[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2021-05-31 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=604153&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-604153
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 31/May/21 14:43
Start Date: 31/May/21 14:43
Worklog Time Spent: 10m 
  Work Description: garydgregory commented on pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-851536240


   Please see git master.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 604153)
Time Spent: 1h 50m  (was: 1h 40m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Assignee: Gary D. Gregory
>Priority: Critical
>  Labels: security
> Fix For: 2.9.0
>
>  Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2021-05-31 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=604155&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-604155
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 31/May/21 14:43
Start Date: 31/May/21 14:43
Worklog Time Spent: 10m 
  Work Description: garydgregory closed pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 604155)
Time Spent: 2h  (was: 1h 50m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Assignee: Gary D. Gregory
>Priority: Critical
>  Labels: security
> Fix For: 2.9.0
>
>  Time Spent: 2h
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2021-05-10 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=593929&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-593929
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 10/May/21 12:00
Start Date: 10/May/21 12:00
Worklog Time Spent: 10m 
  Work Description: garydgregory commented on pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-836609786


   That's on my to-do list, pleas be patient, no guarantee, we are all
   volunteers, step one is to review...
   
   Gary
   
   On Mon, May 10, 2021, 01:43 ManjunathMS35 ***@***.***> wrote:
   
   > Hello, when could be the new release with this fix?
   >
   > —
   > You are receiving this because you were mentioned.
   > Reply to this email directly, view it on GitHub
   > ,
   > or unsubscribe
   > 

   > .
   >
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 593929)
Time Spent: 1h 40m  (was: 1.5h)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2021-05-09 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=593834&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-593834
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 10/May/21 05:43
Start Date: 10/May/21 05:43
Worklog Time Spent: 10m 
  Work Description: ManjunathMS35 commented on pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-836206072


   Hello, when could be the new release with this fix?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 593834)
Time Spent: 1.5h  (was: 1h 20m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2021-05-03 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=592136&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-592136
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 03/May/21 12:21
Start Date: 03/May/21 12:21
Worklog Time Spent: 10m 
  Work Description: fgdrf commented on pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-831223779


   here we go, finially found a solution by using StandardMBean.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 592136)
Time Spent: 1h 20m  (was: 1h 10m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2021-04-30 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=591415&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-591415
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 30/Apr/21 09:26
Start Date: 30/Apr/21 09:26
Worklog Time Spent: 10m 
  Work Description: fgdrf commented on pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-829966472


