[GitHub] [sling-org-apache-sling-caconfig-integration-tests] sonarcloud[bot] commented on pull request #1: SLING-11114 update SLING API to 2.21.0
sonarcloud[bot] commented on PR #1: URL: https://github.com/apache/sling-org-apache-sling-caconfig-integration-tests/pull/1#issuecomment-1133481510 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-caconfig-integration-tests=1) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-feature-cpconverter] sonarcloud[bot] commented on pull request #137: Bump gson from 2.8.6 to 2.8.9
sonarcloud[bot] commented on PR #137: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/137#issuecomment-1133426792 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-feature-cpconverter=137) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=137=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=137=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=137=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-feature-cpconverter] dependabot[bot] opened a new pull request, #137: Bump gson from 2.8.6 to 2.8.9
dependabot[bot] opened a new pull request, #137: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/137 Bumps [gson](https://github.com/google/gson) from 2.8.6 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Commits https://github.com/google/gson/commit/6a368d89da37917be7714c3072b8378f4120110a;>6a368d8 [maven-release-plugin] prepare release gson-parent-2.8.9
Re: [VOTE] Release Apache Sling Event 4.3.2
+1 Regards, Eric On Thu, May 19, 2022 at 1:23 AM Carsten Ziegeler wrote: > Hi, > > we solved 2 issues in this release > > https://issues.apache.org/jira/browse/SLING-9905?jql=project%20%3D%20SLING%20AND%20fixVersion%20%3D%20%22Event%204.3.2%22 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2639/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > Usage: > sh check_staged_release.sh 2639 /tmp/sling-staging > > Please vote to approve this release: > >[ ] +1 Approve the release >[ ] 0 Don't care >[ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards > Carsten > -- > Carsten Ziegeler > Adobe > cziege...@apache.org >
[GitHub] [sling-org-apache-sling-query] sonarcloud[bot] commented on pull request #5: Bump gson from 2.2.4 to 2.8.9
sonarcloud[bot] commented on PR #5: URL: https://github.com/apache/sling-org-apache-sling-query/pull/5#issuecomment-1133374814 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-query=5) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-query=5=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-query=5=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-query=5=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-query=5=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-query=5=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-query=5=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-query=5=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
+1 for the functionality as I don't see anything broken However, this isn't really a drop in replacement for the previous version since the SLING-11201 changes have introduced a new dependency on "org.apache.commons:commons-text:1.9" and that bundle is not currently in the starter distribution. Others may be missing that bundle as well. So there may be an additional step needed to add the commons-text bundle to your server before this version of the xss bundle can be resolved and used. Perhaps that would warrant an increase to the minor version number and some migration instructions in the README or somewhere else? Regards, -Eric On Fri, May 20, 2022 at 4:45 AM Robert Munteanu wrote: > Hi, > > We solved 4 issues in this release: > https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2640/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > Usage: > sh check_staged_release.sh 2640 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Robert Munteanu >
[GitHub] [sling-whiteboard] dependabot[bot] opened a new pull request, #85: Bump gson from 2.8.5 to 2.8.9 in /graalvm
dependabot[bot] opened a new pull request, #85: URL: https://github.com/apache/sling-whiteboard/pull/85 Bumps [gson](https://github.com/google/gson) from 2.8.5 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance method
[GitHub] [sling-org-apache-sling-jms] dependabot[bot] opened a new pull request, #2: Bump gson from 2.2.4 to 2.8.9
dependabot[bot] opened a new pull request, #2: URL: https://github.com/apache/sling-org-apache-sling-jms/pull/2 Bumps [gson](https://github.com/google/gson) from 2.2.4 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance
[GitHub] [sling-org-apache-sling-query] dependabot[bot] opened a new pull request, #5: Bump gson from 2.2.4 to 2.8.9
dependabot[bot] opened a new pull request, #5: URL: https://github.com/apache/sling-org-apache-sling-query/pull/5 Bumps [gson](https://github.com/google/gson) from 2.2.4 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated
[GitHub] [sling-org-apache-sling-auth-xing-login] dependabot[bot] opened a new pull request, #1: Bump gson from 2.2.4 to 2.8.9
dependabot[bot] opened a new pull request, #1: URL: https://github.com/apache/sling-org-apache-sling-auth-xing-login/pull/1 Bumps [gson](https://github.com/google/gson) from 2.2.4 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and
[GitHub] [sling-org-apache-sling-auth-xing-oauth] dependabot[bot] opened a new pull request, #1: Bump gson from 2.2.4 to 2.8.9
dependabot[bot] opened a new pull request, #1: URL: https://github.com/apache/sling-org-apache-sling-auth-xing-oauth/pull/1 Bumps [gson](https://github.com/google/gson) from 2.2.4 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and
