Re: [PR] SLING-11382: Sling update to 47 [sling-org-apache-sling-jms]
sonarcloud[bot] commented on PR #3: URL: https://github.com/apache/sling-org-apache-sling-jms/pull/3#issuecomment-1773570711 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jms=3) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jms=3=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jms=3=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jms=3=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jms=3=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jms=3=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jms=3=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling Thumbnails version 1.0.2
+1 On Thu, Oct 19, 2023 at 7:22 PM Daniel Klco wrote: > Hi, > > We solved 3 issues in this release: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12350567=Text > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2798/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2798 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. >
Re: Please welcome Roy Teeuwen as new Sling committer
Hey all, The honor is all mine, thanks for welcoming me to the fold :). As a short intro, I can tell you that I started as an AEM developer around 10 years ago and immediatly became enthralled by the open-source community thriving in the frameworks around it, like Apache Sling, Oak and Felix. Today I’m a freelance developer, actively coaching other people to participate and contribute in open-source development. I try to create and maintain some frameworks through my own company brand, https://github.com/orbinson Roy On 20 Oct 2023 at 11:47 +0200, Stefan Seifert , wrote: > Hi Sling community, > > Based on his ongoing and valuable contributions to the project, the > Sling PMC has elected Roy Teeuwen as a Sling committer, and he > has accepted the invitation. > > Please join me in welcoming Roy! > > Roy - if you want to honor the old tradition of new committers > briefly introducing themselves to the list, feel free. > > Welcome! > > Stefan
[PR] SLING-12117 - Moving ServiceUnavailableFilter~startupandshutdown to app/starter feature [sling-org-apache-sling-starter]
klcodanr opened a new pull request, #260: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/260 The configuration `org.apache.felix.hc.core.impl.filter.ServiceUnavailableFilter~startupandshutdown` found in `src/main/features/healthcheck.json` references the starter content in its `responseTestFor503` property which will cause the model to fail to build if the starter content is not included in the aggregated feature model. To keep the Starter Content-related features together, I suggest moving this configuration to `src/main/features/app/starter.json` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-12117) startupandshutdown ServiceUnavailableFilter References Starter Content
Dan Klco created SLING-12117: Summary: startupandshutdown ServiceUnavailableFilter References Starter Content Key: SLING-12117 URL: https://issues.apache.org/jira/browse/SLING-12117 Project: Sling Issue Type: Bug Components: Starter Affects Versions: Starter 12 Reporter: Dan Klco Assignee: Dan Klco Fix For: Starter 13 The configuration _org.apache.felix.hc.core.impl.filter.ServiceUnavailableFilter~startupandshutdown_ found in _src/main/features/healthcheck.json_ references the starter content in it's _responseTestFor503_ property which will cause the model to fail to build if the starter content is not included in the aggregated feature model. To keep the Starter Content-related features together, I suggest moving this configuration to _src/main/features/app/starter.json_ -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-11485 - RepoInitValidator to check for content changes contradi… [sling-org-apache-sling-jcr-repoinit]
sonarcloud[bot] commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/34#issuecomment-1773192518 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-repoinit=34) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=CODE_SMELL) [19 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_coverage=list) [44.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_duplicated_lines_density=list)  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=sonarcloud-welcome) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump gson from 2.8.6 to 2.8.9 [sling-org-apache-sling-feature-cpconverter]
sonarcloud[bot] commented on PR #137: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/137#issuecomment-1773166855 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-feature-cpconverter=137) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=137=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=137=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=137=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=137=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.sling.jcr.base from 2.0.6 to 3.1.12 [sling-org-apache-sling-jcr-jackrabbit-usermanager]
sonarcloud[bot] commented on PR #17: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-usermanager/pull/17#issuecomment-1773158638 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-usermanager=17=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12116) Update transative google-guava dependency to version 32.1.3-jre
[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1874#comment-1874 ] Robert Munteanu commented on SLING-12116: - [~tvogel] - do you have a reference to a CVE or release notes for Guava? I applied it since it's a good idea anyway. > Update transative google-guava dependency to version 32.1.3-jre > --- > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Tatyana Vogel >Assignee: Tatyana Vogel >Priority: Critical > Fix For: XSS Protection API 2.3.10 > > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (SLING-12116) Update transative google-guava dependency to version 32.1.3-jre
