branch develop updated (f6605d1 -> bbf92ae)
This is an automated email from the git hooks/post-receive script. New change to branch develop in repository nuiton-utils. See https://gitlab.nuiton.org/nuiton/nuiton-utils.git from f6605d1 Update libs : commons-lang3 3.9 ; commons-collections4 4.4 ; commons-beanutils 1.9.4 ; commons-io 2.6 ; nuiton-i18n 3.7 new 5290123 Downgrade beanutils to 1.9.3 because of https://issues.apache.org/jira/browse/BEANUTILS-520 new 742ed64 Fix some vulnerabilities new bbf92ae Properties .class are not accessible anymore (see BEANUTILS-520 and CVE-2014-0114) The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit bbf92ae5726a2e3d3cc2715d466f77d9c309eddd Author: Arnaud Thimel <thimel@codelutin.com> Date: Wed Sep 25 17:34:36 2019 +0200 Properties .class are not accessible anymore (see BEANUTILS-520 and CVE-2014-0114) commit 742ed64af37fccb02f7e085dc83ca13b3f6606b4 Author: Arnaud Thimel <thimel@codelutin.com> Date: Wed Sep 25 17:28:51 2019 +0200 Fix some vulnerabilities commit 529012303a1873850bf850616e050df41d6af086 Author: Arnaud Thimel <thimel@codelutin.com> Date: Wed Sep 25 17:28:17 2019 +0200 Downgrade beanutils to 1.9.3 because of https://issues.apache.org/jira/browse/BEANUTILS-520 Summary of changes: src/main/java/org/nuiton/util/FileUtil.java | 10 ++-------- .../org/nuiton/util/LoggingPatternFormatter.java | 21 ++++++--------------- .../java/org/nuiton/util/beans/BeanUtilTest.java | 17 ++++++++--------- 3 files changed, 16 insertions(+), 32 deletions(-) -- To stop receiving notification emails like this one, please contact nuiton.org SCM administrator <admin+scm@nuiton.org>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository nuiton-utils. See https://gitlab.nuiton.org/nuiton/nuiton-utils.git commit 529012303a1873850bf850616e050df41d6af086 Author: Arnaud Thimel <thimel@codelutin.com> Date: Wed Sep 25 17:28:17 2019 +0200 Downgrade beanutils to 1.9.3 because of https://issues.apache.org/jira/browse/BEANUTILS-520 --- pom.xml | 2 +- src/test/java/org/nuiton/util/beans/BeanUtilTest.java | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index c841305..938661b 100644 --- a/pom.xml +++ b/pom.xml @@ -185,7 +185,7 @@ <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> - <version>1.9.4</version> + <version>1.9.3</version> <!-- FIXME AThimel 25/09/2019 Cannot upgrade to 1.9.4 because it breaks tests. Cf https://issues.apache.org/jira/browse/BEANUTILS-520 --> </dependency> <dependency> diff --git a/src/test/java/org/nuiton/util/beans/BeanUtilTest.java b/src/test/java/org/nuiton/util/beans/BeanUtilTest.java index f135816..bc79133 100644 --- a/src/test/java/org/nuiton/util/beans/BeanUtilTest.java +++ b/src/test/java/org/nuiton/util/beans/BeanUtilTest.java @@ -290,18 +290,18 @@ public class BeanUtilTest { } } - protected void assertFoundNestedReadableProperties(Class<?> type, String... expectedproperties) { - for (String expectedproperty : expectedproperties) { - boolean actual = BeanUtil.isNestedReadableProperty(type, expectedproperty); - Assert.assertTrue("Did not found nested property " + expectedproperty, actual); + protected void assertFoundNestedReadableProperties(Class<?> type, String... expectedProperties) { + for (String expectedProperty : expectedProperties) { + boolean actual = BeanUtil.isNestedReadableProperty(type, expectedProperty); + Assert.assertTrue("Did not found nested property " + expectedProperty, actual); } } protected void assertFoundDescriptors(Class<?> type, Predicate<PropertyDescriptor> predicate, - String... expectedproperties) { + String... expectedProperties) { Set<PropertyDescriptor> actual = BeanUtil.getDescriptors(type, predicate); - Assert.assertEquals(expectedproperties.length, actual.size()); + Assert.assertEquals(expectedProperties.length, actual.size()); ImmutableMap<String, PropertyDescriptor> map = Maps.uniqueIndex(actual, new Function<PropertyDescriptor, String>() { @Override @@ -309,7 +309,7 @@ public class BeanUtilTest { return input.getName(); } }); - for (String expectedproperty : expectedproperties) { + for (String expectedproperty : expectedProperties) { Assert.assertTrue("Did not found property " + expectedproperty, map.containsKey(expectedproperty)); } -- To stop receiving notification emails like this one, please contact nuiton.org SCM administrator <admin+scm@nuiton.org>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository nuiton-utils. See https://gitlab.nuiton.org/nuiton/nuiton-utils.git commit 742ed64af37fccb02f7e085dc83ca13b3f6606b4 Author: Arnaud Thimel <thimel@codelutin.com> Date: Wed Sep 25 17:28:51 2019 +0200 Fix some vulnerabilities --- src/main/java/org/nuiton/util/FileUtil.java | 10 ++-------- .../org/nuiton/util/LoggingPatternFormatter.java | 21 ++++++--------------- 2 files changed, 8 insertions(+), 23 deletions(-) diff --git a/src/main/java/org/nuiton/util/FileUtil.java b/src/main/java/org/nuiton/util/FileUtil.java index ac1b076..148bee2 100644 --- a/src/main/java/org/nuiton/util/FileUtil.java +++ b/src/main/java/org/nuiton/util/FileUtil.java @@ -29,10 +29,7 @@ import org.apache.commons.lang3.SystemUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import javax.swing.JFileChooser; -import java.awt.Component; import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.ByteArrayOutputStream; @@ -43,7 +40,6 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.PrintStream; import java.nio.CharBuffer; @@ -51,6 +47,7 @@ import java.nio.MappedByteBuffer; import java.nio.channels.FileChannel; import java.nio.charset.Charset; import java.nio.charset.CharsetDecoder; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -75,16 +72,13 @@ import java.util.regex.Pattern; */ public class FileUtil { // FileUtil - /** - * Logger. - */ private static final Log log = LogFactory.getLog(FileUtil.class); /** * Encoding utilisé (peut être redéfini) */ // TODO fdesbois 2011-04-16 : Perhaps change ISO encoding by UTF-8 - public static String ENCODING = "ISO-8859-1"; + public static final String ENCODING = StandardCharsets.ISO_8859_1.name(); /** * Permet de convertir des bytes en fichier, le fichier sera automatiquement diff --git a/src/main/java/org/nuiton/util/LoggingPatternFormatter.java b/src/main/java/org/nuiton/util/LoggingPatternFormatter.java index c0b350d..245a856 100644 --- a/src/main/java/org/nuiton/util/LoggingPatternFormatter.java +++ b/src/main/java/org/nuiton/util/LoggingPatternFormatter.java @@ -20,21 +20,11 @@ * #L% */ -/** - * PatternFormatter.java - * <p> - * Created: Sat Apr 20 2002 - * - * @author POUSSIN Benjamin <bpoussin@free.fr> - * Copyright Code Lutin - * <p> - * <p> - * Mise a jour: $Date$ - * par : $Author$ - */ - package org.nuiton.util; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + import java.io.PrintWriter; import java.io.StringWriter; import java.text.SimpleDateFormat; @@ -92,6 +82,8 @@ import java.util.logging.LogRecord; */ public class LoggingPatternFormatter extends Formatter { // PatternFormatter + private static final Log log = LogFactory.getLog(LoggingPatternFormatter.class); + private static final String DEFAULT_PATTERN = "%d{yyyy-MM-dd HH:mm:ss} [free:%o{-7}|total:%O{-7}][%t][%p{7}] %c{org.nuiton.*|25} %M{15:105}: %m%n%e"; protected HashMap<String, Class<?>> arguments = null; @@ -111,8 +103,7 @@ public class LoggingPatternFormatter extends Formatter { // PatternFormatter pattern = DEFAULT_PATTERN; compilePattern(pattern); } catch (Exception eee) { - System.err.println("Impossible d'utiliser le PatternFormatter"); - eee.printStackTrace(); + log.error("Impossible d'utiliser le PatternFormatter", eee); throw new LoggingException( "Exception durant l'initialisation du PatternFormatter", eee); -- To stop receiving notification emails like this one, please contact nuiton.org SCM administrator <admin+scm@nuiton.org>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository nuiton-utils. See https://gitlab.nuiton.org/nuiton/nuiton-utils.git commit bbf92ae5726a2e3d3cc2715d466f77d9c309eddd Author: Arnaud Thimel <thimel@codelutin.com> Date: Wed Sep 25 17:34:36 2019 +0200 Properties .class are not accessible anymore (see BEANUTILS-520 and CVE-2014-0114) --- pom.xml | 2 +- src/test/java/org/nuiton/util/beans/BeanUtilTest.java | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 938661b..c841305 100644 --- a/pom.xml +++ b/pom.xml @@ -185,7 +185,7 @@ <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> - <version>1.9.3</version> <!-- FIXME AThimel 25/09/2019 Cannot upgrade to 1.9.4 because it breaks tests. Cf https://issues.apache.org/jira/browse/BEANUTILS-520 --> + <version>1.9.4</version> </dependency> <dependency> diff --git a/src/test/java/org/nuiton/util/beans/BeanUtilTest.java b/src/test/java/org/nuiton/util/beans/BeanUtilTest.java index bc79133..dbd2b5e 100644 --- a/src/test/java/org/nuiton/util/beans/BeanUtilTest.java +++ b/src/test/java/org/nuiton/util/beans/BeanUtilTest.java @@ -222,8 +222,7 @@ public class BeanUtilTest { BeanC.PROPERTY_B + "." + BeanB.PROPERTY_C2, BeanC.PROPERTY_B + "." + BeanB.PROPERTY_D2, BeanC.PROPERTY_B + "." + BeanB.PROPERTY_E2, - BeanC.PROPERTY_B + "." + BeanB.PROPERTY_F2, - BeanC.PROPERTY_B + "." + BeanB.PROPERTY_A2 + ".class" + BeanC.PROPERTY_B + "." + BeanB.PROPERTY_F2 ); } -- To stop receiving notification emails like this one, please contact nuiton.org SCM administrator <admin+scm@nuiton.org>.
participants (1)
-
nuiton.org scm