[GitHub] [sling-org-apache-sling-pipes] dependabot[bot] opened a new pull request, #18: Bump gson from 2.8.2 to 2.8.9
dependabot[bot] opened a new pull request, #18: URL: https://github.com/apache/sling-org-apache-sling-pipes/pull/18 Bumps [gson](https://github.com/google/gson) from 2.8.2 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated
[GitHub] [sling-launchpad-comparator] dependabot[bot] opened a new pull request, #1: Bump gson from 2.2.4 to 2.8.9
dependabot[bot] opened a new pull request, #1: URL: https://github.com/apache/sling-launchpad-comparator/pull/1 Bumps [gson](https://github.com/google/gson) from 2.2.4 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance
[GitHub] [sling-ide-tooling] dependabot[bot] opened a new pull request, #13: Bump gson from 2.8.0 to 2.8.9 in /shared/modules/impl-resource
dependabot[bot] opened a new pull request, #13: URL: https://github.com/apache/sling-ide-tooling/pull/13 Bumps [gson](https://github.com/google/gson) from 2.8.0 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance method
[GitHub] [sling-org-apache-sling-auth-xing-api] dependabot[bot] opened a new pull request, #1: Bump gson from 2.2.4 to 2.8.9
dependabot[bot] opened a new pull request, #1: URL: https://github.com/apache/sling-org-apache-sling-auth-xing-api/pull/1 Bumps [gson](https://github.com/google/gson) from 2.2.4 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated
[GitHub] [sling-ide-tooling] dependabot[bot] opened a new pull request, #12: Bump gson from 2.8.0 to 2.8.9 in /shared/modules/api
dependabot[bot] opened a new pull request, #12: URL: https://github.com/apache/sling-ide-tooling/pull/12 Bumps [gson](https://github.com/google/gson) from 2.8.0 to 2.8.9. Release notes Sourced from https://github.com/google/gson/releases;>gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Gson 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Changelog Sourced from https://github.com/google/gson/blob/master/CHANGELOG.md;>gson's changelog. Version 2.8.9 Make OSGi bundle's dependency on sun.misc optional (https://github-redirect.dependabot.com/google/gson/issues/1993;>#1993). Deprecate Gson.excluder() exposing internal Excluder class (https://github-redirect.dependabot.com/google/gson/issues/1986;>#1986). Prevent Java deserialization of internal classes (https://github-redirect.dependabot.com/google/gson/issues/1991;>#1991). Improve number strategy implementation (https://github-redirect.dependabot.com/google/gson/issues/1987;>#1987). Fix LongSerializationPolicy null handling being inconsistent with Gson (https://github-redirect.dependabot.com/google/gson/issues/1990;>#1990). Support arbitrary Number implementation for Object and Number deserialization (https://github-redirect.dependabot.com/google/gson/issues/1290;>#1290). Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (https://github-redirect.dependabot.com/google/gson/issues/1980;>#1980). Don't exclude static local classes (https://github-redirect.dependabot.com/google/gson/issues/1969;>#1969). Fix RuntimeTypeAdapterFactory depending on internal Streams class (https://github-redirect.dependabot.com/google/gson/issues/1959;>#1959). Improve Maven build (https://github-redirect.dependabot.com/google/gson/issues/1964;>#1964). Make dependency on java.sql optional (https://github-redirect.dependabot.com/google/gson/issues/1707;>#1707). Version 2.8.8 Fixed issue with recursive types (https://github-redirect.dependabot.com/google/gson/issues/1390;>#1390). Better behaviour with Java 9+ and Unsafe if there is a security manager (https://github-redirect.dependabot.com/google/gson/issues/1712;>#1712). EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (https://github-redirect.dependabot.com/google/gson/issues/1495;>#1495). Version 2.8.7 Fixed ISO8601UtilsTest failing on systems with UTC+X. Improved javadoc for JsonStreamParser. Updated proguard.cfg (https://github-redirect.dependabot.com/google/gson/issues/1693;>#1693). Fixed IllegalStateException in JsonTreeWriter (https://github-redirect.dependabot.com/google/gson/issues/1592;>#1592). Added JsonArray.isEmpty() (https://github-redirect.dependabot.com/google/gson/issues/1640;>#1640). Added new test cases (https://github-redirect.dependabot.com/google/gson/issues/1638;>#1638). Fixed OSGi metadata generation to work on JavaSE 9 (https://github-redirect.dependabot.com/google/gson/issues/1603;>#1603). Version 2.8.6 2019-10-04 https://github.com/google/gson/compare/gson-parent-2.8.5...gson-parent-2.8.6;>GitHub Diff Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance method
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] sonarcloud[bot] commented on pull request #13: SLING-11243 merge multivalue restriction values for eace/eacl json
sonarcloud[bot] commented on PR #13: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/13#issuecomment-1133189725 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=false=CODE_SMELL) [![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png '100.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=13=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Reopened] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Norman reopened SLING-11243: - > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.1.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17540235#comment-17540235 ] Eric Norman commented on SLING-11243: - PR #13 fixes a problem related to merging of multivalue restriction values for the effective ace json output > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.1.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Resolved] (SLING-11321) The effective acl/ace json output should contain the paths where the privileges were declared
