[jira] [Commented] (SLING-11912) Empty configuration in ServiceUserMapperImpl's Required Principal/User validators results in 503
[ https://issues.apache.org/jira/browse/SLING-11912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739799#comment-17739799 ] Carsten Ziegeler commented on SLING-11912: -- while I agree that this is a bug in the webconsole, I think Sling could be more lenient and ignore those empty values (in addition to fixing the bug in the webconsole) > Empty configuration in ServiceUserMapperImpl's Required Principal/User > validators results in 503 > > > Key: SLING-11912 > URL: https://issues.apache.org/jira/browse/SLING-11912 > Project: Sling > Issue Type: Bug > Components: Service User Mapper >Affects Versions: Service User Mapper 1.5.6 >Reporter: Sagar Miglani >Assignee: Sagar Miglani >Priority: Major > Fix For: Service User Mapper 1.5.8 > > > 1) In webconsole configuration manager, open {{Apache Sling Service User > Mapper Serviceorg.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl}} > 2) Before making any change the configuration is: > {code:xml} > :org.apache.felix.configadmin.revision:=L"1" > require.validation=B"true" > service.pid="org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl" > user.enable.default.mapping=B"false" > {code} > 3) Without changing the configuration click on {{save}}, the configuration > becomes: > {code:xml} > :org.apache.felix.configadmin.revision:=L"8" > require.validation=B"true" > required.principal.validators=[ \ > "", \ > ] > required.user.validators=[ \ > "", \ > ] > service.pid="org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl" > user.default="" > user.enable.default.mapping=B"false" > {code} > i.e {{required.principal.validators}} and {{required.user.validators}} have > an empty value and due to this all sling requests return > {code:xml} > "HTTP ERROR 503 ServletResolver service missing, cannot service requests". > {code} > This persistence of empty configuration seems to be behaviour of > {{felix.webconsole}}. But IMO sling requests should not fail due to empty > values. > (The above scenario was reproduced in an AEM instance) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-org-apache-sling-xss] stefanseifert commented on pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
stefanseifert commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#issuecomment-1619125591 best thing of course would be to get rid of guava completely, but this is out of our hands as long as we want to use java-html-sanitizer for xss. imho using oak-shaded-guava is not a good idea - as the name suggest this should only be used by oak, and may be updated (or removed) by the oak team at any time. and guava does not play nicely with OSGi package versions (https://github.com/google/guava/issues/1682), increasing all packages with major version updates even if not needed. (this discussion should've been placed in [SLING-7231](https://issues.apache.org/jira/browse/SLING-7231), which was released long ago. in this PR, we're just shading the artifact, it was embedded before already.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] enapps-enorman commented on pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
enapps-enorman commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#issuecomment-1619044378 > in this case guava is a dependency of the also embedded https://github.com/OWASP/java-html-sanitizer, so we need it here and even in a specific version. maybe we can get rid of it when if [OWASP/java-html-sanitizer#272](https://github.com/OWASP/java-html-sanitizer/pull/272) gets resolved. It would definitely be great to see people stop using guava when it is not necessary. But I'm not sure your conclusion is quite right. I assume the guava dependency is more of a "minimum" version (30.1-jre?) rather than a specific version. The 32.0.1-jre version in oak-shaded-guava should be compatible? In that case, then if you configure the maven-shade-plugin to use the same re-written package name as the oak-shaded-guava uses, then it would rewrite the third-party binary bytecode to be compatible. At that point, there should be no need to embed any of the com.google.common.* as a private package here. The runtime could resolve those from the oak-shaded-guava bundle instead and the xss bundle would go from ~4MB to ~2MB without losing any functionality. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[Jenkins] Sling » Modules » sling-org-apache-sling-starter » master #899 is FIXED
Please see https://ci-builds.apache.org/job/Sling/job/modules/job/sling-org-apache-sling-starter/job/master/899/ for details. No further emails will be sent until the status of the build is changed.