[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-12116. - Fix Version/s: XSS Protection API 2.3.10 Resolution: Fixed > Update transative google-guava dependency to version 32.1.3-jre > --- > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Tatyana Vogel >Assignee: Tatyana Vogel >Priority: Critical > Fix For: XSS Protection API 2.3.10 > > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (SLING-12116) Update transative google-guava dependency to version 32.1.3-jre
[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu reassigned SLING-12116: --- Assignee: Tatyana Vogel > Update transative google-guava dependency to version 32.1.3-jre > --- > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Tatyana Vogel >Assignee: Tatyana Vogel >Priority: Critical > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12116 - Update transative guava dependency to version 32.1.3-jre [sling-org-apache-sling-xss]
rombert commented on PR #36: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/36#issuecomment-1773085589 PR applied, thanks @nonanalou for your contributoin! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12116 - Update transative guava dependency to version 32.1.3-jre [sling-org-apache-sling-xss]
rombert merged PR #36: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/36 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12116 - Update transative guava dependency to version 32.1.3-jre [sling-org-apache-sling-xss]
sonarcloud[bot] commented on PR #36: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/36#issuecomment-1773080763 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-xss=36) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=36=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=36=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-xss=36=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-xss=36=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=36=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=36=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-xss=36=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12116 - Update transative guava dependency to version 32.1.3-jre [sling-org-apache-sling-xss]
rombert commented on PR #36: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/36#issuecomment-1773063678 The build fails because of a Java 8 check > [ERROR] /home/robert/sources/apache/sling/org-apache-sling-xss/target/classes/com/google/common/hash/Hashing$Crc32cMethodHandles.class:512: Undefined reference: java.util.zip.Checksum java.lang.invoke.MethodHandle.invokeExact() According to https://github.com/google/guava/wiki/Compatibility, Guava officially supports Java 8. I wonder if this is a false issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-12116) Update transative google-guava dependency to version 32.1.3-jre
[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tatyana Vogel updated SLING-12116: -- Summary: Update transative google-guava dependency to version 32.1.3-jre (was: Update transative guava dependency to version 32.1.3-jre) > Update transative google-guava dependency to version 32.1.3-jre > --- > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Tatyana Vogel >Priority: Critical > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12116 - Update transative guava dependency to version 32.1.3-jre [sling-org-apache-sling-xss]
nonanalou commented on PR #36: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/36#issuecomment-1773026782 [SLING-12116](https://issues.apache.org/jira/browse/SLING-12116) - Update transative guava dependency to version 32.1.3-jre -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-12116) Update transative guava dependency to version 32.1.3-jre
[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tatyana Vogel updated SLING-12116: -- Summary: Update transative guava dependency to version 32.1.3-jre (was: org.apache.sling.xss-2.3.6.jar embeds vulnerable google-guava) > Update transative guava dependency to version 32.1.3-jre > > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Tatyana Vogel >Priority: Critical > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12116) org.apache.sling.xss-2.3.6.jar embeds vulnerable google-guava
Tatyana Vogel created SLING-12116: - Summary: org.apache.sling.xss-2.3.6.jar embeds vulnerable google-guava Key: SLING-12116 URL: https://issues.apache.org/jira/browse/SLING-12116 Project: Sling Issue Type: Bug Components: XSS Protection API Reporter: Tatyana Vogel The sling XSS library has a transitive dependency which embeds vulnerable google-guava. Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12108 Do no longer manually start bundles [sling-ide-tooling]
kwin merged PR #23: URL: https://github.com/apache/sling-ide-tooling/pull/23 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12107 - JCR Repoinit executes operations out of order [sling-org-apache-sling-jcr-repoinit]
kwin commented on PR #44: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/44#issuecomment-1772778419 For me repoinit is not an imperative language but rather a descriptive one of a certain state. Compare with https://sling.apache.org/documentation/bundles/repository-initialization.html > The code (in form of statements) being executed through repoinit ensures that the repository has a certain state. In case the repository cannot be set up as being mandated through the repoinit statements the startup of the repository fails. This may happen in case the existing parent nodes have node type restrictions which don't allow for the new repository state or in general when the existing node/property state is conflicting with the target one. Therefore the example of first creating and then deleting a group is something which IMHO should no be supported by repoinit. Rather one should allow to set unbound ACLs in the first place (see SLING-12115). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12107) JCR Repoinit executes operations out of order
[
https://issues.apache.org/jira/browse/SLING-12107?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1785#comment-1785
]
Konrad Windszus commented on SLING-12107:
-
[~jsedding] Can you add a paragraph on statement ordering in
https://sling.apache.org/documentation/bundles/repository-initialization.html?