[ https://issues.apache.org/jira/browse/SLING-11321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Norman resolved SLING-11321. - Resolution: Fixed Merged PR at: [{{302c1de}}|https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/commit/302c1def09d37b9c94d5081e0ba4cc80715742ea] > The effective acl/ace json output should contain the paths where the > privileges were declared > - > > Key: SLING-11321 > URL: https://issues.apache.org/jira/browse/SLING-11321 > Project: Sling > Issue Type: Improvement >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Minor > Fix For: JCR Jackrabbit Access Manager 3.1.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Use Case: For debugging purposes, or if you want a UI view of the effective > ACE or ACL to be able to draw links to where the privileges were defined. > It would be useful for the effective acl and effective ace json to include a > "declaredAt" structure for each principal that has the all paths where an > applicable ACE was defined. > Expected something like this for node based ACE definitions: > {noformat} > { > "principal": "everyone", > "privileges": { > "jcr:read": { > "allow": true > }, > "jcr:readAccessControl": { > "allow": true > } > }, > "declaredAt": { > "node": [ > "/content", > "/content/pages" > ] > } > }{noformat} > Where declaredAt/node contains the paths for any entries defined on a node. > Or something like this for principal based ACE definitions: > {noformat} > { > "principal":"sling-readall", > "privileges":{ > "jcr:read":{ > "allow":true > }, > "jcr:readAccessControl":{ > "allow":true > } > }, > "declaredAt":{ > "principal":[ > "/content/pages", > "/" > ] > } > }{noformat} > Where declaredAt/principal contains the paths for any principalbased access > control -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] enapps-enorman opened a new pull request, #13: SLING-11243 merge multivalue restriction values for eace/eacl json
enapps-enorman opened a new pull request, #13: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/13 If a parent node has one set of values for a restriction and the child node has a different set of values for the same restriction, then the effective ACE view of the child node should have both of those value sets merged together. For example, consider this use case: Post a modifyAce request with fields like this on a parent node: ``` privilege@rep:readProperties=deny restriction@rep:readProperties@rep:itemNames@Allow=item1 ``` Post a modifyAce request with fields like this on the child node: `restriction@rep:readProperties@rep:itemNames@Allow=item2` The expected output for the effective ace should have both values: ``` { "principal": "testuser1", "privileges": { "rep:readProperties": { "allow": { "rep:itemNames": [ "displayName", "recentEntryCount" ] }, "deny": true }, "jcr:read": { "allow": true } }, "declaredAt": { "node": [ "/content/pages", "/content/pages/subpage1" ] } } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] enapps-enorman merged pull request #12: SLING-11321 add declaredAt structure for effective acl/ace
enapps-enorman merged PR #12: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/12 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-11317) Rewriter configuration gets "lost" in ProcessorManagerImpl when package with another configuration gets deployed
[ https://issues.apache.org/jira/browse/SLING-11317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17540149#comment-17540149 ] Martin Schulze commented on SLING-11317: (Draft) PR: https://github.com/apache/sling-org-apache-sling-rewriter/pull/7/files > Rewriter configuration gets "lost" in ProcessorManagerImpl when package with > another configuration gets deployed > > > Key: SLING-11317 > URL: https://issues.apache.org/jira/browse/SLING-11317 > Project: Sling > Issue Type: Bug >Reporter: Martin Schulze >Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > On our AEM 6.5 instance (org.apache.sling.rewriter-1.2.2, but nothing major > happened with this class since this version) we have multiple rewriter > configurations and sometimes after a deployment of another package with a > rewriter configuration, a configurations is not triggered anymore and the > instance has to be restarted to get it working again. > I've tracked the issue down and found the issue lies in the > {{ProcessorManagerImpl}} [0]. There are two fields, {{processors}} and > {{orderedProcessor}}, which are supposed to be mostly (inactive configs are > not in the {{orderedProcessors}}) "in sync", which is important because later > on there is an {{updateProcessor}} method [2], where the updated config has > to be found in the {{processors}} field, but they diverge from the start, in > the addProcessor [1] method, the added config never reaches the > {{processors}} field, because the newConfigs local variable never gets added > to the processors field. This lead to the issue, that in the updateProcessor > method, which gets triggered through the ResourceChangeListener, a > configuration gets wrongfully deleted [3]. > [0] > https://github.com/apache/sling-org-apache-sling-rewriter/blob/master/src/main/java/org/apache/sling/rewriter/impl/ProcessorManagerImpl.java > [1] > https://github.com/apache/sling-org-apache-sling-rewriter/blob/master/src/main/java/org/apache/sling/rewriter/impl/ProcessorManagerImpl.java#L240 > [2] > https://github.com/apache/sling-org-apache-sling-rewriter/blob/master/src/main/java/org/apache/sling/rewriter/impl/ProcessorManagerImpl.java#L299 > [3] > https://github.com/apache/sling-org-apache-sling-rewriter/blob/master/src/main/java/org/apache/sling/rewriter/impl/ProcessorManagerImpl.java#L378 -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