[GitHub] [sling-org-apache-sling-starter] renovate-bot closed pull request #146: chore(deps): update dependency org.apache.sling:org.apache.sling.xss to v2.3.8 - autoclosed
renovate-bot closed pull request #146: chore(deps): update dependency org.apache.sling:org.apache.sling.xss to v2.3.8 - autoclosed URL: https://github.com/apache/sling-org-apache-sling-starter/pull/146 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-starter] renovate-bot opened a new pull request, #184: chore(deps): update apache pdfbox to v2.0.29
renovate-bot opened a new pull request, #184: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/184 [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.pdfbox:fontbox](http://pdfbox.apache.org/) ([source](http://svn.apache.org/viewvc/maven/pom/tags/2.0.29/pdfbox-parent)) | `2.0.28` -> `2.0.29` | [![age](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:fontbox/2.0.29/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:fontbox/2.0.29/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:fontbox/2.0.29/compatibility-slim/2.0.28)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:fontbox/2.0.29/confidence-slim/2.0.28)](https://docs.renovatebot.com/merge-confidence/) | | [org.apache.pdfbox:pdfbox](https://www.apache.org/) ([source](http://svn.apache.org/viewvc/maven/pom/tags/2.0.29/pdfbox-parent)) | `2.0.28` -> `2.0.29` | [![age](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:pdfbox/2.0.29/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:pdfbox/2.0.29/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:pdfbox/2.0.29/compatibility-slim/2.0.28)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/maven/org.apache.pdfbox:pdfbox/2.0.29/confidence-slim/2.0.28)](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/apache/sling-org-apache-sling-starter). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-starter] rombert merged pull request #183: chore(deps): update dependency org.apache.sling:org.apache.sling.xss to v2.3.8
rombert merged PR #183: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/183 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-models-jacksonexporter] sonarcloud[bot] commented on pull request #7: SLING-11924 disallow the serialization of a ResourceResolver
sonarcloud[bot] commented on PR #7: URL: https://github.com/apache/sling-org-apache-sling-models-jacksonexporter/pull/7#issuecomment-1618940497 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-models-jacksonexporter=7) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-jacksonexporter=7=false=CODE_SMELL) [![94.7%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png '94.7%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-models-jacksonexporter=7=new_coverage=list) [94.7% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-models-jacksonexporter=7=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-models-jacksonexporter=7=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-models-jacksonexporter=7=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] enapps-enorman commented on pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
enapps-enorman commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#issuecomment-1618857169 Is it really still necessary to embed another copy of guava in this bundle? If the reason for embedding guava was that it required a newer version than was required by oak, then has that not been resolved with OAK-9989? Just referencing the oak-shaded-guava instead of shading and embedding another private copy again would make this bundle much smaller. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-starter] rombert opened a new pull request, #183: chore(deps): update dependency org.apache.sling:org.apache.sling.xss to v2.3.8
rombert opened a new pull request, #183: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/183 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
[ https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739646#comment-17739646 ] Stefan Seifert edited comment on SLING-11882 at 7/3/23 2:54 PM: https://github.com/apache/sling-org-apache-sling-xss/commit/b4c305a741cfe5a9ebad0e3c63f104ad1768d2e9 was (Author: sseif...@pro-vision.de): https://github.com/apache/sling-org-apache-sling-xss/pull/34 > XSS Protection API: Apply shading/package relocation to embedded Guava+Co > Libraries > --- > > Key: SLING-11882 > URL: https://issues.apache.org/jira/browse/SLING-11882 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.0 >Reporter: Stefan Seifert >Assignee: Stefan Seifert >Priority: Major > Fix For: XSS Protection API 2.3.10 > > > with version 2.3.0 of the XSS Protection API the internal implementation was > switched to OWASP sanitizer library (esapi) in SLING-7231. > with this new implementation comes a load of 3rdparty libraries including a > guava version, which is embedded as private packages in the OSGi bundle. this > is completely fine from an OSGi bundle perspective and works. > however, in unit test contexts this can lead to problems, because depending > on the dependency order the embedded guava classes may overlay other guava > classes references in the same POM with a different version, leading to > problems running code in the unit test context. to prevent problems like > this, we usually apply a shading and relocation of the package names to > ensure such clashes in classpath does no happen. > the same problem may affect other libraries embedded in the bundle. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
