[jira] [Commented] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432138#comment-17432138
]
James Dailey commented on FINERACT-1415:
[~bgowda] if you can also link this ticket to other tickets, please do so. It
helps to have related tickets get resolved.
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
> Labels: tech-debt
> Fix For: 1.6.0
>
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (FINERACT-1409) SonarQube Analysis for Automated as part of improvement on QA
[ https://issues.apache.org/jira/browse/FINERACT-1409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432114#comment-17432114 ] Victor Romero edited comment on FINERACT-1409 at 10/20/21, 10:06 PM: - This has been already merged in the develop branch with this PR [https://github.com/apache/fineract/pull/1893] An it is visible [https://sonarcloud.io/dashboard?id=apache_fineract] Regards Victor was (Author: victorromero): This has been already merged in the develop branch with this PR [https://github.com/apache/fineract/pull/1893] An it is visible [https://sonarcloud.io/dashboard?id=apache_fineract] > SonarQube Analysis for Automated as part of improvement on QA > - > > Key: FINERACT-1409 > URL: https://issues.apache.org/jira/browse/FINERACT-1409 > Project: Apache Fineract > Issue Type: Task >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: tech-debt > Fix For: 1.6.0 > > > SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, > and code smells in your code. It can integrate with your existing workflow to > enable continuous code inspection across your project branches and pull > requests. The results will be available at > [https://sonarcloud.io/project/configuration?id=apache_fineract] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1409) SonarQube Analysis for Automated as part of improvement on QA
[ https://issues.apache.org/jira/browse/FINERACT-1409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432114#comment-17432114 ] Victor Romero commented on FINERACT-1409: - This has been already merged in the develop branch with this PR [https://github.com/apache/fineract/pull/1893] An it is visible [https://sonarcloud.io/dashboard?id=apache_fineract] > SonarQube Analysis for Automated as part of improvement on QA > - > > Key: FINERACT-1409 > URL: https://issues.apache.org/jira/browse/FINERACT-1409 > Project: Apache Fineract > Issue Type: Task >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: tech-debt > Fix For: 1.6.0 > > > SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, > and code smells in your code. It can integrate with your existing workflow to > enable continuous code inspection across your project branches and pull > requests. The results will be available at > [https://sonarcloud.io/project/configuration?id=apache_fineract] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432112#comment-17432112
]
Francis Guchie commented on FINERACT-1415:
--
[~victorromero]
Yesss i like this thanks
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
> Labels: tech-debt
> Fix For: 1.6.0
>
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432100#comment-17432100
]
Awasum Yannick commented on FINERACT-1415:
--
Good work [~victorromero].
This is a good issue worth fixing. Thank God Victor is fixing these type of
issues. You and [~bgowda] should keep testing as you all have been doing. Keep
up.
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
> Labels: tech-debt
> Fix For: 1.6.0
>
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Awasum Yannick reassigned FINERACT-1415:
Assignee: Victor Romero (was: Awasum Yannick)
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
> Labels: tech-debt
> Fix For: 1.6.0
>
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Awasum Yannick reassigned FINERACT-1415:
Assignee: Awasum Yannick (was: Victor Romero)
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Awasum Yannick
>Priority: Major
> Labels: tech-debt
> Fix For: 1.6.0
>
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Awasum Yannick updated FINERACT-1415:
-
Fix Version/s: 1.6.0
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
> Labels: tech-debt
> Fix For: 1.6.0
>
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Closed] (FINERACT-1275) integration-tests:cargoStartLocal FAILED
[ https://issues.apache.org/jira/browse/FINERACT-1275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick closed FINERACT-1275. Resolution: Cannot Reproduce > integration-tests:cargoStartLocal FAILED > > > Key: FINERACT-1275 > URL: https://issues.apache.org/jira/browse/FINERACT-1275 > Project: Apache Fineract > Issue Type: Improvement > Components: Build >Reporter: Francis Guchie >Assignee: Awasum Yannick >Priority: Major > Labels: complex > > When I run ./gradlew Build and / or ./gradlew Check > i get the error message below > > Task :integration-tests:cargoStartLocal FAILED > org.codehaus.cargo.container.ContainerException: Failed to create a Tomcat > 9.x standalone configuration > > Task :integration-tests:spotbugsTest > Pass 2: Analyzing classes (190 / 190) - 100% complete > Done with analysis > FAILURE: Build failed with an exception. > * What went wrong: > Execution failed for task ':integration-tests:cargoStartLocal'. > > org.codehaus.cargo.container.ContainerException: Failed to create a Tomcat > > 9.x standalone configuration > * Try: > Run with --stacktrace option to get the stack trace. Run with --info or > --debug option to get more log output. Run with --scan to get full insights. > * Get more help at https://help.gradle.org > Deprecated Gradle features were used in this build, making it incompatible > with Gradle 7.0. > Use '--warning-mode all' to show the individual deprecation warnings. > See > https://docs.gradle.org/6.7.1/userguide/command_line_interface.html#sec:command_line_warnings > BUILD FAILED in 8m 33s > 82 actionable tasks: 42 executed, 40 up-to-date -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1409) SonarQube Analysis for Automated as part of improvement on QA