On Fri, 2022-05-20 at 11:43 +, Robert Munteanu wrote: > Please vote to approve this release: +1 Robert signature.asc Description: This is a digitally signed message part
[GitHub] [sling-org-apache-sling-rewriter] schulm commented on a diff in pull request #7: SLING-11317 Reworked ProcessorManagerImpl, added Tests
schulm commented on code in PR #7: URL: https://github.com/apache/sling-org-apache-sling-rewriter/pull/7#discussion_r878229707 ## src/main/java/org/apache/sling/rewriter/impl/ProcessorManagerImpl.java: ## @@ -327,61 +326,14 @@ private synchronized void updateProcessor(final String path) { } if ( index != -1 ) { // we are already in the array -if ( index == 0 ) { -// we are the first, so remove the old, and add the new this.orderedProcessors.remove(configs[index].config); configs[index] = new ConfigEntry(path, config); if ( config.isActive() ) { this.orderedProcessors.add(config); Collections.sort(this.orderedProcessors, new ProcessorConfiguratorComparator()); -} -} else { -// we are not the first, so we can simply exchange -configs[index] = new ConfigEntry(path, config); } } else { -// now we have to insert the new config at the correct place -int insertIndex = 0; -boolean found = false; -while ( !found && insertIndex < configs.length) { -final ConfigEntry current = configs[insertIndex]; -int currentIndex = -1; -for(int i=0; i
[GitHub] [sling-org-apache-sling-rewriter] sonarcloud[bot] commented on pull request #7: SLING-11317 Reworked ProcessorManagerImpl, added Tests
sonarcloud[bot] commented on PR #7: URL: https://github.com/apache/sling-org-apache-sling-rewriter/pull/7#issuecomment-1132970575 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-rewriter=7) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-rewriter=7=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-rewriter=7=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-rewriter=7=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=CODE_SMELL) [![C](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/C-16px.png 'C')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-rewriter=7=false=CODE_SMELL) [![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png '100.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-rewriter=7=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-rewriter=7=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-rewriter=7=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-rewriter=7=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-rewriter] schulm commented on a diff in pull request #7: SLING-11317 Reworked ProcessorManagerImpl, added Tests
schulm commented on code in PR #7: URL: https://github.com/apache/sling-org-apache-sling-rewriter/pull/7#discussion_r878213150 ## src/main/java/org/apache/sling/rewriter/impl/ProcessorManagerImpl.java: ## @@ -327,61 +326,14 @@ private synchronized void updateProcessor(final String path) { } if ( index != -1 ) { // we are already in the array -if ( index == 0 ) { -// we are the first, so remove the old, and add the new this.orderedProcessors.remove(configs[index].config); configs[index] = new ConfigEntry(path, config); if ( config.isActive() ) { this.orderedProcessors.add(config); Collections.sort(this.orderedProcessors, new ProcessorConfiguratorComparator()); -} -} else { Review Comment: Removed this clause we can't just replace the item, we have also update this.orderedProcessors... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-11327) Committer CLI fails to send emails
[ https://issues.apache.org/jira/browse/SLING-11327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-11327. - Resolution: Fixed > Committer CLI fails to send emails > -- > > Key: SLING-11327 > URL: https://issues.apache.org/jira/browse/SLING-11327 > Project: Sling > Issue Type: Improvement > Components: Tooling >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: Committer CLI 1.0.0 > > > After SLING-11234 mails can no longer be sent: > {noformat}Sending email... > Exception in thread "ExecutionTriggerThread" java.lang.NoClassDefFoundError: > java/awt/datatransfer/Transferable > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.ClassLoader.defineClass(Unknown Source) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2344) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2162) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2096) > at > org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1565) > at > org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) > at java.base/java.lang.ClassLoader.loadClass(Unknown Source) > at > org.apache.felix.framework.BundleWiringImpl.getClassByDelegation(BundleWiringImpl.java:1375) > at > org.apache.felix.framework.BundleWiringImpl.searchImports(BundleWiringImpl.java:1618) > at > org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1548) > at > org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) > at java.base/java.lang.ClassLoader.loadClass(Unknown Source) > at org.apache.sling.cli.impl.mail.Mailer.send(Mailer.java:68) > at > org.apache.sling.cli.impl.release.PrepareVoteEmailCommand.call(PrepareVoteEmailCommand.java:158) > at > org.apache.sling.cli.impl.release.PrepareVoteEmailCommand.call(PrepareVoteEmailCommand.java:48) > at picocli.CommandLine.executeUserObject(CommandLine.java:1701) > at