> JCR Repoinit executes operations out of order
> -
>
> Key: SLING-12107
> URL: https://issues.apache.org/jira/browse/SLING-12107
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Affects Versions: Repoinit JCR 1.1.44
>Reporter: Julian Sedding
>Assignee: Julian Sedding
>Priority: Major
> Fix For: Repoinit JCR 1.1.46
>
>
> When applying ACLs, repoinit checks if the referenced authorizable exists,
> and it fails if it doesn't.
> However, my goal was to set up ACLs with my deployment for a group that was
> to be sync'ed from an {{ExternalIdentityProvider}} once the first member of
> that group logs in.
> To work around this limitation, I tried running the following repoinit script:
> {noformat}
> create group testGroup
> set ACL for testGroup
> allow jcr:read on /content/foo
> deny jcr:write on /content/foo
> end
> delete group testGroup
> {noformat}
> It turned out that the statements were executed in the following order:
> {noformat}
> create group testGroup
> delete group testGroup
> set ACL for testGroup
> allow jcr:read on /content/foo
> deny jcr:write on /content/foo
> end
> {noformat}
> Of course that caused the script to fail just as if no group was created.
> The incorrect ordering may also cause other scenarios to fail.
> The {{ExecutionOrderTest}} suggests that some re-ordering is done on purpose.
> E.g. namespaces and nodetypes should be created before e.g. paths are created.
> I would expect that registration of custom privileges should also be executed
> before other operations. I don't see how that could be harmful.
> But for all other statements, I would expect the execution order to match the
> order of the statements within the repoinit script.
> cc [~bdelacretaz], [~cziegeler], [~angela]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12115) Repoinit should leave importBehaviour for ACL creation to JCR
[
https://issues.apache.org/jira/browse/SLING-12115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1783#comment-1783
]
Konrad Windszus commented on SLING-12115:
-
We do have the (deprecated) statement {{set principal ACL}} which has lenient
behaviour. Wouldn't that work?
I won't modify semantics of already existing statements or are we talking about
statement {{set ACL}} (which is a an authorizable ACL)?
> Repoinit should leave importBehaviour for ACL creation to JCR
> -
>
> Key: SLING-12115
> URL: https://issues.apache.org/jira/browse/SLING-12115
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Affects Versions: Repoinit JCR 1.1.44
>Reporter: Julian Sedding
>Assignee: Julian Sedding
>Priority: Major
> Fix For: Repoinit JCR 1.1.46
>
>
> JCR Repoinit checks the existence of the principal, for which ACLs should be
> created. In an Oak repository, this check depends on the {{ImportBehaviour}}
> configured for the {{SecurityProvider}}. JCR Repoinit should not check, but
> instead rely on the repository's behaviour.
> cc [~angela]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] SLING-12107 - JCR Repoinit executes operations out of order [sling-org-apache-sling-jcr-repoinit]
anchela commented on PR #44: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/44#issuecomment-1772755997 @jsedding , i would have appreciated if you had given me (and everyone else invited for the review) just a tiny bit of time to take a look. i planned to review it today and now it's already merged. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
anchela commented on code in PR #45:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#discussion_r1366971895
##
src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java:
##
@@ -156,8 +156,11 @@ private static void setAcl(Session session, List
principals, String jcrP
if (principal == null) {
// backwards compatibility: fallback to original code treating
principal name as authorizable ID (see SLING-8604)
final Authorizable authorizable =
UserUtil.getAuthorizable(session, name);
-checkState(authorizable != null, "Authorizable not found:
{0}", name);
-principal = authorizable.getPrincipal();
+if (authorizable != null) {
+principal = authorizable.getPrincipal();
+} else {
+principal = () -> name;
Review Comment:
since the previous behavior was to throw an exception, i would recommend to
at least log a warning here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
sonarcloud[bot] commented on PR #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45#issuecomment-1772721509 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-repoinit=45) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=45=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=45=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12107 - JCR Repoinit executes operations out of order [sling-org-apache-sling-jcr-repoinit]
sonarcloud[bot] commented on PR #44: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/44#issuecomment-1772706037 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-repoinit=44) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=44=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=44=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=44=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=44=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=44=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] SLING-12115 - Repoinit should leave importBehaviour for ACL creation to JCR [sling-org-apache-sling-jcr-repoinit]
jsedding opened a new pull request, #45: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/45 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-12107) JCR Repoinit executes operations out of order
[
https://issues.apache.org/jira/browse/SLING-12107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julian Sedding updated SLING-12107:
---
Fix Version/s: Repoinit JCR 1.1.46
> JCR Repoinit executes operations out of order
> -
>
> Key: SLING-12107
> URL: https://issues.apache.org/jira/browse/SLING-12107
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Affects Versions: Repoinit JCR 1.1.44
>Reporter: Julian Sedding
>Assignee: Julian Sedding
>Priority: Major
> Fix For: Repoinit JCR 1.1.46
>
>
> When applying ACLs, repoinit checks if the referenced authorizable exists,
> and it fails if it doesn't.
