Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0045086Openbravo ERPA. Platformpublic2020-09-17 18:232020-11-09 08:11
Reportercberner 
Assigned Tocberner 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in VersionPR21Q1 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0045086: Remove Apache Tika library with already existing Java 7+ functionality
DescriptionApache tika-core 0.9 library is not needed, as Java 7+ alternative already exists in the jdk. It is currently used to handle MIME detection based on file/byte content for images and attachments.

Java 7, introduced a functionality that, although a bit more limited, allows to do the same MIME detection. As such, tika-core library should be removed and usage of it should change to the Java 7 "URLConnection.guessContentTypeFromStream" functionality.
Steps To ReproduceIn description
Proposed SolutionRemove tika-core library and change all usage to URLConnection.guessContentTypeFromStream.
Additional Information
TagsNo tags attached.
Relationships
related to defect 00120572.50MP14 closed iperdomo ShowImage servlet should include mime types in the header 
causes defect 0045388 closed cberner API Change: Remove a couple of methods from MimeTypeUtil class 
causes defect 0049062 closed cberner JIRA 2879 - Backoffice - can't import a bmp file 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2020-09-17 18:23cbernerNew Issue
2020-09-17 18:23cbernerAssigned To => cberner
2020-09-17 18:23cbernerModules => Core
2020-09-17 18:23cbernerTriggers an Emergency Pack => No
2020-09-17 18:31hgbotNote Added: 0123193
2020-09-18 10:18hgbotNote Added: 0123200
2020-09-18 10:25cbernerSummaryRemove Apache Tika library because of critical vulnerability => Remove Apache Tika library with already existing Java 7+ functionality
2020-09-18 10:25cbernerDescription Updatedbug_revision_view_page.php?rev_id=21706#r21706
2020-11-06 07:42alostaleRelationship addedrelated to 0012057
2020-11-06 09:34cbernerRelationship addedcauses 0045388
2020-11-06 10:25hgbotResolutionopen => fixed
2020-11-06 10:25hgbotStatusnew => closed
2020-11-06 10:25hgbotFixed in Version => PR21Q1
2020-11-06 10:25hgbotNote Added: 0124209
2020-11-06 10:25hgbotNote Added: 0124210
2020-11-06 10:25hgbotNote Added: 0124213
2020-11-06 10:25hgbotNote Added: 0124214
2020-11-06 11:30hgbotNote Added: 0124216
2020-11-06 14:51hgbotNote Added: 0124221
2020-11-09 08:11hgbotNote Added: 0124236
2020-11-09 08:11hgbotNote Added: 0124237
2022-04-20 15:56alostaleRelationship addedcauses 0049062

Notes
(0123193)
hgbot   
2020-09-17 18:31   
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/174 [^]
(0123200)
hgbot   
2020-09-18 10:18   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/merge_requests/1 [^]
(0124209)
hgbot   
2020-11-06 10:25   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: 2d1e219013bf482f68d4c6809f367dcad8f28e7d
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-11-06T09:25:33+00:00
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/2d1e219013bf482f68d4c6809f367dcad8f28e7d [^]

Fixes ISSUE-45086: Remove tika-core library and use Java7 functionality instead

tika-core 0.9 has some critical vulnerabilities, it is removed and
substituted by Java 7 guessContentTypeFromStream functionality, that
has the same behaviour, althought is a bit more limited in the list of
MIME types available.

svg files were not detectable using URLConnection.guessContentType API,
as an alternative xml is extracted from the File being checked and if
the root element is svg, then it is assumed that the xml is an SVG.

---
M legal/Licensing.txt
M modules/org.openbravo.client.application/src/org/openbravo/client/application/attachment/AttachImplementationManager.java
M src-test/src/org/openbravo/test/mimetypes/MimeTypeTest.java
M src-util/modulescript/build/classes/org/openbravo/modulescript/ConvertImages.class
M src-util/modulescript/src/org/openbravo/modulescript/ConvertImages.java
M src/org/openbravo/dal/xml/XMLUtil.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java
M src/org/openbravo/erpCommon/utility/MimeTypeUtil.java
R lib/runtime/tika-core-0.9.jar
---
(0124210)
hgbot   
2020-11-06 10:25   
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/174 [^]
(0124213)
hgbot   
2020-11-06 10:25   
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco [^]
Changeset: e716e91aac70cdbb37a5e0f08bab108a5a27c56e
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-10-28T17:37:56+01:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/commit/e716e91aac70cdbb37a5e0f08bab108a5a27c56e [^]

Related to ISSUE-45086: Remove usage of Apache Tika core library

Apache tika-core is being removed from platform, all usages are
substituted by Java API through MimeTypeUtil utility class.

This library was used to retrieve MIME type from file/bytes content.

---
M src/org/openbravo/integration/alfresco/AlfrescoAttachImplementation.java
---
(0124214)
hgbot   
2020-11-06 10:25   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/merge_requests/1 [^]
(0124216)
hgbot   
2020-11-06 11:30   
Repository: https://gitlab.com/openbravo/tools/platform/dependencies [^]
Changeset: c7b1328745347610b50117413656aec20dc3133e
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-11-06T11:28:58+01:00
URL: https://gitlab.com/openbravo/tools/platform/dependencies/-/commit/c7b1328745347610b50117413656aec20dc3133e [^]

Related to ISSUE-45086: Remove Apache tika-core dependency

Apache tika-core library has been removed from core, so it is no longer
a dependency.

---
M build.gradle
---
(0124221)
hgbot   
2020-11-06 14:51   
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/219 [^]
(0124236)
hgbot   
2020-11-09 08:11   
Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: f9de9389948227a1510d21a57811818a1e9c880c
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-11-06T15:00:29+01:00
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/f9de9389948227a1510d21a57811818a1e9c880c [^]

Related to ISSUE-45086: InputStreams are not being closed on MimeTypeUtil methods

File InputStreams are not being closed in MimeTypeUtil detection
methods, to fix this, those have been introduced in try-with-resources
to be auto-closed after usage.

---
M src/org/openbravo/erpCommon/utility/MimeTypeUtil.java
---
(0124237)
hgbot   
2020-11-09 08:11   
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/219 [^]