picocli.CommandLine.access$900(CommandLine.java:146) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2059) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2026) > at > picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1893) > at picocli.CommandLine.execute(CommandLine.java:1822) > at > org.apache.sling.cli.impl.CommandProcessor.runCommand(CommandProcessor.java:110) > at > org.apache.sling.cli.impl.ExecutionTrigger.lambda$activate$0(ExecutionTrigger.java:33) > at java.base/java.lang.Thread.run(Unknown Source) > Caused by: java.lang.ClassNotFoundException: > java.awt.datatransfer.Transferable > at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown > Source) > at java.base/java.lang.ClassLoader.loadClass(Unknown Source) > at > org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1475) > at > org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) > at java.base/java.lang.ClassLoader.loadClass(Unknown Source) > ... 27 more{noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (SLING-11327) Committer CLI fails to send emails
Robert Munteanu created SLING-11327: --- Summary: Committer CLI fails to send emails Key: SLING-11327 URL: https://issues.apache.org/jira/browse/SLING-11327 Project: Sling Issue Type: Improvement Components: Tooling Reporter: Robert Munteanu Assignee: Robert Munteanu Fix For: Committer CLI 1.0.0 After SLING-11234 mails can no longer be sent: {noformat}Sending email... Exception in thread "ExecutionTriggerThread" java.lang.NoClassDefFoundError: java/awt/datatransfer/Transferable at java.base/java.lang.ClassLoader.defineClass1(Native Method) at java.base/java.lang.ClassLoader.defineClass(Unknown Source) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2344) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2162) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2096) at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1565) at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) at org.apache.felix.framework.BundleWiringImpl.getClassByDelegation(BundleWiringImpl.java:1375) at org.apache.felix.framework.BundleWiringImpl.searchImports(BundleWiringImpl.java:1618) at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1548) at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) at org.apache.sling.cli.impl.mail.Mailer.send(Mailer.java:68) at org.apache.sling.cli.impl.release.PrepareVoteEmailCommand.call(PrepareVoteEmailCommand.java:158) at org.apache.sling.cli.impl.release.PrepareVoteEmailCommand.call(PrepareVoteEmailCommand.java:48) at picocli.CommandLine.executeUserObject(CommandLine.java:1701) at picocli.CommandLine.access$900(CommandLine.java:146) at picocli.CommandLine$RunLast.handle(CommandLine.java:2059) at picocli.CommandLine$RunLast.handle(CommandLine.java:2026) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1893) at picocli.CommandLine.execute(CommandLine.java:1822) at org.apache.sling.cli.impl.CommandProcessor.runCommand(CommandProcessor.java:110) at org.apache.sling.cli.impl.ExecutionTrigger.lambda$activate$0(ExecutionTrigger.java:33) at java.base/java.lang.Thread.run(Unknown Source) Caused by: java.lang.ClassNotFoundException: java.awt.datatransfer.Transferable at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown Source) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1475) at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) at java.base/java.lang.ClassLoader.loadClass(Unknown Source) ... 27 more{noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Closed] (SLING-11324) Investigate issue with JaCoCo
[ https://issues.apache.org/jira/browse/SLING-11324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz closed SLING-11324. > Investigate issue with JaCoCo > - > > Key: SLING-11324 > URL: https://issues.apache.org/jira/browse/SLING-11324 > Project: Sling > Issue Type: Task >Reporter: Oliver Lietz >Assignee: Oliver Lietz >Priority: Major > > {noformat} > Exception in thread "main" java.lang.reflect.InvocationTargetException > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at > java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513) > at > java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:525) > Caused by: java.lang.reflect.InvocationTargetException > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at > org.jacoco.agent.rt.internal_3570298.core.runtime.InjectedClassRuntime$Lookup.defineClass(InjectedClassRuntime.java:134) > at > org.jacoco.agent.rt.internal_3570298.core.runtime.InjectedClassRuntime.startup(InjectedClassRuntime.java:54) > at org.jacoco.agent.rt.internal_3570298.PreMain.premain(PreMain.java:53) > ... 6 more > Caused by: java.lang.LinkageError: loader 'bootstrap' attempted duplicate > class definition for java.lang.$JaCoCo. > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.System$2.defineClass(System.java:2127) > at > java.base/java.lang.invoke.MethodHandles$Lookup.defineClass(MethodHandles.java:962) > ... 13 more > FATAL ERROR in native method: processing of -javaagent failed > {noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Resolved] (SLING-11324) Investigate issue with JaCoCo