> However, my goal was to set up ACLs with my deployment for a group that was
> to be sync'ed from an {{ExternalIdentityProvider}} once the first member of
> that group logs in.
> To work around this limitation, I tried running the following repoinit script:
> {noformat}
> create group testGroup
> set ACL for testGroup
> allow jcr:read on /content/foo
> deny jcr:write on /content/foo
> end
> delete group testGroup
> {noformat}
> It turned out that the statements were executed in the following order:
> {noformat}
> create group testGroup
> delete group testGroup
> set ACL for testGroup
> allow jcr:read on /content/foo
> deny jcr:write on /content/foo
> end
> {noformat}
> Of course that caused the script to fail just as if no group was created.
> The incorrect ordering may also cause other scenarios to fail.
> The {{ExecutionOrderTest}} suggests that some re-ordering is done on purpose.
> E.g. namespaces and nodetypes should be created before e.g. paths are created.
> I would expect that registration of custom privileges should also be executed
> before other operations. I don't see how that could be harmful.
> But for all other statements, I would expect the execution order to match the
> order of the statements within the repoinit script.
> cc [~bdelacretaz], [~cziegeler], [~angela]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (SLING-12107) JCR Repoinit executes operations out of order
[
https://issues.apache.org/jira/browse/SLING-12107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julian Sedding updated SLING-12107:
---
Issue Type: Bug (was: Task)
> JCR Repoinit executes operations out of order
> -
>
> Key: SLING-12107
> URL: https://issues.apache.org/jira/browse/SLING-12107
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
>Affects Versions: Repoinit JCR 1.1.44
>Reporter: Julian Sedding
>Assignee: Julian Sedding
>Priority: Major
>
> When applying ACLs, repoinit checks if the referenced authorizable exists,
> and it fails if it doesn't.
> However, my goal was to set up ACLs with my deployment for a group that was
> to be sync'ed from an {{ExternalIdentityProvider}} once the first member of
> that group logs in.
> To work around this limitation, I tried running the following repoinit script:
> {noformat}
> create group testGroup
> set ACL for testGroup
> allow jcr:read on /content/foo
> deny jcr:write on /content/foo
> end
> delete group testGroup
> {noformat}
> It turned out that the statements were executed in the following order:
> {noformat}
> create group testGroup
> delete group testGroup
> set ACL for testGroup
> allow jcr:read on /content/foo
> deny jcr:write on /content/foo
> end
> {noformat}
> Of course that caused the script to fail just as if no group was created.
> The incorrect ordering may also cause other scenarios to fail.
> The {{ExecutionOrderTest}} suggests that some re-ordering is done on purpose.
> E.g. namespaces and nodetypes should be created before e.g. paths are created.
> I would expect that registration of custom privileges should also be executed
> before other operations. I don't see how that could be harmful.
> But for all other statements, I would expect the execution order to match the
> order of the statements within the repoinit script.
> cc [~bdelacretaz], [~cziegeler], [~angela]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] SLING-12107 - JCR Repoinit executes operations out of order [sling-org-apache-sling-jcr-repoinit]
jsedding merged PR #44: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/44 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-12115) Repoinit should leave importBehaviour for ACL creation to JCR
Julian Sedding created SLING-12115:
--
Summary: Repoinit should leave importBehaviour for ACL creation to
JCR
Key: SLING-12115
URL: https://issues.apache.org/jira/browse/SLING-12115
Project: Sling
Issue Type: Bug
Components: Repoinit
Affects Versions: Repoinit JCR 1.1.44
Reporter: Julian Sedding
Assignee: Julian Sedding
Fix For: Repoinit JCR 1.1.46
JCR Repoinit checks the existence of the principal, for which ACLs should be
created. In an Oak repository, this check depends on the {{ImportBehaviour}}
configured for the {{SecurityProvider}}. JCR Repoinit should not check, but
instead rely on the repository's behaviour.