[ https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seifert resolved SLING-11882. Resolution: Fixed https://github.com/apache/sling-org-apache-sling-xss/pull/34 > XSS Protection API: Apply shading/package relocation to embedded Guava+Co > Libraries > --- > > Key: SLING-11882 > URL: https://issues.apache.org/jira/browse/SLING-11882 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.0 >Reporter: Stefan Seifert >Assignee: Stefan Seifert >Priority: Major > Fix For: XSS Protection API 2.3.10 > > > with version 2.3.0 of the XSS Protection API the internal implementation was > switched to OWASP sanitizer library (esapi) in SLING-7231. > with this new implementation comes a load of 3rdparty libraries including a > guava version, which is embedded as private packages in the OSGi bundle. this > is completely fine from an OSGi bundle perspective and works. > however, in unit test contexts this can lead to problems, because depending > on the dependency order the embedded guava classes may overlay other guava > classes references in the same POM with a different version, leading to > problems running code in the unit test context. to prevent problems like > this, we usually apply a shading and relocation of the package names to > ensure such clashes in classpath does no happen. > the same problem may affect other libraries embedded in the bundle. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-org-apache-sling-xss] stefanseifert merged pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
stefanseifert merged PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] sonarcloud[bot] commented on pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
sonarcloud[bot] commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#issuecomment-1618505442 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-xss=34) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=34=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=34=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=34=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=34=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=34=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=34=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] rombert commented on a diff in pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
rombert commented on code in PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#discussion_r1250986213 ## pom.xml: ## @@ -172,6 +172,33 @@ + + +org.apache.maven.plugins +maven-shade-plugin + + + +com.google.guava:* + + +true + + +com.google.common + sling-xss.com.google.common Review Comment: Thanks for the change. I think this is a restriction of Java at the source level, but it seems to be legal bytecode. Before your change, the compiled java classes reference the 'sling-xss' package, see below snippet ``` $ javap -verbose -cp target/org.apache.sling.xss-2.3.9-SNAPSHOT.jar org.apache.sling.xss.impl.HtmlSanitizer (...) 47: invokespecial #86 // Method org/owasp/html/DynamicAttributesSanitizerPolicy."":(Lorg/owasp/html/HtmlStreamEventReceiver;Lsling-xss/com/google/common/collect/ImmutableMap;Lsling-xss/com/google/common/collect/ImmutableSet;Ljava/util/Map;Ljava/util/List;)V (...) More a curiosity than something to spend more time about. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] stefanseifert commented on a diff in pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
stefanseifert commented on code in PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#discussion_r1250982802 ## pom.xml: ## @@ -172,6 +172,33 @@ + + +org.apache.maven.plugins +maven-shade-plugin + + + +com.google.guava:* + + +true + + +com.google.common + sling-xss.com.google.common Review Comment: removed the dash -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] stefanseifert commented on a diff in pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
stefanseifert commented on code in PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#discussion_r1250980079 ## pom.xml: ## @@ -172,6 +172,33 @@ + + +org.apache.maven.plugins +maven-shade-plugin + + + +com.google.guava:* + + +true + + +com.google.common + sling-xss.com.google.common Review Comment: i stumbled over this as well when taking over the configuration from sling models impl bundle - it seems to work fine there, and i deployed this bundle in a local instance and it seems to work there as well. but we can also easily remove the dash here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-11916) MockEventAdminTest.testPostEvents times out on Jenkins/Windows