   build fails due to API incompatible change:
   ```
   Error:  Failed to execute goal 
com.github.siom79.japicmp:japicmp-maven-plugin:0.15.3:cmp (default-cli) on 
project commons-dbcp2: There is at least one incompatibility: 
org.apache.commons.dbcp2.BasicDataSourceMXBean.getPassword():METHOD_REMOVED -> 
[Help 1]
   Error:  
   Error:  To see the full stack trace of the errors, re-run Maven with the -e 
switch.
   Error:  Re-run Maven using the -X switch to enable full debug logging.
   Error:  
   Error:  For more information about the errors and possible solutions, please 
read the following articles:
   Error:  [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
   Error: Process completed with exit code 1.
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 591415)
Time Spent: 1h 10m  (was: 1h)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2021-04-29 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=591378&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-591378
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 30/Apr/21 06:46
Start Date: 30/Apr/21 06:46
Worklog Time Spent: 10m 
  Work Description: fgdrf commented on pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-829880497


   > 
   > 
   > Well, since we cannot get rid of the method within a major release, we 
need to workaround that by perhaps making it return always null but only when 
publishing an implementation as a JMX object, which might mean creating a 
wrapper class that delegates all methods except getPassword().
   
   How about creating a new interface, e.g. `IDataSourcePassword `is 
implemented by `BasicDataSource` and `getPassword()` method moves from 
`BasicDataSourceMXBean` to `IDataSourcePassword `. 
   
   Going to update this pull request with this approach ;)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 591378)
Time Spent: 1h  (was: 50m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 1h
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2020-10-01 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=493682&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-493682
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 01/Oct/20 20:59
Start Date: 01/Oct/20 20:59
Worklog Time Spent: 10m 
  Work Description: rhuddleston commented on pull request #38:
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-702394297


   Any updates on the plans for this @fgdrf ? It shows up on snyk reports 
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-559327 so would be nice if 
there was some fix. Thanks!



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 493682)
Time Spent: 50m  (was: 40m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 50m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2020-03-04 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=398074&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-398074
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 05/Mar/20 02:14
Start Date: 05/Mar/20 02:14
Worklog Time Spent: 10m 
  Work Description: garydgregory commented on issue #38: [DBCP-562] avoids 
exposing password via JMX
URL: https://github.com/apache/commons-dbcp/pull/38#issuecomment-594991633
 
 
   Well, since we cannot get rid of the method within a major release, we need 
to workaround that by perhaps making it return always null but only when 
publishing an implementation as a JMX object, which might mean creating a 
wrapper class that delegates all methods except getPassword().
 

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 398074)
Time Spent: 40m  (was: 0.5h)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2020-03-04 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=397937&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-397937
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 04/Mar/20 22:44
Start Date: 04/Mar/20 22:44
Worklog Time Spent: 10m 
  Work Description: fgdrf commented on pull request #38: [DBCP-562] avoids 
exposing password via JMX
URL: https://github.com/apache/commons-dbcp/pull/38#discussion_r387979387
 
 

 ##
 File path: src/main/java/org/apache/commons/dbcp2/BasicDataSourceMXBean.java
 ##
 @@ -201,13 +201,6 @@ default String getDefaultSchema() {
  */
 int getNumIdle();
 
-/**
 
 Review comment:
   @garydgregory Thanks for your fast feedback, I'll investigate if its 
possible to "filter" by attribute while register MBean. Since the method was 
public its exported. Any suggestions?
 

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 397937)
Time Spent: 0.5h  (was: 20m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2020-03-04 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=397917&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-397917
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 04/Mar/20 22:09
Start Date: 04/Mar/20 22:09
Worklog Time Spent: 10m 
  Work Description: garydgregory commented on pull request #38: [DBCP-562] 
avoids exposing password via JMX
URL: https://github.com/apache/commons-dbcp/pull/38#discussion_r387964778
 
 

 ##
 File path: src/main/java/org/apache/commons/dbcp2/BasicDataSourceMXBean.java
 ##
 @@ -201,13 +201,6 @@ default String getDefaultSchema() {
  */
 int getNumIdle();
 
-/**
 
 Review comment:
   -1: You cannot break binary compatibility, as I mentioned on the mailing 
list already.
 

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 397917)
Time Spent: 20m  (was: 10m)

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (DBCP-562) Password should not be exposed via JMXBean

2020-03-04 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/DBCP-562?focusedWorklogId=397915&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-397915
 ]

ASF GitHub Bot logged work on DBCP-562:
---

Author: ASF GitHub Bot
Created on: 04/Mar/20 22:07
Start Date: 04/Mar/20 22:07
Worklog Time Spent: 10m 
  Work Description: fgdrf commented on pull request #38: [DBCP-562] avoids 
exposing password via JMX
URL: https://github.com/apache/commons-dbcp/pull/38
 
 
   for see details see https://issues.apache.org/jira/browse/DBCP-562
   
   Signed-off-by: Frank Gasdorf 
 

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
---

Worklog Id: (was: 397915)
Remaining Estimate: 0h
Time Spent: 10m

> Password should not be exposed via JMXBean
> --
>
> Key: DBCP-562
> URL: https://issues.apache.org/jira/browse/DBCP-562
> Project: Commons DBCP
>  Issue Type: Bug
>Affects Versions: 2.5.0, 2.7.0
>Reporter: Frank Gasdorf
>Priority: Critical
>  Labels: security
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> if a BasicDataSource is created with jmxName set, password property is 
> exposed/exported via jmx and is visible for everybody who is connected to jmx 
> port.
>  
> Expectation : Do not export it via BasicDataSourceMXBean Interface



--
This message was sent by Atlassian Jira
(v8.3.4#803005)