cc [~angela]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (SLING-12114) Update org.apache.sling.jcr.repoinit to parent pom 52
Julian Sedding created SLING-12114: -- Summary: Update org.apache.sling.jcr.repoinit to parent pom 52 Key: SLING-12114 URL: https://issues.apache.org/jira/browse/SLING-12114 Project: Sling Issue Type: Task Components: Repoinit Affects Versions: Repoinit JCR 1.1.44 Reporter: Julian Sedding Assignee: Julian Sedding Fix For: Repoinit JCR 1.1.46 Update to parent pom version 52, update used and remove unnecessary dependencies. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Please welcome Henry Kuijpers as new Sling committer
Hi Sling community, Based on his ongoing and valuable contributions to the project, the Sling PMC has elected Henry Kuijpers as a Sling committer, and he has accepted the invitation. Please join me in welcoming Henry! Henry - if you want to honor the old tradition of new committers briefly introducing themselves to the list, feel free. Welcome! Stefan
Please welcome Roy Teeuwen as new Sling committer
Hi Sling community, Based on his ongoing and valuable contributions to the project, the Sling PMC has elected Roy Teeuwen as a Sling committer, and he has accepted the invitation. Please join me in welcoming Roy! Roy - if you want to honor the old tradition of new committers briefly introducing themselves to the list, feel free. Welcome! Stefan
Re: [PR] Granite 47793 google guava [sling-org-apache-sling-xss]
rombert commented on PR #36: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/36#issuecomment-1772376082 @nonanalou - thanks for the PR. Can you please create a SLING jira explaining the need for an update? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-12113) CPConverter: Improve error message "File being unzipped is too big" for Sling-Initial-Content
[
https://issues.apache.org/jira/browse/SLING-12113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seifert resolved SLING-12113.
Resolution: Fixed
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/commit/7d64cf3ff804cb0ba3d71a55dcd953fa893d9512
> CPConverter: Improve error message "File being unzipped is too big" for
> Sling-Initial-Content
> -
>
> Key: SLING-12113
> URL: https://issues.apache.org/jira/browse/SLING-12113
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model
>Affects Versions: Content-Package to Feature Model Converter 1.3.4
>Reporter: Stefan Seifert
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Content-Package to Feature Model Converter 1.3.6
>
>
> if you use an OSGi bundle with Sling-Initial-Content, and the size of the
> unzipped content exceeds 100MB, currently an error messages without any
> context (out of a complex build) is issued:
> {noformat}
> Caused by: java.lang.IllegalStateException: File being unzipped is too big.
> at
> org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.SlingInitialContentBundleEntryMetaDataCollector.collectFromContextAndWriteTmpFiles
> (SlingInitialContentBundleEntryMetaDataCollector.java:105)
> at
> org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.BundleSlingInitialContentExtractor.extract
> (BundleSlingInitialContentExtractor.java:80)
> at
> org.apache.sling.feature.cpconverter.handlers.SlingInitialContentBundleHandler.processBundleInputStream
> (SlingInitialContentBundleHandler.java:53)
> at
> org.apache.sling.feature.cpconverter.handlers.BundleEntryHandler.handle
> (BundleEntryHandler.java:141)
> ...
> {noformat}
> this error messages should be improved to include the actual file name, and
> the actual limit that was hit (it's hard-coded 100MB in this case).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] SLING-12113 CPConverter: Improve error message "File being unzipped is too big" for Sling-Initial-Content [sling-org-apache-sling-feature-cpconverter]
stefanseifert merged PR #172: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/172 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12113 CPConverter: Improve error message "File being unzipped is too big" for Sling-Initial-Content [sling-org-apache-sling-feature-cpconverter]
sonarcloud[bot] commented on PR #172: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/172#issuecomment-1772295965 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-feature-cpconverter=172) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_coverage=list) [0.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12113 CPConverter: Improve error message "File being unzipped is too big" for Sling-Initial-Content [sling-org-apache-sling-feature-cpconverter]
sonarcloud[bot] commented on PR #172: URL: https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/172#issuecomment-1772294766 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-feature-cpconverter=172) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-feature-cpconverter=172=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_coverage=list) [0.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-feature-cpconverter=172=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (SLING-12113) CPConverter: Improve error message "File being unzipped is too big" for Sling-Initial-Content
[
https://issues.apache.org/jira/browse/SLING-12113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1624#comment-1624
]
Stefan Seifert edited comment on SLING-12113 at 10/20/23 8:09 AM:
--
with the improvement from
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/172
the new message will look like:
{noformat}
Sling-Initial-Content: File content being unzipped is too big (>100 MB):
/jcr_root/apps/myapp/install/mybundle-1.0.0-SNAPSHOT.jar
{noformat}
was (Author: sseif...@pro-vision.de):
with the improvement from
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/172
the new message will look like:
{noformat}
File content being unzipped is too big (>100 MB):
/jcr_root/apps/myapp/install/mybundle-1.0.0-SNAPSHOT.jar
{noformat}
> CPConverter: Improve error message "File being unzipped is too big" for
> Sling-Initial-Content
> -
>
> Key: SLING-12113
> URL: https://issues.apache.org/jira/browse/SLING-12113
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model
>Affects Versions: Content-Package to Feature Model Converter 1.3.4
>Reporter: Stefan Seifert
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Content-Package to Feature Model Converter 1.3.6
>
>
> if you use an OSGi bundle with Sling-Initial-Content, and the size of the
> unzipped content exceeds 100MB, currently an error messages without any
> context (out of a complex build) is issued:
> {noformat}
> Caused by: java.lang.IllegalStateException: File being unzipped is too big.