[ https://issues.apache.org/jira/browse/SLING-11916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739643#comment-17739643 ] Stefan Seifert commented on SLING-11916: maybe yes - on the other side the timeout is already configured to 3000ms - for a operation that usually should take only a few ms. and there is no I/O involved in the unit test. so it seems unlikely that an environment which is 50%-100% slower or so this leads to such a drastic increase. > MockEventAdminTest.testPostEvents times out on Jenkins/Windows > -- > > Key: SLING-11916 > URL: https://issues.apache.org/jira/browse/SLING-11916 > Project: Sling > Issue Type: Bug > Components: Testing >Reporter: Robert Munteanu >Priority: Major > Fix For: Testing OSGi Mock 3.3.10 > > > The error is > > {noformat} > [ERROR] org.apache.sling.testing.mock.osgi.MockEventAdminTest.testPostEvents > Time elapsed: 3.02 s <<< ERROR! > org.junit.runners.model.TestTimedOutException: test timed out after 3000 > milliseconds > {noformat} > and seems to affect both Java 11 and 17. > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/PR-27/1/pipeline > (Java 11, Windows) > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/229/pipeline > (Java 17, Windows) > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/228/pipeline > (Java 17, Windows) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-org-apache-sling-xss] sonarcloud[bot] commented on pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
sonarcloud[bot] commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#issuecomment-1618479804 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-xss=34) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=34=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=34=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=34=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=34=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=34=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=34=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=34=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-xss] rombert commented on a diff in pull request #34: SLING-11882 shade guava library to avoid classpath problems in unit tests
rombert commented on code in PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#discussion_r1250977716 ## pom.xml: ## @@ -172,6 +172,33 @@ + + +org.apache.maven.plugins +maven-shade-plugin + + + +com.google.guava:* + + +true + + +com.google.common + sling-xss.com.google.common Review Comment: Is this shadedPattern valid? Java package names cannot contain the `-` / dash character. ( https://docs.oracle.com/javase/specs/jls/se16/html/jls-3.html#jls-Identifier , https://docs.oracle.com/javase/specs/jls/se16/html/jls-7.html#jls-7.4.1 ) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-models-jacksonexporter] stefanseifert commented on pull request #7: SLING-11924 disallow the serialization of a ResourceResolver
stefanseifert commented on PR #7: URL: https://github.com/apache/sling-org-apache-sling-models-jacksonexporter/pull/7#issuecomment-1618469367 yes, this would be a better path to a step-by-step approach -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
[ https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739640#comment-17739640 ] Stefan Seifert commented on SLING-11882: proposal: https://github.com/apache/sling-org-apache-sling-xss/pull/34 i only shaded guava, i think the other deps and transitive deps should be not that problematic in unit tests. > XSS Protection API: Apply shading/package relocation to embedded Guava+Co > Libraries > --- > > Key: SLING-11882 > URL: https://issues.apache.org/jira/browse/SLING-11882 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.0 >Reporter: Stefan Seifert >Assignee: Stefan Seifert >Priority: Major > Fix For: XSS Protection API 2.3.10 > > > with version 2.3.0 of the XSS Protection API the internal implementation was > switched to OWASP sanitizer library (esapi) in SLING-7231. > with this new implementation comes a load of 3rdparty libraries including a > guava version, which is embedded as private packages in the OSGi bundle. this > is completely fine from an OSGi bundle perspective and works. > however, in unit test contexts this can lead to problems, because depending > on the dependency order the embedded guava classes may overlay other guava > classes references in the same POM with a different version, leading to > problems running code in the unit test context. to prevent problems like > this, we usually apply a shading and relocation of the package names to > ensure such clashes in classpath does no happen. > the same problem may affect other libraries embedded in the bundle. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
