Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040642Openbravo ERPA. Platformpublic2019-04-18 13:342019-05-21 15:16
Reporteralostale 
Assigned Toalostale 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR19Q3 
Merge Request Status
Review Assigned Tocaristu
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040642: centralize in XMLUtils creation of objects to deal with XML documents
DescriptionXMLUtils class should centralize the creation of secured objects to deal with XML documents.
Steps To Reproduce-
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to defect 00245563.0MP27 closed shuehner Openbravo ERP Reconfigure xml-parser used by /ws/dal to disallow referencing external entities 
related to defect 0040799 closed caristu Modules Use XMLUtils to create the objects used to deal with XML documents 
depends on backport 00406433.0PR19Q2 closed alostale Openbravo ERP centralize in XMLUtils creation of objects to deal with XML documents 
depends on backport 00406443.0PR19Q1.1 closed alostale Openbravo ERP centralize in XMLUtils creation of objects to deal with XML documents 
related to defect 0040755 closed caristu Retail Modules MobileCoreLoginHandler should make use of XMLUtils to deal with XML documents 
related to defect 0040800 closed caristu Modules Use XMLUtils to create the objects used to deal with XML documents 
related to defect 0040958 closed caristu Modules Use XMLUtils to create the objects used to deal with XML documents 
related to design defect 0049039 closed AugustoMauch Openbravo ERP XML parsers XXE attacks vulnerabilty 
causes defect 0041124 closed caristu Openbravo ERP Not possible to install modules with MMC having XSL processor in classpath which does not support all the standard attributes 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-18 13:34alostaleNew Issue
2019-04-18 13:34alostaleAssigned To => alostale
2019-04-18 13:34alostaleModules => Core
2019-04-18 13:34alostaleTriggers an Emergency Pack => No
2019-04-18 13:35alostaleRelationship addedrelated to 0024556
2019-04-18 13:41alostaleReview Assigned To => caristu
2019-04-18 13:41alostaleSeverityminor => major
2019-04-18 13:42alostaleStatusnew => scheduled
2019-04-18 15:57hgbotCheckin
2019-04-18 15:57hgbotNote Added: 0111209
2019-04-18 15:57hgbotStatusscheduled => resolved
2019-04-18 15:57hgbotResolutionopen => fixed
2019-04-18 15:57hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/08db5ae97ad2b0fb0c4499b630018a9bc0c0166f [^]
2019-05-02 16:05hgbotCheckin
2019-05-02 16:05hgbotNote Added: 0111437
2019-05-02 16:45caristuNote Added: 0111441
2019-05-02 16:45caristuStatusresolved => closed
2019-05-02 16:45caristuFixed in Version => 3.0PR19Q3
2019-05-02 18:28caristuRelationship addedrelated to 0040755
2019-05-07 12:59caristuRelationship addedrelated to 0040799
2019-05-07 13:00caristuRelationship addedrelated to 0040800
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0111989
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0112005
2019-05-28 09:24caristuRelationship addedrelated to 0040958
2019-06-19 11:29caristuRelationship addedcauses 0041124
2022-04-12 13:04alostaleRelationship addedrelated to 0049039

Notes
(0111209)
hgbot   
2019-04-18 15:57   
Repository: erp/devel/pi
Changeset: 08db5ae97ad2b0fb0c4499b630018a9bc0c0166f
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Apr 18 13:39:18 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/08db5ae97ad2b0fb0c4499b630018a9bc0c0166f [^]

fixed issue 40642: XMLUtils centralizes creation of objects to deal with XML

---
M src-test/src/org/openbravo/test/dal/IssuesTest.java
M src-test/src/org/openbravo/test/webservice/BaseWSTest.java
M src/org/openbravo/base/provider/OBProviderConfigReader.java
M src/org/openbravo/base/secureApp/LoginUtils.java
M src/org/openbravo/base/session/OBPropertiesProvider.java
M src/org/openbravo/dal/xml/EntityExcelXMLConverter.java
M src/org/openbravo/dal/xml/EntityXMLConverter.java
M src/org/openbravo/dal/xml/XMLUtil.java
M src/org/openbravo/erpCommon/ad_forms/TranslationManager.java
M src/org/openbravo/erpCommon/modules/ImportModule.java
M src/org/openbravo/erpCommon/utility/ISOCurrencyPrecision.java
M src/org/openbravo/service/rest/DalWebService.java
M src/org/openbravo/service/web/WebServiceUtil.java
---
(0111437)
hgbot   
2019-05-02 16:05   
Repository: erp/devel/pi
Changeset: 6524aa2ee769bf43c0205f39174371938b53bb90
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 02 16:04:44 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/6524aa2ee769bf43c0205f39174371938b53bb90 [^]

related to issue 40642: do not use constants

  Replace constants with their own value in order to avoid problems related with library collisions. This can happens when certain versions of the XML APIs[1] library are present in the classpath

  [1] https://mvnrepository.com/artifact/xml-apis/xml-apis [^]

---
M src/org/openbravo/dal/xml/XMLUtil.java
---
(0111441)
caristu   
2019-05-02 16:45   
Code reviewed + tested OK
(0111989)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test
(0112005)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test