[ https://issues.apache.org/jira/browse/FINERACT-1409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick reassigned FINERACT-1409: Assignee: Victor Romero (was: Awasum Yannick) > SonarQube Analysis for Automated as part of improvement on QA > - > > Key: FINERACT-1409 > URL: https://issues.apache.org/jira/browse/FINERACT-1409 > Project: Apache Fineract > Issue Type: Task >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: tech-debt > Fix For: 1.6.0 > > > SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, > and code smells in your code. It can integrate with your existing workflow to > enable continuous code inspection across your project branches and pull > requests. The results will be available at > [https://sonarcloud.io/project/configuration?id=apache_fineract] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1406) Upgrade JDK 11 LTS to JDK 17 LTS
[ https://issues.apache.org/jira/browse/FINERACT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick reassigned FINERACT-1406: Assignee: Victor Romero (was: Awasum Yannick) > Upgrade JDK 11 LTS to JDK 17 LTS > > > Key: FINERACT-1406 > URL: https://issues.apache.org/jira/browse/FINERACT-1406 > Project: Apache Fineract > Issue Type: Improvement >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: beginner, tech-debt > Fix For: 1.6.0 > > > Upgrade JDK 11 LTS to JDK 17 LTS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1409) SonarQube Analysis for Automated as part of improvement on QA
[ https://issues.apache.org/jira/browse/FINERACT-1409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick updated FINERACT-1409: - Summary: SonarQube Analysis for Automated as part of improvement on QA (was: SonarQuebe Analysis for Automated as part of improvement on QA) > SonarQube Analysis for Automated as part of improvement on QA > - > > Key: FINERACT-1409 > URL: https://issues.apache.org/jira/browse/FINERACT-1409 > Project: Apache Fineract > Issue Type: Task >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Awasum Yannick >Priority: Major > Labels: tech-debt > Fix For: 1.6.0 > > > SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, > and code smells in your code. It can integrate with your existing workflow to > enable continuous code inspection across your project branches and pull > requests. The results will be available at > [https://sonarcloud.io/project/configuration?id=apache_fineract] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1409) SonarQuebe Analysis for Automated as part of improvement on QA
[ https://issues.apache.org/jira/browse/FINERACT-1409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick updated FINERACT-1409: - Labels: tech-debt (was: ) > SonarQuebe Analysis for Automated as part of improvement on QA > -- > > Key: FINERACT-1409 > URL: https://issues.apache.org/jira/browse/FINERACT-1409 > Project: Apache Fineract > Issue Type: Task >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: tech-debt > Fix For: 1.6.0, 1.5.1 > > > SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, > and code smells in your code. It can integrate with your existing workflow to > enable continuous code inspection across your project branches and pull > requests. The results will be available at > [https://sonarcloud.io/project/configuration?id=apache_fineract] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1409) SonarQuebe Analysis for Automated as part of improvement on QA
[ https://issues.apache.org/jira/browse/FINERACT-1409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick updated FINERACT-1409: - Fix Version/s: (was: 1.5.1) > SonarQuebe Analysis for Automated as part of improvement on QA > -- > > Key: FINERACT-1409 > URL: https://issues.apache.org/jira/browse/FINERACT-1409 > Project: Apache Fineract > Issue Type: Task >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: tech-debt > Fix For: 1.6.0 > > > SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, > and code smells in your code. It can integrate with your existing workflow to > enable continuous code inspection across your project branches and pull > requests. The results will be available at > [https://sonarcloud.io/project/configuration?id=apache_fineract] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1409) SonarQuebe Analysis for Automated as part of improvement on QA
[ https://issues.apache.org/jira/browse/FINERACT-1409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick reassigned FINERACT-1409: Assignee: Awasum Yannick (was: Victor Romero) > SonarQuebe Analysis for Automated as part of improvement on QA > -- > > Key: FINERACT-1409 > URL: https://issues.apache.org/jira/browse/FINERACT-1409 > Project: Apache Fineract > Issue Type: Task >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Awasum Yannick >Priority: Major > Labels: tech-debt > Fix For: 1.6.0 > > > SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, > and code smells in your code. It can integrate with your existing workflow to > enable continuous code inspection across your project branches and pull > requests. The results will be available at > [https://sonarcloud.io/project/configuration?id=apache_fineract] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1406) Upgrade JDK 11 LTS to JDK 17 LTS