[ https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seifert reassigned SLING-11882: -- Assignee: Stefan Seifert > XSS Protection API: Apply shading/package relocation to embedded Guava+Co > Libraries > --- > > Key: SLING-11882 > URL: https://issues.apache.org/jira/browse/SLING-11882 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.0 >Reporter: Stefan Seifert >Assignee: Stefan Seifert >Priority: Major > Fix For: XSS Protection API 2.3.10 > > > with version 2.3.0 of the XSS Protection API the internal implementation was > switched to OWASP sanitizer library (esapi) in SLING-7231. > with this new implementation comes a load of 3rdparty libraries including a > guava version, which is embedded as private packages in the OSGi bundle. this > is completely fine from an OSGi bundle perspective and works. > however, in unit test contexts this can lead to problems, because depending > on the dependency order the embedded guava classes may overlay other guava > classes references in the same POM with a different version, leading to > problems running code in the unit test context. to prevent problems like > this, we usually apply a shading and relocation of the package names to > ensure such clashes in classpath does no happen. > the same problem may affect other libraries embedded in the bundle. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-11916) MockEventAdminTest.testPostEvents times out on Jenkins/Windows
[ https://issues.apache.org/jira/browse/SLING-11916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739639#comment-17739639 ] Robert Munteanu commented on SLING-11916: - Maybe the Windows VMs are simply slower/more loaded compared to the Linux VMs, leading to more frequent timeouts? > MockEventAdminTest.testPostEvents times out on Jenkins/Windows > -- > > Key: SLING-11916 > URL: https://issues.apache.org/jira/browse/SLING-11916 > Project: Sling > Issue Type: Bug > Components: Testing >Reporter: Robert Munteanu >Priority: Major > Fix For: Testing OSGi Mock 3.3.10 > > > The error is > > {noformat} > [ERROR] org.apache.sling.testing.mock.osgi.MockEventAdminTest.testPostEvents > Time elapsed: 3.02 s <<< ERROR! > org.junit.runners.model.TestTimedOutException: test timed out after 3000 > milliseconds > {noformat} > and seems to affect both Java 11 and 17. > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/PR-27/1/pipeline > (Java 11, Windows) > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/229/pipeline > (Java 17, Windows) > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/228/pipeline > (Java 17, Windows) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-org-apache-sling-models-jacksonexporter] joerghoh commented on pull request #7: SLING-11924 disallow the serialization of a ResourceResolver
joerghoh commented on PR #7: URL: https://github.com/apache/sling-org-apache-sling-models-jacksonexporter/pull/7#issuecomment-1618446820 @stefanseifert Sounds reasonable. So let me re-design that code a bit that its the public interface (that means: PID names and OSGI configuration) supports more than just the ResourceResolver, but the implementation will only support the RR for the moment. We can expand it in the future then. WDYT? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (SLING-11610) Sling XSS API 2.3.0 does not work on Java 17
[ https://issues.apache.org/jira/browse/SLING-11610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-11610. --- > Sling XSS API 2.3.0 does not work on Java 17 > > > Key: SLING-11610 > URL: https://issues.apache.org/jira/browse/SLING-11610 > Project: Sling > Issue Type: Bug >Affects Versions: XSS Protection API 2.3.0 >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: XSS Protection API 2.3.8 > > > Some of the reflection code introduced for the XSS bundle does not work on > Java 17. See also > https://github.com/apache/sling-org-apache-sling-starter/pull/76 > {noformat} > [INFO] Running org.apache.sling.xss.impl.AntiSamyPolicyTest > [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.281 > s <<< FAILURE! - in org.apache.sling.xss.impl.AntiSamyPolicyTest > [ERROR] org.apache.sling.xss.impl.AntiSamyPolicyTest Time elapsed: 0.281 s > <<< ERROR! > java.lang.IllegalStateException: java.lang.NoSuchFieldException: modifiers > at > org.apache.sling.xss.impl.AntiSamyPolicyAdapter.removeAttributeGuards(AntiSamyPolicyAdapter.java:274) > at > org.apache.sling.xss.impl.AntiSamyPolicyAdapter.(AntiSamyPolicyAdapter.java:52) > at org.apache.sling.xss.impl.HtmlSanitizer.(HtmlSanitizer.java:41) > at > org.apache.sling.xss.impl.AntiSamyPolicyTest.setup(AntiSamyPolicyTest.java:49) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:568) > at > org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:725) > at > org.junit.jupiter.engine.execution.MethodInvocation.proceed(MethodInvocation.java:60) > at > org.junit.jupiter.engine.execution.InvocationInterceptorChain$ValidatingInvocation.proceed(InvocationInterceptorChain.java:131) > at > org.junit.jupiter.engine.extension.TimeoutExtension.intercept(TimeoutExtension.java:149) > at > org.junit.jupiter.engine.extension.TimeoutExtension.interceptLifecycleMethod(TimeoutExtension.java:126) > at > org.junit.jupiter.engine.extension.TimeoutExtension.interceptBeforeAllMethod(TimeoutExtension.java:68) > at > org.junit.jupiter.engine.execution.ExecutableInvoker$ReflectiveInterceptorCall.lambda$ofVoidMethod$0(ExecutableInvoker.java:115) > at > org.junit.jupiter.engine.execution.ExecutableInvoker.lambda$invoke$0(ExecutableInvoker.java:105) > at > org.junit.jupiter.engine.execution.InvocationInterceptorChain$InterceptedInvocation.proceed(InvocationInterceptorChain.java:106) > at > org.junit.jupiter.engine.execution.InvocationInterceptorChain.proceed(InvocationInterceptorChain.java:64) > at > org.junit.jupiter.engine.execution.InvocationInterceptorChain.chainAndInvoke(InvocationInterceptorChain.java:45) > at > org.junit.jupiter.engine.execution.InvocationInterceptorChain.invoke(InvocationInterceptorChain.java:37) > at > org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:104) > at > org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:98) > at > org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$invokeBeforeAllMethods$11(ClassBasedTestDescriptor.java:397) > at > org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) > at > org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.invokeBeforeAllMethods(ClassBasedTestDescriptor.java:395) > at > org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.before(ClassBasedTestDescriptor.java:209) > at > org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.before(ClassBasedTestDescriptor.java:80) > at > org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:148) > at > org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) > at > org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141) > at > org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137) > at > org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139) > at > org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) > at >
[RESULT] [VOTE] Release Apache Sling XSS Protection API 2.3.8
Hi, The vote has passed with the following result: +1 (binding): Robert Munteanu, Stefan Seifert, Joerg Hoh +1 (non-binding): none I will copy this release to the Sling dist directory and promote the artifacts to the central Maven repository. Regards, Robert Munteanu
[GitHub] [sling-org-apache-sling-testing-osgi-mock] sonarcloud[bot] commented on pull request #28: SLING-11916 - MockEventAdminTest.testPostEvents times out on Jenkins/Windows
sonarcloud[bot] commented on PR #28: URL: https://github.com/apache/sling-org-apache-sling-testing-osgi-mock/pull/28#issuecomment-1618341024 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-osgi-mock=28) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-testing-osgi-mock] sonarcloud[bot] commented on pull request #28: SLING-11916 - MockEventAdminTest.testPostEvents times out on Jenkins/Windows
sonarcloud[bot] commented on PR #28: URL: https://github.com/apache/sling-org-apache-sling-testing-osgi-mock/pull/28#issuecomment-1618320406 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-osgi-mock=28) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling XSS Protection API 2.3.8
+1 Jörg Am Fr., 30. Juni 2023 um 13:44 Uhr schrieb Robert Munteanu < romb...@apache.org>: > Hi, > > We solved 1 issue in this release: > https://issues.apache.org/jira/browse/SLING/fixforversion/12353104 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2758/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2758 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Robert Munteanu > -- Cheers, Jörg Hoh, https://cqdump.joerghoh.de Twitter: @joerghoh
[jira] [Commented] (SLING-11916) MockEventAdminTest.testPostEvents times out on Jenkins/Windows
[ https://issues.apache.org/jira/browse/SLING-11916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739617#comment-17739617 ] Stefan Seifert commented on SLING-11916: i enabled debug logging in the PR for the unit tests, but all tests are green. so it seems this test is basically flaky, it does not fail always (on my local machine it fails only very rarely). > MockEventAdminTest.testPostEvents times out on Jenkins/Windows > -- > > Key: SLING-11916 > URL: https://issues.apache.org/jira/browse/SLING-11916 > Project: Sling > Issue Type: Bug > Components: Testing >Reporter: Robert Munteanu >Priority: Major > Fix For: Testing OSGi Mock 3.3.10 > > > The error is > > {noformat} > [ERROR] org.apache.sling.testing.mock.osgi.MockEventAdminTest.testPostEvents > Time elapsed: 3.02 s <<< ERROR! > org.junit.runners.model.TestTimedOutException: test timed out after 3000 > milliseconds > {noformat} > and seems to affect both Java 11 and 17. > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/PR-27/1/pipeline > (Java 11, Windows) > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/229/pipeline > (Java 17, Windows) > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-testing-osgi-mock/detail/master/228/pipeline > (Java 17, Windows) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-org-apache-sling-testing-osgi-mock] sonarcloud[bot] commented on pull request #28: SLING-11916 - MockEventAdminTest.testPostEvents times out on Jenkins/Windows
