings("unchecked")
public T[] getServices(@NotNull String className, @Nullable String
filter) {
-T[] result = null;
try {
-final ServiceReference[] refs =
this.bundleContext.getServiceReferences(className, filter);
-
-if (refs != null) {
-// sort by service ranking (lowest first) (see
ServiceReference#compareTo(Object))
-List> localReferences =
Arrays.asList(refs);
-Collections.sort(localReferences);
-// get the highest ranking first
-Collections.reverse(localReferences);
-
-final List objects = new ArrayList<>();
-for (ServiceReference reference : localReferences) {
-final T service = (T)
this.bundleContext.getService(reference);
-if (service != null) {
-if (this.references == null) {
-this.references = new ArrayList<>();
-}
-this.references.add(reference);
-objects.add(service);
-}
-}
-if (!objects.isEmpty()) {
-T[] srv = (T[])
Array.newInstance(bundle.loadClass(className), objects.size());
-result = objects.toArray(srv);
-}
-}
-} catch (Exception e) {
-LOG.error(String.format("Unable to retrieve the services of type
%s.", className), e);
+ClassLoader bundleClassloader =
getBundle().adapt(BundleWiring.class).getClassLoader();
+return (T[])
serviceCache.getServices(bundleClassloader.loadClass(className), filter);
+} catch (ClassNotFoundException e) {
Review comment:
Same question here I guess: are we sure we don't have cases where
somebody gets the service to use it via reflection?
##
File path: src/main/java/org/apache/sling/scripting/core/impl/ServiceCache.java
##
@@ -63,70 +70,151 @@ public void dispose() {
* @return The service or null
*/
@SuppressWarnings("unchecked")
+@Nullable
public ServiceType getService(Class type) {
-final String key = type.getName();
-Reference reference = this.cache.get(key);
-if (reference == null) {
-
-// get the service
-ServiceReference ref = this.bundleContext.getServiceReference(key);
-if (ref != null) {
-final Object service = this.bundleContext.getService(ref);
-if (service != null) {
-reference = new Reference();
-reference.service = service;
-reference.reference = ref;
-} else {
-ref = null;
-}
-}
-
-// assume missing service
-if (reference == null) {
-reference = NULL_REFERENCE;
+SortedSet references =
[GitHub] [sling-org-apache-sling-scripting-core] sonarcloud[bot] commented on pull request #13: SLING-11119 - Optimise the service retrieval for bundled scripts
sonarcloud[bot] commented on pull request #13: URL: https://github.com/apache/sling-org-apache-sling-scripting-core/pull/13#issuecomment-1032887422 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [6 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_coverage=list) [65.8% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-scripting-core] sonarcloud[bot] removed a comment on pull request #13: SLING-11119 - Optimise the service retrieval for bundled scripts
sonarcloud[bot] removed a comment on pull request #13: URL: https://github.com/apache/sling-org-apache-sling-scripting-core/pull/13#issuecomment-1032829026 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [6 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_coverage=list) [66.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (SLING-7843) exception message is lost inside Scripting JSP error handler
[
https://issues.apache.org/jira/browse/SLING-7843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh closed SLING-7843.
> exception message is lost inside Scripting JSP error handler
>
>
> Key: SLING-7843
> URL: https://issues.apache.org/jira/browse/SLING-7843
> Project: Sling
> Issue Type: Improvement
> Components: Scripting
>Affects Versions: Scripting JSP 2.3.4
>Reporter: Joerg Hoh
>Priority: Major
> Attachments: SLING-7843.patch
>
>
> I came across a case where the error handling of the JSP scripting doesn't
> include the message when wrapping the original exception; that means that the
> details of the exceptions are only available at the deepest level:
> {code}
> Caused by: org.apache.sling.api.SlingException:
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspExceptionInternal(JspServletWrapper.java:691)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:608)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:533)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:449)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.JspScriptEngineFactory.callJsp(JspScriptEngineFactory.java:346)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.JspScriptEngineFactory.access$100(JspScriptEngineFactory.java:101)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.JspScriptEngineFactory$JspScriptEngine.eval(JspScriptEngineFactory.java:607)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.core.impl.DefaultSlingScript.call(DefaultSlingScript.java:388)
> [org.apache.sling.scripting.core:2.0.54]
> ... 146 common frames omitted
> Caused by: org.apache.sling.api.resource.ResourceNotFoundException: Resource
> at '/content/company/page.html' not found: No resource found
> at
> org.apache.sling.servlets.get.impl.DefaultGetServlet.doGet(DefaultGetServlet.java:282)
> [org.apache.sling.servlets.get:2.1.30]
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMethodsServlet.java:266)
> [org.apache.sling.api:2.16.4]
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:342)
> [org.apache.sling.api:2.16.4]
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:374)
> [org.apache.sling.api:2.16.4]
> {code}
> It would be much better if the wrapping exceptions contain the details as
> well.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Resolved] (SLING-7843) exception message is lost inside Scripting JSP error handler
[
https://issues.apache.org/jira/browse/SLING-7843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh resolved SLING-7843.
--
Resolution: Duplicate
> exception message is lost inside Scripting JSP error handler
>
>
> Key: SLING-7843
> URL: https://issues.apache.org/jira/browse/SLING-7843
> Project: Sling
> Issue Type: Improvement
> Components: Scripting
>Affects Versions: Scripting JSP 2.3.4
>Reporter: Joerg Hoh
>Priority: Major
> Attachments: SLING-7843.patch
>
>
> I came across a case where the error handling of the JSP scripting doesn't
> include the message when wrapping the original exception; that means that the
> details of the exceptions are only available at the deepest level:
> {code}
> Caused by: org.apache.sling.api.SlingException:
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspExceptionInternal(JspServletWrapper.java:691)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:608)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:533)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:449)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.JspScriptEngineFactory.callJsp(JspScriptEngineFactory.java:346)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.JspScriptEngineFactory.access$100(JspScriptEngineFactory.java:101)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.jsp.JspScriptEngineFactory$JspScriptEngine.eval(JspScriptEngineFactory.java:607)
> [org.apache.sling.scripting.jsp:2.2.7.B002]
> at
> org.apache.sling.scripting.core.impl.DefaultSlingScript.call(DefaultSlingScript.java:388)
> [org.apache.sling.scripting.core:2.0.54]
> ... 146 common frames omitted
> Caused by: org.apache.sling.api.resource.ResourceNotFoundException: Resource
> at '/content/company/page.html' not found: No resource found
> at
> org.apache.sling.servlets.get.impl.DefaultGetServlet.doGet(DefaultGetServlet.java:282)
> [org.apache.sling.servlets.get:2.1.30]
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMethodsServlet.java:266)
> [org.apache.sling.api:2.16.4]
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:342)
> [org.apache.sling.api:2.16.4]
> at
> org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:374)
> [org.apache.sling.api:2.16.4]
> {code}
> It would be much better if the wrapping exceptions contain the details as
> well.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-testing-clients] dulvac merged pull request #28: SLING-11131 - Update Apache HTTP Client Dependency for CVE-2020-13956
dulvac merged pull request #28: URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/28 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-clients] dulvac commented on a change in pull request #28: SLING-11131 - Update Apache HTTP Client Dependency for CVE-2020-13956
dulvac commented on a change in pull request #28:
URL:
https://github.com/apache/sling-org-apache-sling-testing-clients/pull/28#discussion_r801860444
##
File path:
src/test/java/org/apache/sling/testing/AbstractSlingClientGetUrlTest.java
##
@@ -130,7 +130,7 @@ public void testGetUrlWithParam() throws ClientException {
SlingClient c = new SlingClient(URI.create(serverUrl), "USER", "PWD");
assertEquals("", URI.create(expectedUrl), c.getUrl(inputPath));
assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, null));
-assertEquals(URI.create(expectedUrl + "?"), c.getUrl(inputPath, new
ArrayList()));
+assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, new
ArrayList()));
Review comment:
This actually seems to be the correct behaviour, now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [VOTE] Release Apache Sling Testing Clients version 3.0.10
+1 > On 7 Feb 2022, at 17:41, Andrei Dulvac wrote: > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ...