> at
> org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.SlingInitialContentBundleEntryMetaDataCollector.collectFromContextAndWriteTmpFiles
> (SlingInitialContentBundleEntryMetaDataCollector.java:105)
> at
> org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.BundleSlingInitialContentExtractor.extract
> (BundleSlingInitialContentExtractor.java:80)
> at
> org.apache.sling.feature.cpconverter.handlers.SlingInitialContentBundleHandler.processBundleInputStream
> (SlingInitialContentBundleHandler.java:53)
> at
> org.apache.sling.feature.cpconverter.handlers.BundleEntryHandler.handle
> (BundleEntryHandler.java:141)
> ...
> {noformat}
> this error messages should be improved to include the actual file name, and
> the actual limit that was hit (it's hard-coded 100MB in this case).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-12113) CPConverter: Improve error message "File being unzipped is too big" for Sling-Initial-Content
[
https://issues.apache.org/jira/browse/SLING-12113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1624#comment-1624
]
Stefan Seifert commented on SLING-12113:
with the improvement from
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/172
the new message will look like:
{noformat}
File content being unzipped is too big (>100 MB):
/jcr_root/apps/myapp/install/mybundle-1.0.0-SNAPSHOT.jar
{noformat}
> CPConverter: Improve error message "File being unzipped is too big" for
> Sling-Initial-Content
> -
>
> Key: SLING-12113
> URL: https://issues.apache.org/jira/browse/SLING-12113
> Project: Sling
> Issue Type: Improvement
> Components: Feature Model
>Affects Versions: Content-Package to Feature Model Converter 1.3.4
>Reporter: Stefan Seifert
>Assignee: Stefan Seifert
>Priority: Major
> Fix For: Content-Package to Feature Model Converter 1.3.6
>
>
> if you use an OSGi bundle with Sling-Initial-Content, and the size of the
> unzipped content exceeds 100MB, currently an error messages without any
> context (out of a complex build) is issued:
> {noformat}
> Caused by: java.lang.IllegalStateException: File being unzipped is too big.
> at
> org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.SlingInitialContentBundleEntryMetaDataCollector.collectFromContextAndWriteTmpFiles
> (SlingInitialContentBundleEntryMetaDataCollector.java:105)
> at
> org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.BundleSlingInitialContentExtractor.extract
> (BundleSlingInitialContentExtractor.java:80)
> at
> org.apache.sling.feature.cpconverter.handlers.SlingInitialContentBundleHandler.processBundleInputStream
> (SlingInitialContentBundleHandler.java:53)
> at
> org.apache.sling.feature.cpconverter.handlers.BundleEntryHandler.handle
> (BundleEntryHandler.java:141)
> ...
> {noformat}
> this error messages should be improved to include the actual file name, and
> the actual limit that was hit (it's hard-coded 100MB in this case).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (SLING-12113) CPConverter: Improve error message "File being unzipped is too big" for Sling-Initial-Content
Stefan Seifert created SLING-12113:
--
Summary: CPConverter: Improve error message "File being unzipped
is too big" for Sling-Initial-Content
Key: SLING-12113
URL: https://issues.apache.org/jira/browse/SLING-12113
Project: Sling
Issue Type: Improvement
Components: Feature Model
Affects Versions: Content-Package to Feature Model Converter 1.3.4
Reporter: Stefan Seifert
Assignee: Stefan Seifert
Fix For: Content-Package to Feature Model Converter 1.3.6
if you use an OSGi bundle with Sling-Initial-Content, and the size of the
unzipped content exceeds 100MB, currently an error messages without any context
(out of a complex build) is issued:
{noformat}
Caused by: java.lang.IllegalStateException: File being unzipped is too big.
at
org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.SlingInitialContentBundleEntryMetaDataCollector.collectFromContextAndWriteTmpFiles
(SlingInitialContentBundleEntryMetaDataCollector.java:105)
at
org.apache.sling.feature.cpconverter.handlers.slinginitialcontent.BundleSlingInitialContentExtractor.extract
(BundleSlingInitialContentExtractor.java:80)
at
org.apache.sling.feature.cpconverter.handlers.SlingInitialContentBundleHandler.processBundleInputStream
(SlingInitialContentBundleHandler.java:53)
at org.apache.sling.feature.cpconverter.handlers.BundleEntryHandler.handle
(BundleEntryHandler.java:141)
...
