[jira] [Updated] (CONFIGURATION-826) INIConfiguration collection property support
[ https://issues.apache.org/jira/browse/CONFIGURATION-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ChenYuwang updated CONFIGURATION-826: - Issue Type: Bug (was: Improvement) > INIConfiguration collection property support > > > Key: CONFIGURATION-826 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 > Project: Commons Configuration > Issue Type: Bug > Components: Expression engine >Affects Versions: 2.8.0 >Reporter: ChenYuwang >Priority: Blocker > Fix For: Nightly Builds, 2.9.0 > > Attachments: image-2022-11-11-11-36-20-196.png > > > [https://shiro.apache.org/configuration.html] > !image-2022-11-11-11-36-20-196.png! > The comma-separated string after the = needs to be the whole as the value.For > example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (CONFIGURATION-826) INIConfiguration collection property support
ChenYuwang created CONFIGURATION-826: Summary: INIConfiguration collection property support Key: CONFIGURATION-826 URL: https://issues.apache.org/jira/browse/CONFIGURATION-826 Project: Commons Configuration Issue Type: Improvement Components: Expression engine Affects Versions: 2.8.0 Reporter: ChenYuwang Fix For: Nightly Builds, 2.9.0 Attachments: image-2022-11-11-11-36-20-196.png [https://shiro.apache.org/configuration.html] !image-2022-11-11-11-36-20-196.png! The comma-separated string after the = needs to be the whole as the value.For example "a=b,c,d", the current parsing becomes a=b -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CONFIGURATION-645) INIConfiguration: comment lines are removed after saving changes
[ https://issues.apache.org/jira/browse/CONFIGURATION-645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17632032#comment-17632032 ] ChenYuwang commented on CONFIGURATION-645: -- I have the same problem, hope someone solve it > INIConfiguration: comment lines are removed after saving changes > > > Key: CONFIGURATION-645 > URL: https://issues.apache.org/jira/browse/CONFIGURATION-645 > Project: Commons Configuration > Issue Type: Bug >Affects Versions: 2.1 >Reporter: javix >Priority: Major > > I have a very large ini file with multiple sections. I added some comment > lines to my sections. > Before closing my app some values will be changed. But afterwards the changed > file does not contains my comments. > Here is a example: > {noformat} > [SECTION] > ;comment for this section > lastTimeStamp=(here some date) > {noformat} > After saving the file contains following content: > {noformat} > [SECTION] > lastTimeStamp=(here some date) > {noformat} > I think it is a bug, because the comments are allowed and very useful content > of a ini file and should not be removed. > (sorry for my not perfect english) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (CONFIGURATION-825) INIConfiguration marks exceptions that will not be thrown
ChenYuwang created CONFIGURATION-825: Summary: INIConfiguration marks exceptions that will not be thrown Key: CONFIGURATION-825 URL: https://issues.apache.org/jira/browse/CONFIGURATION-825 Project: Commons Configuration Issue Type: Improvement Components: Expression engine Affects Versions: 2.8.0 Environment: java 8,win ,the file content is "/error/" Reporter: ChenYuwang Fix For: 2.9.0 INIConfiguration.read() & INIConfiguration.write() marks ConfigurationException, but has no chance to throw. I understand that a ConfigurationException should be thrown if INIConfiguration read something that is not ini‘s format, but currently it doesn't. INIConfiguration just ignores everything it doesn't recognize. For example, the file content is "/error/" -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (JXPATH-199) OSS-Fuzz Integration of JXPath
[ https://issues.apache.org/jira/browse/JXPATH-199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17616742#comment-17616742 ] ChenYuwang commented on JXPATH-199: --- Looking forward to the community to fix this vulnerability as soon as possible > OSS-Fuzz Integration of JXPath > -- > > Key: JXPATH-199 > URL: https://issues.apache.org/jira/browse/JXPATH-199 > Project: Commons JXPath > Issue Type: Improvement >Reporter: Roman Wagner >Priority: Major > > Hi all, > I have prepared the initial integration > [https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/77378631c5593c7538193ecbff4f6edf8338ffe8] > of JXPath into [google oss-fuzz|https://github.com/google/oss-fuzz]. This > will enable continuous fuzzing of this project, which will be conducted by > Google. Bugs that will be found by fuzzing will be reported to you. After the > initial integration of this project into oss-fuzz, I will continue to add > additional fuzz tests to improve the code coverage over time. > The integration requires a primary contact, someone to deal with the bug > reports submitted by oss-fuzz. The email address needs to belong to an > established project committer and be associated with a Google account as per > [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/]. > When a bug is found, you will receive an email that will provide you with > access to ClusterFuzz, crash reports, and fuzzer statistics. More than 1 > person can be included. Please let me know who I should include, if anyone. > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] is used for > fuzzing Java applications. Jazzer is a coverage-guided, in-process fuzzer for > the JVM platform developed by Code Intelligence. It is based on libFuzzer and > brings many of its instrumentation-powered mutation features to the JVM. > Jazzer has already found several bugs in JVM applications: [Jazzer > Findings|https://github.com/CodeIntelligenceTesting/jazzer#findings] > Please let me know if you have any questions regarding fuzzing or the > oss-fuzz integration. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (JXPATH-200) CVE-2022-41852 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
[ https://issues.apache.org/jira/browse/JXPATH-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17616741#comment-17616741 ] ChenYuwang commented on JXPATH-200: --- Looking forward to the community to fix this vulnerability as soon as possible > CVE-2022-41852 Use of Externally-Controlled Input to Select Classes or Code > ('Unsafe Reflection') > - > > Key: JXPATH-200 > URL: https://issues.apache.org/jira/browse/JXPATH-200 > Project: Commons JXPath > Issue Type: Bug >Affects Versions: 1.3 >Reporter: Nicolò Mendola >Priority: Blocker > Fix For: 1.4 > > > There is a CVE detected in jxpath 1.3. and prior. Could you take a look? > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe > Reflection') > [https://avd.aquasec.com/nvd/2022/cve-2022-41852/] > Best Regards -- This message was sent by Atlassian Jira (v8.20.10#820010)