[GitHub] [sling-org-apache-sling-testing-clients] dulvac commented on a change in pull request #28: SLING-11131 - Update Apache HTTP Client Dependency for CVE-2020-13956
dulvac commented on a change in pull request #28:
URL:
https://github.com/apache/sling-org-apache-sling-testing-clients/pull/28#discussion_r801860444
##
File path:
src/test/java/org/apache/sling/testing/AbstractSlingClientGetUrlTest.java
##
@@ -130,7 +130,7 @@ public void testGetUrlWithParam() throws ClientException {
SlingClient c = new SlingClient(URI.create(serverUrl), "USER", "PWD");
assertEquals("", URI.create(expectedUrl), c.getUrl(inputPath));
assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, null));
-assertEquals(URI.create(expectedUrl + "?"), c.getUrl(inputPath, new
ArrayList()));
+assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, new
ArrayList()));
Review comment:
This actually seems to be the correct behaviour
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-clients] sonarcloud[bot] commented on pull request #28: SLING-11131 - Update Apache HTTP Client Dependency for CVE-2020-13956
sonarcloud[bot] commented on pull request #28: URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/28#issuecomment-1032847359 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=28=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=28=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-clients=28=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-clients=28=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=28=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=28=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-clients=28=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-clients] dulvac commented on a change in pull request #28: SLING-11131 - Update Apache HTTP Client Dependency for CVE-2020-13956
dulvac commented on a change in pull request #28:
URL:
https://github.com/apache/sling-org-apache-sling-testing-clients/pull/28#discussion_r801854492
##
File path:
src/test/java/org/apache/sling/testing/AbstractSlingClientGetUrlTest.java
##
@@ -130,7 +130,7 @@ public void testGetUrlWithParam() throws ClientException {
SlingClient c = new SlingClient(URI.create(serverUrl), "USER", "PWD");
assertEquals("", URI.create(expectedUrl), c.getUrl(inputPath));
assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, null));
-assertEquals(URI.create(expectedUrl + "?"), c.getUrl(inputPath, new
ArrayList()));
+assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, new
ArrayList()));
Review comment:
I see... I think you have to update the package version, though
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Assigned] (SLING-11131) Update Apache HTTP Client Dependency for CVE-2020-13956
[ https://issues.apache.org/jira/browse/SLING-11131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrei Dulvac reassigned SLING-11131: - Assignee: Andrei Dulvac > Update Apache HTTP Client Dependency for CVE-2020-13956 > --- > > Key: SLING-11131 > URL: https://issues.apache.org/jira/browse/SLING-11131 > Project: Sling > Issue Type: Task > Components: Apache Sling Testing Clients >Affects Versions: Apache Sling Testing Clients 3.0.10 >Reporter: Andrei Tuicu >Assignee: Andrei Dulvac >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > org.apache.httpcomponents.httpclient 4.4.1 is vulnerable to > CVE-2020-13956(MEDIUM)[0]. > We need to update to the latest version of the Apache HTP Client 4.5.13. > [0] https://www.cvedetails.com/cve/CVE-2020-13956/ -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-testing-clients] andreituicu commented on a change in pull request #28: SLING-11131 - Update Apache HTTP Client Dependency for CVE-2020-13956
andreituicu commented on a change in pull request #28:
URL:
https://github.com/apache/sling-org-apache-sling-testing-clients/pull/28#discussion_r801845904
##
File path:
src/test/java/org/apache/sling/testing/AbstractSlingClientGetUrlTest.java
##
@@ -130,7 +130,7 @@ public void testGetUrlWithParam() throws ClientException {
SlingClient c = new SlingClient(URI.create(serverUrl), "USER", "PWD");
assertEquals("", URI.create(expectedUrl), c.getUrl(inputPath));
assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, null));
-assertEquals(URI.create(expectedUrl + "?"), c.getUrl(inputPath, new
ArrayList()));
+assertEquals(URI.create(expectedUrl), c.getUrl(inputPath, new
ArrayList()));
Review comment:
@dulvac : It looks like the behaviour changed in the httpclient for this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-clients] andreituicu opened a new pull request #28: SLING-11131 - Update Apache HTTP Client Dependency for CVE-2020-13956
andreituicu opened a new pull request #28: URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/28 Annotations have been replaced based on https://linuxtut.com/replacement-of-annotation-threadsafe-notthreadsafe-removed-in-httpcore-4.4.5-4d580/ . -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-11131) SLING-11124 - Update Apache HTTP Client Dependency for CVE-2020-13956
Andrei Tuicu created SLING-11131: Summary: SLING-11124 - Update Apache HTTP Client Dependency for CVE-2020-13956 Key: SLING-11131 URL: https://issues.apache.org/jira/browse/SLING-11131 Project: Sling Issue Type: Task Components: Apache Sling Testing Clients Affects Versions: Apache Sling Testing Clients 3.0.10 Reporter: Andrei Tuicu org.apache.httpcomponents.httpclient 4.4.1 is vulnerable to CVE-2020-13956(MEDIUM)[0]. We need to update to the latest version of the Apache HTP Client 4.5.13. [0] https://www.cvedetails.com/cve/CVE-2020-13956/ -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (SLING-11131) Update Apache HTTP Client Dependency for CVE-2020-13956
[ https://issues.apache.org/jira/browse/SLING-11131?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrei Tuicu updated SLING-11131: - Summary: Update Apache HTTP Client Dependency for CVE-2020-13956 (was: SLING-11124 - Update Apache HTTP Client Dependency for CVE-2020-13956) > Update Apache HTTP Client Dependency for CVE-2020-13956 > --- > > Key: SLING-11131 > URL: https://issues.apache.org/jira/browse/SLING-11131 > Project: Sling > Issue Type: Task > Components: Apache Sling Testing Clients >Affects Versions: Apache Sling Testing Clients 3.0.10 >Reporter: Andrei Tuicu >Priority: Major > > org.apache.httpcomponents.httpclient 4.4.1 is vulnerable to > CVE-2020-13956(MEDIUM)[0]. > We need to update to the latest version of the Apache HTP Client 4.5.13. > [0] https://www.cvedetails.com/cve/CVE-2020-13956/ -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-scripting-core] sonarcloud[bot] commented on pull request #13: SLING-11119 - Optimise the service retrieval for bundled scripts
sonarcloud[bot] commented on pull request #13: URL: https://github.com/apache/sling-org-apache-sling-scripting-core/pull/13#issuecomment-1032829026 SonarCloud Quality Gate failed.  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-scripting-core=13=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [6 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-scripting-core=13=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_coverage=list) [66.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-scripting-core=13=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-11119) Optimise the service retrieval for bundled scripts
[
https://issues.apache.org/jira/browse/SLING-9?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu updated SLING-9:
-
Summary: Optimise the service retrieval for bundled scripts (was: Optimise
service retrieval for bundled scripts)
> Optimise the service retrieval for bundled scripts
> --
>
> Key: SLING-9
> URL: https://issues.apache.org/jira/browse/SLING-9
> Project: Sling
> Issue Type: Improvement
> Components: Scripting
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
> Fix For: Scripting Core 2.4.4
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The bundled scripts currently have an OSGi service cache per instance,
> however in the
> {{org.apache.sling.scripting.core.impl.bundled.ScriptContextProvider}}
> there's already a service cache per bundle context which could be reused.