{noformat}
this error messages should be improved to include the actual file name, and the
actual limit that was hit (it's hard-coded 100MB in this case).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
RE: [VOTE] Release Apache Sling JCR Jackrabbit Access Manager 4.0.0, JCR Jackrabbit User Manager 2.2.28, Starter Content 1.0.14
+1 stefan
[jira] [Assigned] (SLING-12108) Problems occurred when invoking code from plug-in: "org.eclipse.jdt.core".
[
https://issues.apache.org/jira/browse/SLING-12108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus reassigned SLING-12108:
---
Assignee: Konrad Windszus
> Problems occurred when invoking code from plug-in: "org.eclipse.jdt.core".
> --
>
> Key: SLING-12108
> URL: https://issues.apache.org/jira/browse/SLING-12108
> Project: Sling
> Issue Type: Bug
> Components: IDE
>Affects Versions: Sling Eclipse IDE 2.0.0
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Eclipse IDE 2.0.0
>
>
> Whenever Sling Eclipse IDE features are installed in Eclipse 2023-09 the
> following errors can be observed in the log
> {code}
> org.eclipse.core.runtime.CoreException: Plug-in org.eclipse.jdt.launching was
> unable to load class
> org.eclipse.jdt.internal.launching.EECompilationParticipant.
> at
> org.eclipse.core.internal.registry.osgi.RegistryStrategyOSGI.throwException(RegistryStrategyOSGI.java:212)
> at
> org.eclipse.core.internal.registry.osgi.RegistryStrategyOSGI.createExecutableExtension(RegistryStrategyOSGI.java:198)
> at
> org.eclipse.core.internal.registry.ExtensionRegistry.createExecutableExtension(ExtensionRegistry.java:920)
> at
> org.eclipse.core.internal.registry.ConfigurationElement.createExecutableExtension(ConfigurationElement.java:246)
> at
> org.eclipse.core.internal.registry.ConfigurationElementHandle.createExecutableExtension(ConfigurationElementHandle.java:63)
> at
> org.eclipse.jdt.internal.core.JavaModelManager$CompilationParticipants$1.run(JavaModelManager.java:454)
> at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
> at
> org.eclipse.jdt.internal.core.JavaModelManager$CompilationParticipants.getCompilationParticipants(JavaModelManager.java:447)
> at
> org.eclipse.jdt.internal.core.builder.JavaBuilder.initializeBuilder(JavaBuilder.java:629)
> at
> org.eclipse.jdt.internal.core.builder.JavaBuilder.build(JavaBuilder.java:182)
> at
> org.eclipse.core.internal.events.BuildManager$2.run(BuildManager.java:1079)
> at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:296)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:352)
> at
> org.eclipse.core.internal.events.BuildManager$1.run(BuildManager.java:441)
> at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:444)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuildLoop(BuildManager.java:555)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuildLoop(BuildManager.java:503)
> at
> org.eclipse.core.internal.events.BuildManager.build(BuildManager.java:585)
> at
> org.eclipse.core.internal.events.AutoBuildJob.doBuild(AutoBuildJob.java:207)
> at
> org.eclipse.core.internal.events.AutoBuildJob.run(AutoBuildJob.java:300)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
> Caused by: java.lang.ClassNotFoundException: An error occurred while
> automatically activating bundle org.eclipse.jdt.launching (455).
> at
> org.eclipse.osgi.internal.hooks.EclipseLazyStarter.postFindLocalClass(EclipseLazyStarter.java:126)
> at
> org.eclipse.osgi.internal.loader.classpath.ClasspathManager.findLocalClass(ClasspathManager.java:570)
> at
> org.eclipse.osgi.internal.loader.ModuleClassLoader.findLocalClass(ModuleClassLoader.java:335)
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findLocalClass(BundleLoader.java:397)
> at
> org.eclipse.osgi.internal.loader.sources.SingleSourcePackage.loadClass(SingleSourcePackage.java:41)
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass0(BundleLoader.java:479)
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:416)
> at
> org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:168)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
> at java.base/java.lang.Class.getDeclaredMethods0(Native Method)
> at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3578)
> at java.base/java.lang.Class.getDeclaredMethod(Class.java:2846)
> at
> org.apache.felix.scr.impl.inject.methods.BaseMethod.getMethod(BaseMethod.java:347)
> at
> org.apache.felix.scr.impl.inject.methods.ActivateMethod.doFindMethod(ActivateMethod.java:70)
> at
> org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:173)
> at
>
[jira] [Updated] (SLING-12108) Problems occurred when invoking code from plug-in: "org.eclipse.jdt.core".
