Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0040642Openbravo ERPA. Platformpublic2019-04-18 13:342019-05-21 15:16
alostale 
alostale 
normalmajorhave not tried
closedfixed 
5
 
3.0PR19Q3 
caristu
Core
No
0040642: centralize in XMLUtils creation of objects to deal with XML documents
XMLUtils class should centralize the creation of secured objects to deal with XML documents.
-
No tags attached.
related to defect 00245563.0MP27 closed shuehner Openbravo ERP Reconfigure xml-parser used by /ws/dal to disallow referencing external entities 
related to defect 0040799 closed caristu Modules Use XMLUtils to create the objects used to deal with XML documents 
depends on backport 00406433.0PR19Q2 closed alostale Openbravo ERP centralize in XMLUtils creation of objects to deal with XML documents 
depends on backport 00406443.0PR19Q1.1 closed alostale Openbravo ERP centralize in XMLUtils creation of objects to deal with XML documents 
related to defect 0040755 closed caristu Retail Modules MobileCoreLoginHandler should make use of XMLUtils to deal with XML documents 
related to defect 0040800 closed caristu Modules Use XMLUtils to create the objects used to deal with XML documents 
related to defect 0040958 closed caristu Modules Use XMLUtils to create the objects used to deal with XML documents 
related to design defect 0049039 closed AugustoMauch Openbravo ERP XML parsers XXE attacks vulnerabilty 
causes defect 0041124 closed caristu Openbravo ERP Not possible to install modules with MMC having XSL processor in classpath which does not support all the standard attributes 
Issue History
2019-04-18 13:34alostaleNew Issue
2019-04-18 13:34alostaleAssigned To => alostale
2019-04-18 13:34alostaleModules => Core
2019-04-18 13:34alostaleTriggers an Emergency Pack => No
2019-04-18 13:35alostaleRelationship addedrelated to 0024556
2019-04-18 13:41alostaleReview Assigned To => caristu
2019-04-18 13:41alostaleSeverityminor => major
2019-04-18 13:42alostaleStatusnew => scheduled
2019-04-18 15:57hgbotCheckin
2019-04-18 15:57hgbotNote Added: 0111209
2019-04-18 15:57hgbotStatusscheduled => resolved
2019-04-18 15:57hgbotResolutionopen => fixed
2019-04-18 15:57hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/08db5ae97ad2b0fb0c4499b630018a9bc0c0166f [^]
2019-05-02 16:05hgbotCheckin
2019-05-02 16:05hgbotNote Added: 0111437
2019-05-02 16:45caristuNote Added: 0111441
2019-05-02 16:45caristuStatusresolved => closed
2019-05-02 16:45caristuFixed in Version => 3.0PR19Q3
2019-05-02 18:28caristuRelationship addedrelated to 0040755
2019-05-07 12:59caristuRelationship addedrelated to 0040799
2019-05-07 13:00caristuRelationship addedrelated to 0040800
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0111989
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0112005
2019-05-28 09:24caristuRelationship addedrelated to 0040958
2019-06-19 11:29caristuRelationship addedcauses 0041124
2022-04-12 13:04alostaleRelationship addedrelated to 0049039

Notes
(0111209)
hgbot   
2019-04-18 15:57   
Repository: erp/devel/pi
Changeset: 08db5ae97ad2b0fb0c4499b630018a9bc0c0166f
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Apr 18 13:39:18 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/08db5ae97ad2b0fb0c4499b630018a9bc0c0166f [^]

fixed issue 40642: XMLUtils centralizes creation of objects to deal with XML

---
M src-test/src/org/openbravo/test/dal/IssuesTest.java
M src-test/src/org/openbravo/test/webservice/BaseWSTest.java
M src/org/openbravo/base/provider/OBProviderConfigReader.java
M src/org/openbravo/base/secureApp/LoginUtils.java
M src/org/openbravo/base/session/OBPropertiesProvider.java
M src/org/openbravo/dal/xml/EntityExcelXMLConverter.java
M src/org/openbravo/dal/xml/EntityXMLConverter.java
M src/org/openbravo/dal/xml/XMLUtil.java
M src/org/openbravo/erpCommon/ad_forms/TranslationManager.java
M src/org/openbravo/erpCommon/modules/ImportModule.java
M src/org/openbravo/erpCommon/utility/ISOCurrencyPrecision.java
M src/org/openbravo/service/rest/DalWebService.java
M src/org/openbravo/service/web/WebServiceUtil.java
---
(0111437)
hgbot   
2019-05-02 16:05   
Repository: erp/devel/pi
Changeset: 6524aa2ee769bf43c0205f39174371938b53bb90
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 02 16:04:44 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/6524aa2ee769bf43c0205f39174371938b53bb90 [^]

related to issue 40642: do not use constants

  Replace constants with their own value in order to avoid problems related with library collisions. This can happens when certain versions of the XML APIs[1] library are present in the classpath

  [1] https://mvnrepository.com/artifact/xml-apis/xml-apis [^]

---
M src/org/openbravo/dal/xml/XMLUtil.java
---
(0111441)
caristu   
2019-05-02 16:45   
Code reviewed + tested OK
(0111989)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test
(0112005)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test