> This would save significant memory in systems where there are a lot of
> bundled scripts.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[GitHub] [sling-org-apache-sling-scripting-core] raducotescu opened a new pull request #13: SLING-11119 - Optimise service retrieval for bundled scripts
raducotescu opened a new pull request #13: URL: https://github.com/apache/sling-org-apache-sling-scripting-core/pull/13 * extended the `ServiceCache` with a `getServices` method that returns a filtered services array * the `ExecutableUnits` are now backed by the `ServiceCache` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-11115) Allow path exemptions for referrer filter
[ https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Angela Schreiber resolved SLING-5. -- Resolution: Fixed > Allow path exemptions for referrer filter > -- > > Key: SLING-5 > URL: https://issues.apache.org/jira/browse/SLING-5 > Project: Sling > Issue Type: Improvement > Components: Sling Security >Reporter: Lars Krapf >Assignee: Angela Schreiber >Priority: Major > Fix For: Security 1.1.24 > > Time Spent: 2h 20m > Remaining Estimate: 0h > > The referrer filter should have a configuration option to exclude one or > several paths from the check. > For context: > It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by > default (to adress some [security > concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]). > This breaks the SAML POST binding in conjunction with the Sling referrer > filter. Currently the only option to make it work is to allow empty referrers > in general, however this weakens the CSRF protection. > Allowing to disable the filter for individual paths would allow to solve this > use-case with minimal additional risk. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Resolved] (SLING-11129) FSClassLoader shows Copyright of Adobe
[ https://issues.apache.org/jira/browse/SLING-11129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco resolved SLING-11129. -- Resolution: Fixed Fixed in https://github.com/apache/sling-org-apache-sling-commons-fsclassloader/commit/325de795e57f241742ee281249f3ba0c2162eebd > FSClassLoader shows Copyright of Adobe > -- > > Key: SLING-11129 > URL: https://issues.apache.org/jira/browse/SLING-11129 > Project: Sling > Issue Type: Improvement > Components: Commons >Affects Versions: File System ClassLoader 1.0.14 >Reporter: Joerg Hoh >Priority: Major > > The FSClassLoaderMBean java file still shows copyright by Adobe and also > refers to "ACS AEM Commons Bundle": > https://github.com/apache/sling-org-apache-sling-commons-fsclassloader/blob/f60524e668a8e31c0697df418c2aef8b519c30f9/src/main/java/org/apache/sling/commons/fsclassloader/FSClassLoaderMBean.java#L5 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-security] cziegeler merged pull request #6: SLING-11115 : Allow path exemptions for referrer filter
cziegeler merged pull request #6: URL: https://github.com/apache/sling-org-apache-sling-security/pull/6 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] cziegeler commented on a change in pull request #6: SLING-11115 : Allow path exemptions for referrer filter
cziegeler commented on a change in pull request #6:
URL:
https://github.com/apache/sling-org-apache-sling-security/pull/6#discussion_r801729365
##
File path: src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
##
@@ -430,6 +448,22 @@ private boolean isValidRegexReferrer(HostInfo hostInfo) {
return false;
}
+/**
+ * Returns true if the path info associated with the given
request is contained in the configured excluded paths.
+ *
+ * @param request The request to check
+ * @return true if the path-info associate with the given
request is contained in the configured excluded paths.
+ */
+private boolean isExcludedPath(HttpServletRequest request) {
+String path = request.getPathInfo();
+for (final String excludedPath : this.excludedPaths) {
+if (excludedPath.equals(path)) {
Review comment:
Thanks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] sonarcloud[bot] commented on pull request #6: SLING-11115 : Allow path exemptions for referrer filter
sonarcloud[bot] commented on pull request #6: URL: https://github.com/apache/sling-org-apache-sling-security/pull/6#issuecomment-1032685142 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] sonarcloud[bot] removed a comment on pull request #6: SLING-11115 : Allow path exemptions for referrer filter
sonarcloud[bot] removed a comment on pull request #6: URL: https://github.com/apache/sling-org-apache-sling-security/pull/6#issuecomment-1032614927 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] anchela commented on a change in pull request #6: SLING-11115 : Allow path exemptions for referrer filter
anchela commented on a change in pull request #6:
URL:
https://github.com/apache/sling-org-apache-sling-security/pull/6#discussion_r801705230
##
File path: src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
##
@@ -430,6 +448,22 @@ private boolean isValidRegexReferrer(HostInfo hostInfo) {
return false;
}
+/**
+ * Returns true if the path info associated with the given
request is contained in the configured excluded paths.
+ *
+ * @param request The request to check
+ * @return true if the path-info associate with the given
request is contained in the configured excluded paths.
+ */
+private boolean isExcludedPath(HttpServletRequest request) {
+String path = request.getPathInfo();
+for (final String excludedPath : this.excludedPaths) {
+if (excludedPath.equals(path)) {
Review comment:
sodele
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] anchela commented on a change in pull request #6: SLING-11115 : Allow path exemptions for referrer filter
anchela commented on a change in pull request #6:
URL:
https://github.com/apache/sling-org-apache-sling-security/pull/6#discussion_r801701557
##
File path: src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
##
@@ -430,6 +448,22 @@ private boolean isValidRegexReferrer(HostInfo hostInfo) {
return false;
}
+/**
+ * Returns true if the path info associated with the given
request is contained in the configured excluded paths.
+ *
+ * @param request The request to check
+ * @return true if the path-info associate with the given
request is contained in the configured excluded paths.
+ */
+private boolean isExcludedPath(HttpServletRequest request) {
+String path = request.getPathInfo();
+for (final String excludedPath : this.excludedPaths) {
+if (excludedPath.equals(path)) {
Review comment:
:-)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (SLING-11129) FSClassLoader shows Copyright of Adobe
[ https://issues.apache.org/jira/browse/SLING-11129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1745#comment-1745 ] Dan Klco commented on SLING-11129: -- I can confirm. This predates my employment at Adobe. My assumption is that I originally planned to contribute this to ACS AEM Commons and decided it would be better to contribute to the wider Sling community. My apologies for the oversight. > FSClassLoader shows Copyright of Adobe > -- > > Key: SLING-11129 > URL: https://issues.apache.org/jira/browse/SLING-11129 > Project: Sling > Issue Type: Improvement > Components: Commons >Affects Versions: File System ClassLoader 1.0.14 >Reporter: Joerg Hoh >Priority: Major > > The FSClassLoaderMBean java file still shows copyright by Adobe and also > refers to "ACS AEM Commons Bundle": > https://github.com/apache/sling-org-apache-sling-commons-fsclassloader/blob/f60524e668a8e31c0697df418c2aef8b519c30f9/src/main/java/org/apache/sling/commons/fsclassloader/FSClassLoaderMBean.java#L5 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SLING-11106) sling-org-apache-sling-performance fails with NPE for JCR Resource 2.1.0
[ https://issues.apache.org/jira/browse/SLING-11106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488862#comment-17488862 ] Julian Reschke commented on SLING-11106: This [https://github.com/apache/sling-org-apache-sling-performance/pull/1] appears to fix it. Bonus points if somebody can explain why :) > sling-org-apache-sling-performance fails with NPE for JCR Resource 2.1.0 > > > Key: SLING-11106 > URL: https://issues.apache.org/jira/browse/SLING-11106 > Project: Sling > Issue Type: Bug > Components: Testing >Reporter: Julian Reschke >Priority: Minor > > See > [https://ci-builds.apache.org/job/Sling/job/modules/job/sling-org-apache-sling-performance/job/master/:] > > For instance: > > runTest(org.apache.sling.performance.PerformanceTest) Time elapsed: 0.001 > sec <<< ERROR! > java.lang.NullPointerException: null > at > org.apache.sling.api.resource.ResourceUtil.normalize(ResourceUtil.java:42) > at > org.apache.sling.api.resource.ResourceUtil.getParent(ResourceUtil.java:129) > at > org.apache.sling.performance.tests.ResolveNonExistingWithManyAliasTest.runTest(ResolveNonExistingWithManyAliasTest.java:120) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) > at > org.apache.sling.performance.FrameworkPerformanceMethod.invokeExplosively(FrameworkPerformanceMethod.java:153) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at > org.apache.sling.performance.PerformanceRunner.run(PerformanceRunner.java:108) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Resolved] (SLING-11130) Make unpack converter retry downloads
[ https://issues.apache.org/jira/browse/SLING-11130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] A. J. David Bosschaert resolved SLING-11130. Resolution: Fixed > Make unpack converter retry downloads > - > > Key: SLING-11130 > URL: https://issues.apache.org/jira/browse/SLING-11130 > Project: Sling > Issue Type: Improvement > Components: Feature Model >Affects Versions: Feature Model Unpack Extension 0.2.0 >Reporter: A. J. David Bosschaert >Assignee: A. J. David Bosschaert >Priority: Major > Fix For: Feature Model Unpack Extension 0.3.0 > > > The unpack converter [1] should retry downloads in case of failure. > [1] > https://github.com/apache/sling-org-apache-sling-feature-extension-unpack/blob/master/src/main/java/org/apache/sling/feature/extension/unpack/impl/converter/Converter.java -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-security] cziegeler commented on a change in pull request #6: SLING-11115 : Allow path exemptions for referrer filter
cziegeler commented on a change in pull request #6:
URL:
https://github.com/apache/sling-org-apache-sling-security/pull/6#discussion_r801646406
##
File path: src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
##
@@ -430,6 +448,22 @@ private boolean isValidRegexReferrer(HostInfo hostInfo) {
return false;
}
+/**
+ * Returns true if the path info associated with the given
request is contained in the configured excluded paths.