[ https://issues.apache.org/jira/browse/SLING-11324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz resolved SLING-11324. -- Resolution: Done issue caused by redundant jacoco option > Investigate issue with JaCoCo > - > > Key: SLING-11324 > URL: https://issues.apache.org/jira/browse/SLING-11324 > Project: Sling > Issue Type: Task >Reporter: Oliver Lietz >Assignee: Oliver Lietz >Priority: Major > > {noformat} > Exception in thread "main" java.lang.reflect.InvocationTargetException > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at > java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513) > at > java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:525) > Caused by: java.lang.reflect.InvocationTargetException > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at > org.jacoco.agent.rt.internal_3570298.core.runtime.InjectedClassRuntime$Lookup.defineClass(InjectedClassRuntime.java:134) > at > org.jacoco.agent.rt.internal_3570298.core.runtime.InjectedClassRuntime.startup(InjectedClassRuntime.java:54) > at org.jacoco.agent.rt.internal_3570298.PreMain.premain(PreMain.java:53) > ... 6 more > Caused by: java.lang.LinkageError: loader 'bootstrap' attempted duplicate > class definition for java.lang.$JaCoCo. > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.System$2.defineClass(System.java:2127) > at > java.base/java.lang.invoke.MethodHandles$Lookup.defineClass(MethodHandles.java:962) > ... 13 more > FATAL ERROR in native method: processing of -javaagent failed > {noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
+1 regards, Karl On Friday, May 20, 2022, Carsten Ziegeler wrote: > +1 > > Carsten > > Am 20.05.2022 um 13:43 schrieb Robert Munteanu: > >> Hi, >> >> We solved 4 issues in this release: >> https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 >> >> Staging repository: >> https://repository.apache.org/content/repositories/orgapachesling-2640/ >> >> You can use this UNIX script to download the release and verify the >> signatures: >> https://gitbox.apache.org/repos/asf?p=sling-tooling-release. >> git;a=blob;f=check_staged_release.sh;hb=HEAD >> >> Usage: >> sh check_staged_release.sh 2640 /tmp/sling-staging >> >> Please vote to approve this release: >> >>[ ] +1 Approve the release >>[ ] 0 Don't care >>[ ] -1 Don't release, because ... >> >> This majority vote is open for at least 72 hours. >> >> Regards, >> Robert Munteanu >> > > -- > Carsten Ziegeler > Adobe > cziege...@apache.org > -- Karl Pauls karlpa...@gmail.com
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
+1 Carsten Am 20.05.2022 um 13:43 schrieb Robert Munteanu: Hi, We solved 4 issues in this release: https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2640/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2640 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Robert Munteanu -- Carsten Ziegeler Adobe cziege...@apache.org
[VOTE] Release Apache Sling XSS Protection API 2.2.20
Hi, We solved 4 issues in this release: https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2640/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2640 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Robert Munteanu
[jira] [Updated] (SLING-11111) Update to AntiSamy 1.6.5
[ https://issues.apache.org/jira/browse/SLING-1?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-1: Fix Version/s: XSS Protection API 2.2.22 (was: XSS Protection API 2.2.20) > Update to AntiSamy 1.6.5 > > > Key: SLING-1 > URL: https://issues.apache.org/jira/browse/SLING-1 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Reporter: Robert Munteanu >Priority: Major > Fix For: XSS Protection API 2.2.22 > > Time Spent: 0.5h > Remaining Estimate: 0h > > There is a new release of AntiSamy, which has changed the way XML Transformer > Factory is looked up. We should investigate is this is a viable change for > us, since it uses system properties. > See [AntiSamy commit > 7ff740de|https://github.com/nahsra/antisamy/commit/7ff740de5cd3577c49aca61c985f376de9f8884c] > and [AntiSamy issue 103|https://github.com/nahsra/antisamy/issues/103]. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Resolved] (SLING-11326) Deprecate processing of embedded style sheets
[ https://issues.apache.org/jira/browse/SLING-11326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-11326. - Resolution: Fixed Fixed in https://github.com/apache/sling-org-apache-sling-xss/pull/23 . > Deprecate processing of embedded style sheets > - > > Key: SLING-11326 > URL: https://issues.apache.org/jira/browse/SLING-11326 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: XSS Protection API 2.2.20 > > Time Spent: 0.5h > Remaining Estimate: 0h > > When validating HTML, external stylesheets embedded in style tags are > loaded and inlined. For example, validating > --- > Hello, world > > h1 { color: red } > @import "https://example.com/my-awesome-input.css" > > --- > Will access https://example.com/my-awesome-input.css, inline it in the > style tag, and validate it. > This functionality is disabled in the default configuration we ship > with Sling. I think this can have a stability and performance impact > when enabled and therefore I propose that we stop supporting it in the > future. > See also https://lists.apache.org/thread/l1yfmc6jkd9gx5bmx509dy25dc6o434m -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [sling-org-apache-sling-xss] rombert merged pull request #23: SLING-11326 - Deprecate processing of embedded style sheets
rombert merged PR #23: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/23 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] sonarcloud[bot] commented on pull request #23: SLING-11326 - Deprecate processing of embedded style sheets