[
https://issues.apache.org/jira/browse/SLING-12108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated SLING-12108:
Fix Version/s: Sling Eclipse IDE 2.0.0
> Problems occurred when invoking code from plug-in: "org.eclipse.jdt.core".
> --
>
> Key: SLING-12108
> URL: https://issues.apache.org/jira/browse/SLING-12108
> Project: Sling
> Issue Type: Bug
> Components: IDE
>Affects Versions: Sling Eclipse IDE 2.0.0
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Eclipse IDE 2.0.0
>
>
> Whenever Sling Eclipse IDE features are installed in Eclipse 2023-09 the
> following errors can be observed in the log
> {code}
> org.eclipse.core.runtime.CoreException: Plug-in org.eclipse.jdt.launching was
> unable to load class
> org.eclipse.jdt.internal.launching.EECompilationParticipant.
> at
> org.eclipse.core.internal.registry.osgi.RegistryStrategyOSGI.throwException(RegistryStrategyOSGI.java:212)
> at
> org.eclipse.core.internal.registry.osgi.RegistryStrategyOSGI.createExecutableExtension(RegistryStrategyOSGI.java:198)
> at
> org.eclipse.core.internal.registry.ExtensionRegistry.createExecutableExtension(ExtensionRegistry.java:920)
> at
> org.eclipse.core.internal.registry.ConfigurationElement.createExecutableExtension(ConfigurationElement.java:246)
> at
> org.eclipse.core.internal.registry.ConfigurationElementHandle.createExecutableExtension(ConfigurationElementHandle.java:63)
> at
> org.eclipse.jdt.internal.core.JavaModelManager$CompilationParticipants$1.run(JavaModelManager.java:454)
> at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
> at
> org.eclipse.jdt.internal.core.JavaModelManager$CompilationParticipants.getCompilationParticipants(JavaModelManager.java:447)
> at
> org.eclipse.jdt.internal.core.builder.JavaBuilder.initializeBuilder(JavaBuilder.java:629)
> at
> org.eclipse.jdt.internal.core.builder.JavaBuilder.build(JavaBuilder.java:182)
> at
> org.eclipse.core.internal.events.BuildManager$2.run(BuildManager.java:1079)
> at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:296)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:352)
> at
> org.eclipse.core.internal.events.BuildManager$1.run(BuildManager.java:441)
> at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:444)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuildLoop(BuildManager.java:555)
> at
> org.eclipse.core.internal.events.BuildManager.basicBuildLoop(BuildManager.java:503)
> at
> org.eclipse.core.internal.events.BuildManager.build(BuildManager.java:585)
> at
> org.eclipse.core.internal.events.AutoBuildJob.doBuild(AutoBuildJob.java:207)
> at
> org.eclipse.core.internal.events.AutoBuildJob.run(AutoBuildJob.java:300)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
> Caused by: java.lang.ClassNotFoundException: An error occurred while
> automatically activating bundle org.eclipse.jdt.launching (455).
> at
> org.eclipse.osgi.internal.hooks.EclipseLazyStarter.postFindLocalClass(EclipseLazyStarter.java:126)
> at
> org.eclipse.osgi.internal.loader.classpath.ClasspathManager.findLocalClass(ClasspathManager.java:570)
> at
> org.eclipse.osgi.internal.loader.ModuleClassLoader.findLocalClass(ModuleClassLoader.java:335)
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findLocalClass(BundleLoader.java:397)
> at
> org.eclipse.osgi.internal.loader.sources.SingleSourcePackage.loadClass(SingleSourcePackage.java:41)
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass0(BundleLoader.java:479)
> at
> org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:416)
> at
> org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:168)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
> at java.base/java.lang.Class.getDeclaredMethods0(Native Method)
> at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3578)
> at java.base/java.lang.Class.getDeclaredMethod(Class.java:2846)
> at
> org.apache.felix.scr.impl.inject.methods.BaseMethod.getMethod(BaseMethod.java:347)
> at
> org.apache.felix.scr.impl.inject.methods.ActivateMethod.doFindMethod(ActivateMethod.java:70)
> at
> org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:173)
> at
>