+ *
+ * @param request The request to check
+ * @return true if the path-info associate with the given
request is contained in the configured excluded paths.
+ */
+private boolean isExcludedPath(HttpServletRequest request) {
+String path = request.getPathInfo();
+for (final String excludedPath : this.excludedPaths) {
+if (excludedPath.equals(path)) {
Review comment:
but checking excludedPaths for null is good as well
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] cziegeler commented on a change in pull request #6: SLING-11115 : Allow path exemptions for referrer filter
cziegeler commented on a change in pull request #6:
URL:
https://github.com/apache/sling-org-apache-sling-security/pull/6#discussion_r801646008
##
File path: src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
##
@@ -430,6 +448,22 @@ private boolean isValidRegexReferrer(HostInfo hostInfo) {
return false;
}
+/**
+ * Returns true if the path info associated with the given
request is contained in the configured excluded paths.
+ *
+ * @param request The request to check
+ * @return true if the path-info associate with the given
request is contained in the configured excluded paths.
+ */
+private boolean isExcludedPath(HttpServletRequest request) {
+String path = request.getPathInfo();
+for (final String excludedPath : this.excludedPaths) {
+if (excludedPath.equals(path)) {
Review comment:
ah sorry, I meant "excludedPath" :) so a string in the array might be
null
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] sonarcloud[bot] commented on pull request #6: SLING-11115 : Allow path exemptions for referrer filter
sonarcloud[bot] commented on pull request #6: URL: https://github.com/apache/sling-org-apache-sling-security/pull/6#issuecomment-1032614927 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] sonarcloud[bot] removed a comment on pull request #6: SLING-11115 : Allow path exemptions for referrer filter
sonarcloud[bot] removed a comment on pull request #6: URL: https://github.com/apache/sling-org-apache-sling-security/pull/6#issuecomment-1032570177 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] anchela commented on a change in pull request #6: SLING-11115 : Allow path exemptions for referrer filter
anchela commented on a change in pull request #6:
URL:
https://github.com/apache/sling-org-apache-sling-security/pull/6#discussion_r801633415
##
File path: src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
##
@@ -430,6 +448,22 @@ private boolean isValidRegexReferrer(HostInfo hostInfo) {
return false;
}
+/**
+ * Returns true if the path info associated with the given
request is contained in the configured excluded paths.
+ *
+ * @param request The request to check
+ * @return true if the path-info associate with the given
request is contained in the configured excluded paths.
+ */
+private boolean isExcludedPath(HttpServletRequest request) {
+String path = request.getPathInfo();
+for (final String excludedPath : this.excludedPaths) {
+if (excludedPath.equals(path)) {
Review comment:
sure -> done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (SLING-10583) Ensure o/a/s/d/a/p/distributed events are raised at least once
[ https://issues.apache.org/jira/browse/SLING-10583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488833#comment-17488833 ] Roxana-Elena Balasoiu commented on SLING-10583: --- This is the PR [https://github.com/apache/sling-org-apache-sling-distribution-journal/pull/97] that I opened for this issue. > Ensure o/a/s/d/a/p/distributed events are raised at least once > -- > > Key: SLING-10583 > URL: https://issues.apache.org/jira/browse/SLING-10583 > Project: Sling > Issue Type: Improvement > Components: Content Distribution >Reporter: Timothee Maret >Assignee: Timothee Maret >Priority: Major > Fix For: Content Distribution Journal Core 0.1.24 > > > The org/apache/sling/distribution/agent/package/distributed events are raised > by computing offset ranges from the discovery topic. Events can be lost in > the edge case where no author service is available to compute offset ranges. > Ensuring event delivery in that case could be done by persisting the offset > of the last event raised and include that information when computing the > events to be raised. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-security] cziegeler commented on a change in pull request #6: SLING-11115 : Allow path exemptions for referrer filter
cziegeler commented on a change in pull request #6:
URL:
https://github.com/apache/sling-org-apache-sling-security/pull/6#discussion_r801605247
##
File path: src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
##
@@ -430,6 +448,22 @@ private boolean isValidRegexReferrer(HostInfo hostInfo) {
return false;
}
+/**
+ * Returns true if the path info associated with the given
request is contained in the configured excluded paths.
+ *
+ * @param request The request to check
+ * @return true if the path-info associate with the given
request is contained in the configured excluded paths.
+ */
+private boolean isExcludedPath(HttpServletRequest request) {
+String path = request.getPathInfo();
+for (final String excludedPath : this.excludedPaths) {
+if (excludedPath.equals(path)) {
Review comment:
I would add a null check for excludedPath here, as a sanity check
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Updated] (SLING-10583) Ensure o/a/s/d/a/p/distributed events are raised at least once
[ https://issues.apache.org/jira/browse/SLING-10583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Timothee Maret updated SLING-10583: --- Description: The org/apache/sling/distribution/agent/package/distributed events are raised by computing offset ranges from the discovery topic. Events can be lost in the edge case where no author service is available to compute offset ranges. Ensuring event delivery in that case could be done by persisting the offset of the last event raised and include that information when computing the events to be raised. (was: The org/apache/sling/distribution/agent/package/distributed events are raised by computing offset ranges from the discovery topic. In the edge case where no author service is available to raise the vents when diffing offset ranges, then events could be lost. Ensuring event delivery in that case could be done by persisting the offset of the last event raised and include that information in the diff.) > Ensure o/a/s/d/a/p/distributed events are raised at least once > -- > > Key: SLING-10583 > URL: https://issues.apache.org/jira/browse/SLING-10583 > Project: Sling > Issue Type: Improvement > Components: Content Distribution >Reporter: Timothee Maret >Assignee: Timothee Maret >Priority: Major > Fix For: Content Distribution Journal Core 0.1.24 > > > The org/apache/sling/distribution/agent/package/distributed events are raised > by computing offset ranges from the discovery topic. Events can be lost in > the edge case where no author service is available to compute offset ranges. > Ensuring event delivery in that case could be done by persisting the offset > of the last event raised and include that information when computing the > events to be raised. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (SLING-10583) Ensure o/a/s/d/a/p/distributed events are raised at least once
[ https://issues.apache.org/jira/browse/SLING-10583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Timothee Maret reassigned SLING-10583: -- Assignee: Timothee Maret (was: Timothée Maret) > Ensure o/a/s/d/a/p/distributed events are raised at least once > -- > > Key: SLING-10583 > URL: https://issues.apache.org/jira/browse/SLING-10583 > Project: Sling > Issue Type: Improvement > Components: Content Distribution >Reporter: Timothee Maret >Assignee: Timothee Maret >Priority: Major > Fix For: Content Distribution Journal Core 0.1.24 > > > The org/apache/sling/distribution/agent/package/distributed events are raised > by computing offset ranges from the discovery topic. > In the edge case where no author service is available to raise the vents when > diffing offset ranges, then events could be lost. > Ensuring event delivery in that case could be done by persisting the offset > of the last event raised and include that information in the diff. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (SLING-10583) Ensure o/a/s/d/a/p/distributed events are raised at least once
[ https://issues.apache.org/jira/browse/SLING-10583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Timothée Maret reassigned SLING-10583: -- Assignee: Timothée Maret > Ensure o/a/s/d/a/p/distributed events are raised at least once > -- > > Key: SLING-10583 > URL: https://issues.apache.org/jira/browse/SLING-10583 > Project: Sling > Issue Type: Improvement > Components: Content Distribution >Reporter: Timothee Maret >Assignee: Timothée Maret >Priority: Major > Fix For: Content Distribution Journal Core 0.1.24 > > > The org/apache/sling/distribution/agent/package/distributed events are raised > by computing offset ranges from the discovery topic. > In the edge case where no author service is available to raise the vents when > diffing offset ranges, then events could be lost. > Ensuring event delivery in that case could be done by persisting the offset > of the last event raised and include that information in the diff. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [sling-org-apache-sling-security] sonarcloud[bot] commented on pull request #6: SLING-11115 : Allow path exemptions for referrer filter
sonarcloud[bot] commented on pull request #6: URL: https://github.com/apache/sling-org-apache-sling-security/pull/6#issuecomment-1032570177 Kudos, SonarCloud Quality Gate passed!  [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-security=6=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-security=6=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-security=6=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-security] anchela opened a new pull request #6: SLING-11115 : Allow path exemptions for referrer filter
anchela opened a new pull request #6: URL: https://github.com/apache/sling-org-apache-sling-security/pull/6 @cziegeler , i would appreciate if you had time to review the proposed addition to referrer-filter configuration and the corresponding exclusion during validation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (SLING-11115) Allow path exemptions for referrer filter
[
https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488765#comment-17488765
]
Angela Schreiber edited comment on SLING-5 at 2/8/22, 10:50 AM:
[~cziegeler] , i see thanks for the explanation.. so it's
{{HttpServletRequest.getPathInfo}}
was (Author: anchela):
[~cziegeler] , i see thanks for the explanation.. so it's
\{{HttpServletRequest.getPathInfo}}
> Allow path exemptions for referrer filter
> --
>
> Key: SLING-5
> URL: https://issues.apache.org/jira/browse/SLING-5
> Project: Sling
> Issue Type: Improvement
> Components: Sling Security
>Reporter: Lars Krapf
>Assignee: Angela Schreiber
>Priority: Major
> Fix For: Security 1.1.24
>
>
> The referrer filter should have a configuration option to exclude one or
> several paths from the check.