[ https://issues.apache.org/jira/browse/FINERACT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick reassigned FINERACT-1406: Assignee: Awasum Yannick (was: Victor Romero) > Upgrade JDK 11 LTS to JDK 17 LTS > > > Key: FINERACT-1406 > URL: https://issues.apache.org/jira/browse/FINERACT-1406 > Project: Apache Fineract > Issue Type: Improvement >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Awasum Yannick >Priority: Major > Labels: beginner, tech-debt > Fix For: 1.6.0 > > > Upgrade JDK 11 LTS to JDK 17 LTS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1406) Upgrade JDK 11 LTS to JDK 17 LTS
[ https://issues.apache.org/jira/browse/FINERACT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick updated FINERACT-1406: - Fix Version/s: 1.6.0 > Upgrade JDK 11 LTS to JDK 17 LTS > > > Key: FINERACT-1406 > URL: https://issues.apache.org/jira/browse/FINERACT-1406 > Project: Apache Fineract > Issue Type: Improvement >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: beginner, tech-debt > Fix For: 1.6.0 > > > Upgrade JDK 11 LTS to JDK 17 LTS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1406) Upgrade JDK 11 LTS to JDK 17 LTS
[ https://issues.apache.org/jira/browse/FINERACT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick updated FINERACT-1406: - Labels: beginner tech-debt (was: ) > Upgrade JDK 11 LTS to JDK 17 LTS > > > Key: FINERACT-1406 > URL: https://issues.apache.org/jira/browse/FINERACT-1406 > Project: Apache Fineract > Issue Type: Improvement >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > Labels: beginner, tech-debt > > Upgrade JDK 11 LTS to JDK 17 LTS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1406) Upgrade JDK 11 LTS to JDK 17 LTS
[ https://issues.apache.org/jira/browse/FINERACT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Awasum Yannick updated FINERACT-1406: - Affects Version/s: 1.5.0 > Upgrade JDK 11 LTS to JDK 17 LTS > > > Key: FINERACT-1406 > URL: https://issues.apache.org/jira/browse/FINERACT-1406 > Project: Apache Fineract > Issue Type: Improvement >Affects Versions: 1.5.0 >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > > Upgrade JDK 11 LTS to JDK 17 LTS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Awasum Yannick updated FINERACT-1415:
-
Labels: tech-debt (was: )
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
> Labels: tech-debt
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Awasum Yannick updated FINERACT-1415:
-
Affects Version/s: 1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1406) Upgrade JDK 11 LTS to JDK 17 LTS
[ https://issues.apache.org/jira/browse/FINERACT-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431362#comment-17431362 ] James Dailey commented on FINERACT-1406: Victor - can you resolve the validation tests? i.e. the PR needs to be ready to pass the tests or the proposal can be to change the tests in the case that the tests are wrongly constructed. > Upgrade JDK 11 LTS to JDK 17 LTS > > > Key: FINERACT-1406 > URL: https://issues.apache.org/jira/browse/FINERACT-1406 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Victor Romero >Assignee: Victor Romero >Priority: Major > > Upgrade JDK 11 LTS to JDK 17 LTS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1410) Allow Payment types to map to all types of Ledgers
[ https://issues.apache.org/jira/browse/FINERACT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431356#comment-17431356 ] Manoj Mohanan commented on FINERACT-1410: - [~francisguchie], your feature can also be added similat to the feature added in this ticket. major changes are in the UI, but we need to add a configuration to controll that feature, because this is an exceptional feature > Allow Payment types to map to all types of Ledgers > -- > > Key: FINERACT-1410 > URL: https://issues.apache.org/jira/browse/FINERACT-1410 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj Mohanan >Priority: Minor > Attachments: image-2021-10-20-14-20-45-594.png, > image-2021-10-20-14-22-28-191.png > > > For Payment types on savings account products, currently only Asset ledger > type is allowed. > Enhane this feature to allow all ledger account types to be allowed. > This feature should be configurable (ON/OFF) based on a configuration. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431330#comment-17431330
]
Victor Romero commented on FINERACT-1415:
-
Not it has been fixed with this PR https://github.com/apache/fineract/pull/1908
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Victor Romero reassigned FINERACT-1415:
---
Assignee: Victor Romero
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Victor Romero
>Assignee: Victor Romero
>Priority: Major
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (FINERACT-1410) Allow Payment types to map to all types of Ledgers