sonarcloud[bot] commented on PR #23: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/23#issuecomment-1132737637 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-xss=23) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=23=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=23=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=23=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=23=false=CODE_SMELL) [![60.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png '60.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=23=new_coverage=list) [60.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=23=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=23=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=23=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-8309) Allow adding CommitHooks and EditorProviders dynamically from bundles
[ https://issues.apache.org/jira/browse/SLING-8309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz resolved SLING-8309. - Resolution: Won't Fix > Allow adding CommitHooks and EditorProviders dynamically from bundles > - > > Key: SLING-8309 > URL: https://issues.apache.org/jira/browse/SLING-8309 > Project: Sling > Issue Type: Improvement > Components: Oak >Reporter: Sergiu Dumitriu >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > Currently, {{OakSlingRepositoryManager}} uses a hard-coded list of > {{CommitHook}} and {{EditorProvider}} to be used by the Oak repository. This > means that other than building a patched version of > {{OakSlingRepositoryManager}} there's no way to include a new commit > observer. Ideally, a single pseudo-\{{CommitHook}} and > pseudo-\{{EditorProvider}} should be handled to Oak, and these should just > dynamically aggregate all the {{CommitHook}} and {{EditorProvider}} instances > registered in the {{Whiteboard}}. > All the currently hardcoded components are already available in the > whiteboard, so no functionality will be lost, but this change will > automatically enable support for {{mix:atomicCounter}} via the > {{AtomicCounterEditorProvider}} that's not used at the moment. > The old behavior should still be available via a new configuration, > {{OakSlingRepositoryManagerConfiguration#dynamic_components}}. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Closed] (SLING-8309) Allow adding CommitHooks and EditorProviders dynamically from bundles
[ https://issues.apache.org/jira/browse/SLING-8309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz closed SLING-8309. --- > Allow adding CommitHooks and EditorProviders dynamically from bundles > - > > Key: SLING-8309 > URL: https://issues.apache.org/jira/browse/SLING-8309 > Project: Sling > Issue Type: Improvement > Components: Oak >Reporter: Sergiu Dumitriu >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > Currently, {{OakSlingRepositoryManager}} uses a hard-coded list of > {{CommitHook}} and {{EditorProvider}} to be used by the Oak repository. This > means that other than building a patched version of > {{OakSlingRepositoryManager}} there's no way to include a new commit > observer. Ideally, a single pseudo-\{{CommitHook}} and > pseudo-\{{EditorProvider}} should be handled to Oak, and these should just > dynamically aggregate all the {{CommitHook}} and {{EditorProvider}} instances > registered in the {{Whiteboard}}. > All the currently hardcoded components are already available in the > whiteboard, so no functionality will be lost, but this change will > automatically enable support for {{mix:atomicCounter}} via the > {{AtomicCounterEditorProvider}} that's not used at the moment. > The old behavior should still be available via a new configuration, > {{OakSlingRepositoryManagerConfiguration#dynamic_components}}. -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: [RFC] Stop supporting embedded stylesheets in the Sling XSS bundle
Thanks Carsten and Oliver. I've filed https://issues.apache.org/jira/browse/SLING-11326 and will create a release which includes it soon. Robert On Thu, 2022-05-19 at 14:29 +0200, Oliver Lietz wrote: > On Thursday, 19 May 2022 14:11:14 CEST Robert Munteanu wrote: > > Hi, > > > > Our Sling XSS bundle uses AntiSamy for HTML sanitisation. There is > > an > > effort to move over to the Java HTML cleaner [1]. Mapping out the > > functionality currently supported revealead a feature that is IMO > > of > > uncertain value. > > > > When validating HTML, external stylesheets embedded in style tags > > are > > loaded and inlined. For example, validating > > > > --- > > Hello, world > > > > h1 { color: red } > > @import "https://example.com/my-awesome-input.css" > > > > --- > > > > Will access https://example.com/my-awesome-input.css, inline it in > > the > > style tag, and validate it. > > > > This functionality is disabled in the default configuration we ship > > with Sling. I think this can have a stability and performance > > impact > > when enabled and therefore I propose that we stop supporting it in > > the > > future. > > > > I would start with logging a WARN message when stylesheet embedding > > is > > supported for the next patch version of the XSS bundle and then > > removing the functionality in the next minor version. > > > > Thoughts? > > +1 deprecate and remove > > O. > > > > Thanks, > > Robert > > > > > > [1]: https://issues.apache.org/jira/browse/SLING-7231 > > > >
[GitHub] [sling-org-apache-sling-xss] rombert opened a new pull request, #23: SLING-11326 - Deprecate processing of embedded style sheets
rombert opened a new pull request, #23: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/23 Log a warning message if embedded stylesheet processing is enabled. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-11325) Update to parent pom 47