> For context:
> It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by
> default (to adress some [security
> concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]).
> This breaks the SAML POST binding in conjunction with the Sling referrer
> filter. Currently the only option to make it work is to allow empty referrers
> in general, however this weakens the CSRF protection.
> Allowing to disable the filter for individual paths would allow to solve this
> use-case with minimal additional risk.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Comment Edited] (SLING-11115) Allow path exemptions for referrer filter
[
https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488765#comment-17488765
]
Angela Schreiber edited comment on SLING-5 at 2/8/22, 10:50 AM:
[~cziegeler] , i see thanks for the explanation.. so it's
\{{HttpServletRequest.getPathInfo}}
was (Author: anchela):
[~cziegeler] , i see thanks for the explanation.. so it's
\{{HttpServletRequest.getPathInfo}}
> Allow path exemptions for referrer filter
> --
>
> Key: SLING-5
> URL: https://issues.apache.org/jira/browse/SLING-5
> Project: Sling
> Issue Type: Improvement
> Components: Sling Security
>Reporter: Lars Krapf
>Assignee: Angela Schreiber
>Priority: Major
> Fix For: Security 1.1.24
>
>
> The referrer filter should have a configuration option to exclude one or
> several paths from the check.
> For context:
> It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by
> default (to adress some [security
> concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]).
> This breaks the SAML POST binding in conjunction with the Sling referrer
> filter. Currently the only option to make it work is to allow empty referrers
> in general, however this weakens the CSRF protection.
> Allowing to disable the filter for individual paths would allow to solve this
> use-case with minimal additional risk.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11115) Allow path exemptions for referrer filter
[
https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488765#comment-17488765
]
Angela Schreiber commented on SLING-5:
--
[~cziegeler] , i see thanks for the explanation.. so it's
\{{HttpServletRequest.getPathInfo}}
> Allow path exemptions for referrer filter
> --
>
> Key: SLING-5
> URL: https://issues.apache.org/jira/browse/SLING-5
> Project: Sling
> Issue Type: Improvement
> Components: Sling Security
>Reporter: Lars Krapf
>Assignee: Angela Schreiber
>Priority: Major
> Fix For: Security 1.1.24
>
>
> The referrer filter should have a configuration option to exclude one or
> several paths from the check.
> For context:
> It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by
> default (to adress some [security
> concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]).
> This breaks the SAML POST binding in conjunction with the Sling referrer
> filter. Currently the only option to make it work is to allow empty referrers
> in general, however this weakens the CSRF protection.
> Allowing to disable the filter for individual paths would allow to solve this
> use-case with minimal additional risk.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11115) Allow path exemptions for referrer filter
[ https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488741#comment-17488741 ] Carsten Ziegeler commented on SLING-5: -- The ReferrerFilter is a Preprocessor and runs before any dispatching to a servlet. So it runs way before the Sling Main Servlet (or any other servlet or servlet filter). Therefore, the passed in request will never be a SlingHttpServletRequest. The only available info is HttpServletRequest.getPathInfo > Allow path exemptions for referrer filter > -- > > Key: SLING-5 > URL: https://issues.apache.org/jira/browse/SLING-5 > Project: Sling > Issue Type: Improvement > Components: Sling Security >Reporter: Lars Krapf >Assignee: Angela Schreiber >Priority: Major > Fix For: Security 1.1.24 > > > The referrer filter should have a configuration option to exclude one or > several paths from the check. > For context: > It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by > default (to adress some [security > concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]). > This breaks the SAML POST binding in conjunction with the Sling referrer > filter. Currently the only option to make it work is to allow empty referrers > in general, however this weakens the CSRF protection. > Allowing to disable the filter for individual paths would allow to solve this > use-case with minimal additional risk. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SLING-11129) FSClassLoader shows Copyright of Adobe
[
https://issues.apache.org/jira/browse/SLING-11129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488733#comment-17488733
]
Robert Munteanu commented on SLING-11129:
-
[~dklco] - you seem to have introduced this class with
https://github.com/apache/sling-org-apache-sling-commons-fsclassloader/commit/ac4bcb595ad3845116a9d09ade79ddf4efe51676#diff-6cf5bf1961145c7cfa22b76ab131256014d01340666f8b38b113107ad4f56c1a
. Can you confirm that the license header mistakenly set and the intention was
to use the same license header as the rest of the files in the submission,
critical difference being
{quote}
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.
{quote}
> FSClassLoader shows Copyright of Adobe
> --
>
> Key: SLING-11129
> URL: https://issues.apache.org/jira/browse/SLING-11129
> Project: Sling
> Issue Type: Improvement
> Components: Commons
>Affects Versions: File System ClassLoader 1.0.14
>Reporter: Joerg Hoh
>Priority: Major
>
> The FSClassLoaderMBean java file still shows copyright by Adobe and also
> refers to "ACS AEM Commons Bundle":
> https://github.com/apache/sling-org-apache-sling-commons-fsclassloader/blob/f60524e668a8e31c0697df418c2aef8b519c30f9/src/main/java/org/apache/sling/commons/fsclassloader/FSClassLoaderMBean.java#L5
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
Re: [VOTE] Release Apache Sling Testing Clients version 3.0.10
On Mon, 2022-02-07 at 17:41 +0100, Andrei Dulvac wrote: > Please vote to approve this release: +1 Robert signature.asc Description: This is a digitally signed message part
[jira] [Assigned] (SLING-11130) Make unpack converter retry downloads
[ https://issues.apache.org/jira/browse/SLING-11130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] A. J. David Bosschaert reassigned SLING-11130: -- Assignee: A. J. David Bosschaert > Make unpack converter retry downloads > - > > Key: SLING-11130 > URL: https://issues.apache.org/jira/browse/SLING-11130 > Project: Sling > Issue Type: Improvement > Components: Feature Model >Affects Versions: Feature Model Unpack Extension 0.2.0 >Reporter: A. J. David Bosschaert >Assignee: A. J. David Bosschaert >Priority: Major > Attachments: image-2022-02-08-10-04-58-565.png > > > The unpack converter [1] should retry downloads in case of failure. > [1] > https://github.com/apache/sling-org-apache-sling-feature-extension-unpack/blob/master/src/main/java/org/apache/sling/feature/extension/unpack/impl/converter/Converter.java -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (SLING-11130) Make unpack converter retry downloads
[ https://issues.apache.org/jira/browse/SLING-11130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] A. J. David Bosschaert updated SLING-11130: --- Fix Version/s: Feature Model Unpack Extension 0.3.0 > Make unpack converter retry downloads > - > > Key: SLING-11130 > URL: https://issues.apache.org/jira/browse/SLING-11130 > Project: Sling > Issue Type: Improvement > Components: Feature Model >Affects Versions: Feature Model Unpack Extension 0.2.0 >Reporter: A. J. David Bosschaert >Assignee: A. J. David Bosschaert >Priority: Major > Fix For: Feature Model Unpack Extension 0.3.0 > > Attachments: image-2022-02-08-10-04-58-565.png > > > The unpack converter [1] should retry downloads in case of failure. > [1] > https://github.com/apache/sling-org-apache-sling-feature-extension-unpack/blob/master/src/main/java/org/apache/sling/feature/extension/unpack/impl/converter/Converter.java -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (SLING-11130) Make unpack converter retry downloads
A. J. David Bosschaert created SLING-11130: -- Summary: Make unpack converter retry downloads Key: SLING-11130 URL: https://issues.apache.org/jira/browse/SLING-11130 Project: Sling Issue Type: Improvement Components: Feature Model Affects Versions: Feature Model Unpack Extension 0.2.0 Reporter: A. J. David Bosschaert Attachments: image-2022-02-08-10-04-58-565.png The unpack converter [1] should retry downloads in case of failure. [1] https://github.com/apache/sling-org-apache-sling-feature-extension-unpack/blob/master/src/main/java/org/apache/sling/feature/extension/unpack/impl/converter/Converter.java -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SLING-11115) Allow path exemptions for referrer filter
[
https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488716#comment-17488716
]
Angela Schreiber commented on SLING-5:
--
[~chaotic] , the {{ReferrerFilter}} operates on {{HttpServletRequest}} and
doesn't mandate the request to be a {{{}SlingHttpServletRequest{}}}. so,
RequestPathInfo and the resource-path contained therein may or may not be
available. I can fallback to {{HttpServletRequest.getPathInfo}} in that case.