[ https://issues.apache.org/jira/browse/FINERACT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francis Guchie updated FINERACT-1410: - Attachment: image-2021-10-20-14-22-28-191.png > Allow Payment types to map to all types of Ledgers > -- > > Key: FINERACT-1410 > URL: https://issues.apache.org/jira/browse/FINERACT-1410 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj Mohanan >Priority: Minor > Attachments: image-2021-10-20-14-20-45-594.png, > image-2021-10-20-14-22-28-191.png > > > For Payment types on savings account products, currently only Asset ledger > type is allowed. > Enhane this feature to allow all ledger account types to be allowed. > This feature should be configurable (ON/OFF) based on a configuration. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1410) Allow Payment types to map to all types of Ledgers
[ https://issues.apache.org/jira/browse/FINERACT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431284#comment-17431284 ] Francis Guchie commented on FINERACT-1410: -- [~fynmanoj] Please see my addition if we can allow Balance Sheet GLs on the Lossess Written Off !image-2021-10-20-14-22-28-191.png! > Allow Payment types to map to all types of Ledgers > -- > > Key: FINERACT-1410 > URL: https://issues.apache.org/jira/browse/FINERACT-1410 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj Mohanan >Priority: Minor > Attachments: image-2021-10-20-14-20-45-594.png, > image-2021-10-20-14-22-28-191.png > > > For Payment types on savings account products, currently only Asset ledger > type is allowed. > Enhane this feature to allow all ledger account types to be allowed. > This feature should be configurable (ON/OFF) based on a configuration. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1410) Allow Payment types to map to all types of Ledgers
[ https://issues.apache.org/jira/browse/FINERACT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Francis Guchie updated FINERACT-1410: - Attachment: image-2021-10-20-14-20-45-594.png > Allow Payment types to map to all types of Ledgers > -- > > Key: FINERACT-1410 > URL: https://issues.apache.org/jira/browse/FINERACT-1410 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj Mohanan >Priority: Minor > Attachments: image-2021-10-20-14-20-45-594.png > > > For Payment types on savings account products, currently only Asset ledger > type is allowed. > Enhane this feature to allow all ledger account types to be allowed. > This feature should be configurable (ON/OFF) based on a configuration. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1410) Allow Payment types to map to all types of Ledgers
[ https://issues.apache.org/jira/browse/FINERACT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431283#comment-17431283 ] Francis Guchie commented on FINERACT-1410: -- [~fynmanoj] Thanks for this explanations I think i will add one soon for Loan-Write off as i have noticed only expense accounts are allowed. Some banks that provide for Loan Losses inside the Assets or Liability Accounts would wish to write off agains a Balance Sheet GL not a PL GL Thanks once again > Allow Payment types to map to all types of Ledgers > -- > > Key: FINERACT-1410 > URL: https://issues.apache.org/jira/browse/FINERACT-1410 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj Mohanan >Priority: Minor > > For Payment types on savings account products, currently only Asset ledger > type is allowed. > Enhane this feature to allow all ledger account types to be allowed. > This feature should be configurable (ON/OFF) based on a configuration. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431185#comment-17431185
]
bharath gowda commented on FINERACT-1415:
-
[~francisguchie] Yes Francis, a good security-related fix and solves the
problem what we discussed on earlier tickets.
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Victor Romero
>Priority: Major
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1415) Make sure that using this pseudorandom number generator is safe
[
https://issues.apache.org/jira/browse/FINERACT-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17431145#comment-17431145
]
Francis Guchie commented on FINERACT-1415:
--
[~bgowda] [~awasum]
This issue to me makes a lot of sense, what say you?
> Make sure that using this pseudorandom number generator is safe
> ---
>
> Key: FINERACT-1415
> URL: https://issues.apache.org/jira/browse/FINERACT-1415
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Victor Romero
>Priority: Major
>
> [https://sonarcloud.io/project/security_hotspots?id=apache_fineract#]
>
> Using pseudorandom number generators (PRNGs) is security-sensitive. For
> example, it has led in the past to the following vulnerabilities:
> * [CVE-2013-6386|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386]
> * [CVE-2006-3419|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419]
> * [CVE-2008-4102|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102]
> When software generates predictable values in a context requiring
> unpredictability, it may be possible for an attacker to guess the next value
> that will be generated, and use this guess to impersonate another user or
> access sensitive information.
> As the {{java.util.Random}} class relies on a pseudorandom number generator,
> this class and relating {{java.lang.Math.random()}} method should not be used
> for security-critical applications or for protecting sensitive data. In such
> context, the {{java.security.SecureRandom}} class which relies on a
> cryptographically strong random number generator (RNG) should be used in
> place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