sonarcloud[bot] commented on PR #28: URL: https://github.com/apache/sling-org-apache-sling-testing-osgi-mock/pull/28#issuecomment-1618294433 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-testing-osgi-mock=28) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-testing-osgi-mock=28=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-testing-osgi-mock=28=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[Jenkins] Sling » Modules » sling-org-apache-sling-starter » master #898 is BROKEN
sling.starter --- [INFO] Failsafe report directory: /home/jenkins/workspace/_org-apache-sling-starter_master/jdk_11_latest/target/failsafe-reports [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 08:21 min [INFO] Finished at: 2023-07-03T11:26:32Z [INFO] [WARNING] [WARNING] Plugin validation issues were detected in 17 plugin(s) [WARNING] [WARNING] * org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5 [WARNING] * org.apache.maven.plugins:maven-site-plugin:3.12.0 [WARNING] * org.apache.sling:feature-launcher-maven-plugin:0.1.4 [WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.2 [WARNING] * org.jacoco:jacoco-maven-plugin:0.8.8 [WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.10.1 [WARNING] * org.codehaus.mojo:build-helper-maven-plugin:3.3.0 [WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0 [WARNING] * org.apache.geronimo.genesis.plugins:tools-maven-plugin:1.4 [WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1 [WARNING] * org.apache.maven.plugins:maven-dependency-plugin:3.3.0 [WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.2.0 [WARNING] * io.fabric8:docker-maven-plugin:0.43.0 [WARNING] * org.apache.sling:slingfeature-maven-plugin:1.7.0 [WARNING] * org.apache.rat:apache-rat-plugin:0.14 [WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.7.0 [WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5 [WARNING] [WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE] [WARNING] [INFO] [jenkins-event-spy] Generated /home/jenkins/workspace/_org-apache-sling-starter_master/jdk_11_latest@tmp/withMavene25b1418/maven-spy-20230703-111810-8665956498220171941089.log [ERROR] Failed to execute goal org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5:verify (default) on project org.apache.sling.starter: There are test failures. [ERROR] [ERROR] Please refer to /home/jenkins/workspace/_org-apache-sling-starter_master/jdk_11_latest/target/failsafe-reports for the individual test results. [ERROR] Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream. [ERROR] -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5:verify (default) on project org.apache.sling.starter: There are test failures. Please refer to /home/jenkins/workspace/_org-apache-sling-starter_master/jdk_11_latest/target/failsafe-reports for the individual test results. Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream. at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:347) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:330) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:175) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:76) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:163) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:160) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:910) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:566) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283) at org.codehaus.plexus.classworlds.launcher
[GitHub] [sling-org-apache-sling-event] stefan-egli commented on a diff in pull request #31: Fix infinite recursion issue: SLING-11918
stefan-egli commented on code in PR #31: URL: https://github.com/apache/sling-org-apache-sling-event/pull/31#discussion_r1250696403 ## src/main/java/org/apache/sling/event/impl/jobs/stats/GaugeSupport.java: ## @@ -150,8 +154,10 @@ private void registerWithSuffix(String suffix, int count, Gauge value) { metricRegistry.register(metricName, value); gaugeMetricNames.add(metricName); } catch (IllegalArgumentException e) { -if (queueName != null) { +if (queueName != null && count <= 10) { registerWithSuffix(suffix, count + 1, value); +} else { +logger.debug("Failed to register suffix {} for the queue {}, attempt {}", suffix, queueName, count, e); Review Comment: What about logging an error if it hits `10` and logging debug in any other case? eg like so: ```suggestion if (queueName != null && count <= 10) { logger.debug("Failed to register suffix {} for the queue {}, attempt {}, retrying.", suffix, queueName, count, e); registerWithSuffix(suffix, count + 1, value); } else { logger.error("Failed to register suffix {} for the queue {}, attempt {}, giving up.", suffix, queueName, count, e); ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling XSS Protection API 2.3.8
Hi, I am looking for one more binding vote. Thanks, Robert On Fri, 2023-06-30 at 11:40 +, Robert Munteanu wrote: > Hi, > > We solved 1 issue in this release: > https://issues.apache.org/jira/browse/SLING/fixforversion/12353104 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2758/ > > You can use this UNIX script to download the release and verify the > signatures: > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2758 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Robert Munteanu