[~cziegeler] , what is your take?
> Allow path exemptions for referrer filter
> --
>
> Key: SLING-5
> URL: https://issues.apache.org/jira/browse/SLING-5
> Project: Sling
> Issue Type: Improvement
> Components: Sling Security
>Reporter: Lars Krapf
>Assignee: Angela Schreiber
>Priority: Major
> Fix For: Security 1.1.24
>
>
> The referrer filter should have a configuration option to exclude one or
> several paths from the check.
> For context:
> It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by
> default (to adress some [security
> concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]).
> This breaks the SAML POST binding in conjunction with the Sling referrer
> filter. Currently the only option to make it work is to allow empty referrers
> in general, however this weakens the CSRF protection.
> Allowing to disable the filter for individual paths would allow to solve this
> use-case with minimal additional risk.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (SLING-11115) Allow path exemptions for referrer filter
[ https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488710#comment-17488710 ] Lars Krapf commented on SLING-5: [~angela]: bq. what do you have in mind when you refer to 'complete paths'? I suggest to match the [resource path|https://sling.apache.org/apidocs/sling7/org/apache/sling/api/request/RequestPathInfo.html#getResourcePath--] portion of the path info. > Allow path exemptions for referrer filter > -- > > Key: SLING-5 > URL: https://issues.apache.org/jira/browse/SLING-5 > Project: Sling > Issue Type: Improvement > Components: Sling Security >Reporter: Lars Krapf >Assignee: Angela Schreiber >Priority: Major > Fix For: Security 1.1.24 > > > The referrer filter should have a configuration option to exclude one or > several paths from the check. > For context: > It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by > default (to adress some [security > concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]). > This breaks the SAML POST binding in conjunction with the Sling referrer > filter. Currently the only option to make it work is to allow empty referrers > in general, however this weakens the CSRF protection. > Allowing to disable the filter for individual paths would allow to solve this > use-case with minimal additional risk. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SLING-11115) Allow path exemptions for referrer filter
[ https://issues.apache.org/jira/browse/SLING-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17488704#comment-17488704 ] Angela Schreiber commented on SLING-5: -- [~chaotic] , [~cziegeler] , what do you have in mind when you refer to 'complete paths'? the path-info associated with the request? or rather verify if the request URI ends with any of the configured exempted paths? > Allow path exemptions for referrer filter > -- > > Key: SLING-5 > URL: https://issues.apache.org/jira/browse/SLING-5 > Project: Sling > Issue Type: Improvement > Components: Sling Security >Reporter: Lars Krapf >Assignee: Angela Schreiber >Priority: Major > Fix For: Security 1.1.24 > > > The referrer filter should have a configuration option to exclude one or > several paths from the check. > For context: > It seems that the RedHat SSO IDP sends "Referrer-Policy: no-referrer" by > default (to adress some [security > concerns|https://tools.ietf.org/id/draft-ietf-oauth-security-topics-14.html#rfc.section.4.2.4]). > This breaks the SAML POST binding in conjunction with the Sling referrer > filter. Currently the only option to make it work is to allow empty referrers > in general, however this weakens the CSRF protection. > Allowing to disable the filter for individual paths would allow to solve this > use-case with minimal additional risk. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (SLING-4476) Some java files show Non-Apache copyright headers
[
https://issues.apache.org/jira/browse/SLING-4476?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh closed SLING-4476.
> Some java files show Non-Apache copyright headers
> -
>
> Key: SLING-4476
> URL: https://issues.apache.org/jira/browse/SLING-4476
> Project: Sling
> Issue Type: Bug
> Components: General
>Reporter: Joerg Hoh
>Priority: Major
>
> A number of files show Adobe Copyright header.
> {code}
> jhoh-osx:sling jhoh$ find . -type f -exec grep "Adobe" /dev/null {} \; |
> grep Copyright | grep -v ".svn-base"
> ./contrib/extensions/datasource/pom.xml: * Copyright 2012 Adobe Systems
> Incorporated
> ./contrib/extensions/ftpserver/src/main/java/org/apache/sling/ftpserver/impl/SlingConfiguration.java:
> * Copyright 2013 Adobe Systems Incorporated
> ./launchpad/test-services/src/main/java/org/apache/sling/launchpad/testservices/servlets/DomServlet.java:
> * Copyright 2013 Adobe Systems Incorporated
> ./site/archives-before-2011/src/logo/usling-bw.svg:
> ./site/archives-before-2011/src/logo/usling.svg:
> ./testing/junit/scriptable/src/test/java/org/apache/sling/junit/tests/TestAllPathsTest.java:
> * Copyright 2012 Adobe Systems Incorporated
> jhoh-osx:sling jhoh$
> {code}
> While for the .svg files it might be ok, the java files and the pom should be
> checked.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Closed] (SLING-4746) Installer does not consistently update bundle location in Webconsole
[ https://issues.apache.org/jira/browse/SLING-4746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Hoh closed SLING-4746. > Installer does not consistently update bundle location in Webconsole > > > Key: SLING-4746 > URL: https://issues.apache.org/jira/browse/SLING-4746 > Project: Sling > Issue Type: Bug > Components: Installer >Affects Versions: File Installer 1.0.4 >Reporter: Joerg Hoh >Priority: Major > > I have a sling-based application using Apache Oak as content repository. I > started with Oak being part of the Launchpad, so I had for example a bundle > "org.apache.jackrabbit.oak-solr-osgi" in version 1.0. The OSGI Webconsole > displayed as bundle location > "launchpad:resources/install.crx3/15/oak-solr-osgi-1.0.0.jar", which is > perfect. > Now I upgraded Oak to version 1.0.13 by putting the bundles inside > /libs/system/install. The OSGI Webconsole displays for my bundle > oak-solr-osgi the version 1.0.13, but still shows as Bundle location the > string "launchpad:resources/install.crx3/15/oak-solr-osgi-1.0.0.jar". > But this isn't true for all bundles. For example I deployed the bundle oak-mk > in version 1.0.13 in the very same way as the oak-solr-osgi bundle, but there > the bundle location is updated and displays > "jcrinstall:/libs/system/install.crx3/oak-mk-1.0.13.jar", which is correct. > So the update process seems to work to reliably. I've seen this behaviour not > only for mixed installers, but also with jcrinstaller only. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (SLING-4749) Request using "sling:bg=true" causes StackOverflow when no read access to /var
[
https://issues.apache.org/jira/browse/SLING-4749?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh closed SLING-4749.