[ https://issues.apache.org/jira/browse/SLING-11325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-11325. - Resolution: Fixed Fixed with https://github.com/apache/sling-org-apache-sling-xss/pull/22 > Update to parent pom 47 > --- > > Key: SLING-11325 > URL: https://issues.apache.org/jira/browse/SLING-11325 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: XSS Protection API 2.2.20 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [sling-org-apache-sling-xss] rombert merged pull request #22: SLING-11325 - Update to parent pom 47
rombert merged PR #22: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/22 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] sonarcloud[bot] commented on pull request #22: SLING-11325 - Update to parent pom 47
sonarcloud[bot] commented on PR #22: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/22#issuecomment-1132700101 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-xss=22) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=22=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=22=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=22=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=22=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=22=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=22=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=22=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-11326) Deprecate processing of embedded style sheets
Robert Munteanu created SLING-11326: --- Summary: Deprecate processing of embedded style sheets Key: SLING-11326 URL: https://issues.apache.org/jira/browse/SLING-11326 Project: Sling Issue Type: Improvement Components: XSS Protection API Reporter: Robert Munteanu Assignee: Robert Munteanu Fix For: XSS Protection API 2.2.20 When validating HTML, external stylesheets embedded in style tags are loaded and inlined. For example, validating --- Hello, world h1 { color: red } @import "https://example.com/my-awesome-input.css" --- Will access https://example.com/my-awesome-input.css, inline it in the style tag, and validate it. This functionality is disabled in the default configuration we ship with Sling. I think this can have a stability and performance impact when enabled and therefore I propose that we stop supporting it in the future. See also https://lists.apache.org/thread/l1yfmc6jkd9gx5bmx509dy25dc6o434m -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (SLING-11325) Update to parent pom 47
Robert Munteanu created SLING-11325: --- Summary: Update to parent pom 47 Key: SLING-11325 URL: https://issues.apache.org/jira/browse/SLING-11325 Project: Sling Issue Type: Improvement Components: XSS Protection API Reporter: Robert Munteanu Assignee: Robert Munteanu Fix For: XSS Protection API 2.2.20 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (SLING-11324) Investigate issue with JaCoCo
Oliver Lietz created SLING-11324: Summary: Investigate issue with JaCoCo Key: SLING-11324 URL: https://issues.apache.org/jira/browse/SLING-11324 Project: Sling Issue Type: Task Reporter: Oliver Lietz Assignee: Oliver Lietz {noformat} Exception in thread "main" java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513) at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:525) Caused by: java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.jacoco.agent.rt.internal_3570298.core.runtime.InjectedClassRuntime$Lookup.defineClass(InjectedClassRuntime.java:134) at org.jacoco.agent.rt.internal_3570298.core.runtime.InjectedClassRuntime.startup(InjectedClassRuntime.java:54) at org.jacoco.agent.rt.internal_3570298.PreMain.premain(PreMain.java:53) ... 6 more Caused by: java.lang.LinkageError: loader 'bootstrap' attempted duplicate class definition for java.lang.$JaCoCo. at java.base/java.lang.ClassLoader.defineClass1(Native Method) at java.base/java.lang.System$2.defineClass(System.java:2127) at java.base/java.lang.invoke.MethodHandles$Lookup.defineClass(MethodHandles.java:962) ... 13 more FATAL ERROR in native method: processing of -javaagent failed {noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (SLING-11323) Update sling-jcr-davex to parent 47
Ashok Pelluru created SLING-11323: - Summary: Update sling-jcr-davex to parent 47 Key: SLING-11323 URL: https://issues.apache.org/jira/browse/SLING-11323 Project: Sling Issue Type: Sub-task Reporter: Ashok Pelluru Fix For: JCR Davex 1.3.12 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [sling-org-apache-sling-jcr-davex] sonarcloud[bot] commented on pull request #1: Sling update to 47
sonarcloud[bot] commented on PR #1: URL: https://github.com/apache/sling-org-apache-sling-jcr-davex/pull/1#issuecomment-1132536836 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-davex=1) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-davex=1=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-davex=1=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-davex=1=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=CODE_SMELL) [![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png '100.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-jcr-davex] sonarcloud[bot] commented on pull request #1: Sling update to 47
sonarcloud[bot] commented on PR #1: URL: https://github.com/apache/sling-org-apache-sling-jcr-davex/pull/1#issuecomment-1132526447 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-davex=1) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-davex=1=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-davex=1=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-davex=1=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-davex=1=false=CODE_SMELL) [![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png '100.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-davex=1=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org