> Request using "sling:bg=true" causes StackOverflow when no read access to /var
> --
>
> Key: SLING-4749
> URL: https://issues.apache.org/jira/browse/SLING-4749
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Background Servlets 1.0.0
>Reporter: Joerg Hoh
>Assignee: Bertrand Delacretaz
>Priority: Major
>
> I have a system, where the anonymous user does not have read access to
> /var/bg. When I do a call to it (for example:
> http://localhost:4503/?sling:bg=true;, it returns with a internal server
> error. The log shows a stackoverflow exception, caused by
> {code}
> ...
> at
> org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> at
> org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> ...
> {code}
> Looking at this line in the code I see a recursive call of deepCreateNode,
> which is executed, when the item itself does not exist. Which is true from
> the view of an anonymous session, which doesn't have read access to nodes
> beneath /var.
> The code should be improved, so it does either check with an admin session
> that the path exists, but is simply not readable, or preferably add some
> detection, that it has already reached "/" and that it doesn't make sense to
> continue then.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Closed] (SLING-4747) Installer does not consistently update bundle location in Webconsole
[ https://issues.apache.org/jira/browse/SLING-4747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Hoh closed SLING-4747. > Installer does not consistently update bundle location in Webconsole > > > Key: SLING-4747 > URL: https://issues.apache.org/jira/browse/SLING-4747 > Project: Sling > Issue Type: Bug > Components: Installer >Affects Versions: File Installer 1.0.4 >Reporter: Joerg Hoh >Priority: Major > > I have a sling-based application using Apache Oak as content repository. I > started with Oak being part of the Launchpad, so I had for example a bundle > "org.apache.jackrabbit.oak-solr-osgi" in version 1.0. The OSGI Webconsole > displayed as bundle location > "launchpad:resources/install.crx3/15/oak-solr-osgi-1.0.0.jar", which is > perfect. > Now I upgraded Oak to version 1.0.13 by putting the bundles inside > /libs/system/install. The OSGI Webconsole displays for my bundle > oak-solr-osgi the version 1.0.13, but still shows as Bundle location the > string "launchpad:resources/install.crx3/15/oak-solr-osgi-1.0.0.jar". > But this isn't true for all bundles. For example I deployed the bundle oak-mk > in version 1.0.13 in the very same way as the oak-solr-osgi bundle, but there > the bundle location is updated and displays > "jcrinstall:/libs/system/install.crx3/oak-mk-1.0.13.jar", which is correct. > So the update process seems to work to reliably. I've seen this behaviour not > only for mixed installers, but also with jcrinstaller only. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (SLING-11129) FSClassLoader shows Copyright of Adobe
Joerg Hoh created SLING-11129: - Summary: FSClassLoader shows Copyright of Adobe Key: SLING-11129 URL: https://issues.apache.org/jira/browse/SLING-11129 Project: Sling Issue Type: Improvement Components: Commons Affects Versions: File System ClassLoader 1.0.14 Reporter: Joerg Hoh The FSClassLoaderMBean java file still shows copyright by Adobe and also refers to "ACS AEM Commons Bundle": https://github.com/apache/sling-org-apache-sling-commons-fsclassloader/blob/f60524e668a8e31c0697df418c2aef8b519c30f9/src/main/java/org/apache/sling/commons/fsclassloader/FSClassLoaderMBean.java#L5 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (SLING-8002) DistributedEventReceiver utilizes long-running session
[
https://issues.apache.org/jira/browse/SLING-8002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh closed SLING-8002.
> DistributedEventReceiver utilizes long-running session
> --
>
> Key: SLING-8002
> URL: https://issues.apache.org/jira/browse/SLING-8002
> Project: Sling
> Issue Type: Improvement
> Components: Event
>Affects Versions: Distributed Event Admin 1.1.2
>Reporter: Joerg Hoh
>Assignee: Robert Munteanu
>Priority: Major
> Fix For: Distributed Event Admin 1.1.4
>
> Attachments: SLING-8002.patch
>
>
> We recently came across this warning in our logs. Looks like the
> DistributedEventReceiver uses a long-running session, thus causing warnings
> from Oak.
> {noformat}
> 10.10.2018 10:02:37.620 *WARN* [Thread-51]
> org.apache.jackrabbit.oak.jcr.session.RefreshStrategy This session has been
> idle for 5 minutes and might be out of date. Consider using a fresh session
> or explicitly refresh the session.
> java.lang.Exception: The session was created here:
> at
> org.apache.jackrabbit.oak.jcr.session.RefreshStrategy$LogOnce.(RefreshStrategy.java:170)
>
> at
> org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:285)
>
> at
> com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:150)
>
> at
> com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:241)
>
> at
> com.adobe.granite.repository.impl.SlingRepositoryImpl$4.run(SlingRepositoryImpl.java:177)
>
> at
> com.adobe.granite.repository.impl.SlingRepositoryImpl$4.run(SlingRepositoryImpl.java:174)
>
> at
> java.security.AccessController.doPrivileged(AccessController.java:686)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:729)
> at
> com.adobe.granite.repository.impl.SlingRepositoryImpl.createServiceSession(SlingRepositoryImpl.java:174)
>
> at
> org.apache.sling.jcr.base.AbstractSlingRepository2.createServiceSession(AbstractSlingRepository2.java:166)
>
> at
> org.apache.sling.jcr.base.AbstractSlingRepository2.loginService(AbstractSlingRepository2.java:381)
>
> at
> org.apache.sling.jcr.resource.internal.helper.jcr.JcrProviderStateFactory.createProviderState(JcrProviderStateFactory.java:116)
>
> at
> org.apache.sling.jcr.resource.internal.helper.jcr.JcrResourceProvider.authenticate(JcrResourceProvider.java:304)
>
> at
> org.apache.sling.jcr.resource.internal.helper.jcr.JcrResourceProvider.authenticate(JcrResourceProvider.java:76)
>
> at
> org.apache.sling.resourceresolver.impl.providers.stateful.ProviderManager.authenticate(ProviderManager.java:161)
>
> at
> org.apache.sling.resourceresolver.impl.providers.stateful.ProviderManager.getOrCreateProvider(ProviderManager.java:87)
>
> at
> org.apache.sling.resourceresolver.impl.providers.stateful.ProviderManager.authenticateAll(ProviderManager.java:129)
>
> at
> org.apache.sling.resourceresolver.impl.ResourceResolverImpl.createControl(ResourceResolverImpl.java:138)
>
> at
> org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:100)
>
> at
> org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:94)
>
> at
> org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolverInternal(CommonResourceResolverFactoryImpl.java:263)
>
> at
> org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getServiceResourceResolver(ResourceResolverFactoryImpl.java:96)
>
> at
> org.apache.sling.event.dea.impl.DistributedEventReceiver$1.run(DistributedEventReceiver.java:139)
>
> at java.lang.Thread.run(Thread.java:785)
> {noformat}
> Either the scope of the session should be reduced, or the session should be
> refreshed before writing.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Closed] (SLING-5261) Background servlets: use a separate session for captured output
[
https://issues.apache.org/jira/browse/SLING-5261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh closed SLING-5261.
> Background servlets: use a separate session for captured output
> ---
>
> Key: SLING-5261
> URL: https://issues.apache.org/jira/browse/SLING-5261
> Project: Sling
> Issue Type: Bug
> Components: Extensions
>Affects Versions: Background Servlets 1.0.0
>Reporter: Joerg Hoh
>Assignee: Bertrand Delacretaz
>Priority: Major
> Fix For: Background Servlets 1.0.2
>
>
> We use the bgservlet to perform batch actions on content in the background,
> decoupling it from the user request. We saw a case where these batch actions
> failed and also no log was written. We have lots of exceptions like this in
> the log:
> {noformat}
> 02.11.2015 23:50:32.264 *ERROR* [pool-5743-thread-3]
> com.day.cq.wcm.msm.impl.commands.RolloutCommand Trying to commit status
> change: {}
> java.io.IOException: RepositoryException in flush()
> at
> org.apache.sling.bgservlets.impl.nodestream.NodeOutputStream.flush(NodeOutputStream.java:103)
> at
> org.apache.sling.bgservlets.impl.nodestream.NodeOutputStream.flushIfNeeded(NodeOutputStream.java:110)
> at
> org.apache.sling.bgservlets.impl.nodestream.NodeOutputStream.write(NodeOutputStream.java:129)
> at java.io.FilterOutputStream.write(FilterOutputStream.java:71)
> at
> org.apache.sling.bgservlets.impl.SuspendableOutputStream.write(SuspendableOutputStream.java:65)
> at
> org.apache.sling.bgservlets.BackgroundHttpServletResponse$ServletOutputStreamWrapper.write(BackgroundHttpServletResponse.java:47)
> at
> javax.servlet.ServletOutputStream.print(ServletOutputStream.java:101)
> at
> javax.servlet.ServletOutputStream.println(ServletOutputStream.java:252)
> ...
> Caused by: javax.jcr.InvalidItemStateException: OakState0001: Unresolved
> conflicts in /content/foo/bar/jcr:content
> at
> org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:237)
> at
> org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:664)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:489)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:406)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:268)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:403)
> at
> org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:60)
> at
> org.apache.sling.bgservlets.impl.nodestream.NodeOutputStream.flush(NodeOutputStream.java:92)
> ... 134 common frames omitted
> Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakState0001:
> Unresolved conflicts in /content/foo/bar/jcr:content
> at
> org.apache.jackrabbit.oak.plugins.commit.ConflictValidator.failOnMergeConflict(ConflictValidator.java:115)
> at
> org.apache.jackrabbit.oak.plugins.commit.ConflictValidator.propertyChanged(ConflictValidator.java:90)
> at
> org.apache.jackrabbit.oak.spi.commit.CompositeEditor.propertyChanged(CompositeEditor.java:91)
> at
> org.apache.jackrabbit.oak.spi.commit.EditorDiff.propertyChanged(EditorDiff.java:93)
> at
> org.apache.jackrabbit.oak.spi.state.AbstractNodeState.comparePropertiesAgainstBaseState(AbstractNodeState.java:181)
> at
> org.apache.jackrabbit.oak.plugins.document.DocumentNodeStore.compare(DocumentNodeStore.java:1394)
> at
> org.apache.jackrabbit.oak.plugins.document.DocumentNodeState.compareAgainstBaseState(DocumentNodeState.java:344)
> at
> org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at
> org.apache.jackrabbit.oak.plugins.document.DocumentNodeStore.dispatch(DocumentNodeStore.java:2108)
> ...
> {noformat}
> The exception happens when writing to the output stream (which is redirected
> to write to the repo somewhere below /var/bg), but it logs a conflict in
> /content.
> For me it looks like that the session which is attached to the user request
> is used for 2 different aspects:
> * processing the actions on the content
> * logging the output to the repository
> check the BackgroundRequestExecutionJob class, where the „resource resolver“
> is used for both constructing the „response“ object and as parameter into the
> slingRequestProcessor.processRequest() call.
> For me it looks like if an
[jira] [Closed] (SLING-3845) Sling runmode cannot be changed via web.xml after first startup
[ https://issues.apache.org/jira/browse/SLING-3845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Hoh closed SLING-3845. > Sling runmode cannot be changed via web.xml after first startup > --- > > Key: SLING-3845 > URL: https://issues.apache.org/jira/browse/SLING-3845 > Project: Sling > Issue Type: Bug > Components: Launchpad >Affects Versions: Launchpad Base 2.5.2 > Environment: Tomcat 6.0.39 >Reporter: Joerg Hoh >Priority: Major > > When I deploy a Sling webapp (CQ 5.6.1) into a webcontainer, the init-param > "sling.run.modes" is taken into account to setup the runmodes. > When I change the runmode definition afterwards, the new runmodes don't show > up at all, but the old runmodes remain. When I want to make the new runmode > effective, I need to edit the sling.properties file to change the value there. > One could argue, this is by intent; but I would like to have the possibility > to change the runmodes also after the initial deployments without modifying > directly sling-owned files, but by a more standard-like pattern. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (SLING-3525) Launchpad notification thread cannot access JNDI ressources on Websphere
[
https://issues.apache.org/jira/browse/SLING-3525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh closed SLING-3525.
> Launchpad notification thread cannot access JNDI ressources on Websphere
>
>
> Key: SLING-3525
> URL: https://issues.apache.org/jira/browse/SLING-3525
> Project: Sling
> Issue Type: Improvement
> Components: Launchpad
>Affects Versions: Launchpad Base 2.5.0
> Environment: Websphere 7 on Linux
>Reporter: Joerg Hoh
>Priority: Major
> Attachments: was_258f258f_14.04.29_03.14.01.7877107172171903438789
> copy.txt
>
>
> We have an existing JavaEnterprise-based application, which we want to move
> into sling running on IBM Websphere appserver. In some of the resulting
> bundles we need to access JNDI resources.
> We get this exception:
> {code}
> [29.04.14 03:14:01:790 CEST] FFDC
> Exception:javax.naming.ConfigurationException
> SourceId:com.ibm.ws.naming.java.javaURLContextImpl.throwConfigurationExceptionWithDefaultJavaNS
> ProbeId:440 Reporter:java.lang.Class@5ef85ef8
> javax.naming.ConfigurationException: A JNDI operation on a "java:" name
> cannot be completed because the server runtime is not able to associate the
> operation's thread with any J2EE application component. This condition can
> occur when the JNDI client using the "java:" name is not executed on the
> thread of a server application request. Make sure that a J2EE application
> does not execute JNDI operations on "java:" names within static code blocks
> or in threads created by that J2EE application. Such code does not
> necessarily run on the thread of a server application request and therefore
> is not supported by JNDI operations on "java:" names. [Root exception is
> javax.naming.NameNotFoundException: Name comp/env/tm not found in context
> "java:".]
> at
> com.ibm.ws.naming.java.javaURLContextImpl.throwConfigurationExceptionWithDefaultJavaNS(javaURLContextImpl.java:428)
>
> at
> com.ibm.ws.naming.java.javaURLContextImpl.lookup(javaURLContextImpl.java:399)
> at
> com.ibm.ws.naming.java.javaURLContextRoot.lookup(javaURLContextRoot.java:221)
> at
> com.ibm.ws.naming.java.javaURLContextRoot.lookup(javaURLContextRoot.java:161)
> at javax.naming.InitialContext.lookup(InitialContext.java:436)
> ...
> at
> org.apache.sling.launchpad.webapp.SlingServlet.startSling(SlingServlet.java:384)
>
> at
> org.apache.sling.launchpad.webapp.SlingServlet.updated(SlingServlet.java:262)
> at
> org.apache.sling.launchpad.base.impl.SlingFelix$Notifier.run(SlingFelix.java:172)
>
> at java.lang.Thread.run(Thread.java:761)
> Caused by: javax.naming.NameNotFoundException: Name comp/env/tm not found in
> context "java:".
> at
> com.ibm.ws.naming.ipbase.NameSpace.getParentCtxInternal(NameSpace.java:1837)
> at
> com.ibm.ws.naming.ipbase.NameSpace.lookupInternal(NameSpace.java:1166)
> at com.ibm.ws.naming.ipbase.NameSpace.lookup(NameSpace.java:1095)
> at
> com.ibm.ws.naming.urlbase.UrlContextImpl.lookup(UrlContextImpl.java:1235)
> at
> com.ibm.ws.naming.java.javaURLContextImpl.lookup(javaURLContextImpl.java:395)
> ... 60 more
> {code}
> According to the JavaEnterprise spec, you should not create threads on your
> own but use the mechanisms of the appserver (mostly because of the massive
> use of threadlocals to access JDNI and stuff like that). See
> http://stackoverflow.com/questions/533783/why-spawning-threads-in-java-ee-container-is-discouraged
> for some discussion of it.
> We would like the Launchpad to use a "native Websphere thread" so it can
> actually do JNDI lookups, and not to create a new thread "on the fly".
> We would like to avoid any change to the way how JNDI resources are looked up
> in our application.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
