Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0045934Openbravo ERPY. DBSourceManagerpublic2021-02-22 15:062021-04-30 13:35
Reportershuehner 
Assigned Toalostale 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionPR21Q3Fixed in Version 
Merge Request Statusapproved
Review Assigned To
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0045934: Update commons-collections in dbsm repo (3.1) to same version as present in backoffice (3.2.2)
DescriptionIssue 40161 update that library from 3.2.1 to latest 3.2.2 version to also get a security fix.

However there is 2nd copy of the same library in dbsm repo left at the older version.

Note that the older copy is only used to compile dbsm and not at runtime (in which updated copy from backoffice repo is already used).

So no runtime change is expected by this update but it removes out the outdated jar version coming up in repo scanning.
Steps To Reproducerun i.e. owasp-dependency check against dbsm repo
Proposed SolutionApply same update as done in 40161 also to dbsm repo.
Additional Information
TagsNo tags attached.
Relationships
related to design defect 0040161 closed alostale update commons-collections dependency 
related to defect 0046360 closed alostale obsolete libraries in dbsm classpath 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2021-02-22 15:06shuehnerNew Issue
2021-02-22 15:06shuehnerAssigned To => platform
2021-02-22 15:06shuehnerOBNetwork customer => No
2021-02-22 15:06shuehnerModules => Core
2021-02-22 15:06shuehnerTriggers an Emergency Pack => No
2021-02-22 15:06shuehnerRelationship addedrelated to 0040161
2021-03-02 13:02shuehnerTarget Version => PR21Q2
2021-03-31 06:59alostaleTarget VersionPR21Q2 => PR21Q3
2021-04-27 08:17alostaleSummaryUpdate commons-collections in dbsm repo (3.2.1) to same version as present in backoffice (3.2.2) => Update commons-collections in dbsm repo (3.1) to same version as present in backoffice (3.2.2)
2021-04-27 08:29hgbotMerge Request Status => open
2021-04-27 08:29hgbotNote Added: 0127556
2021-04-27 08:45alostaleRelationship addedrelated to 0046360
2021-04-30 12:33hgbotMerge Request Statusopen => approved
2021-04-30 12:33hgbotResolutionopen => fixed
2021-04-30 12:33hgbotStatusnew => closed
2021-04-30 12:33hgbotNote Added: 0127700
2021-04-30 12:33hgbotNote Added: 0127701
2021-04-30 13:35alostaleAssigned Toplatform => alostale

Notes
(0127556)
hgbot   
2021-04-27 08:29   
Merge Request created: https://gitlab.com/openbravo/product/dbsm/-/merge_requests/23 [^]
(0127700)
hgbot   
2021-04-30 12:33   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/dbsm [^]
Changeset: abaa2f54ddf2400f72878c7dacce85f93c881163
Author: Asier Lostalé <asier.lostale@openbravo.com>
Date: 2021-04-27T08:16:10+02:00
URL: https://gitlab.com/openbravo/product/dbsm/-/commit/abaa2f54ddf2400f72878c7dacce85f93c881163 [^]

fixes ISSUE-45934: commons-collections update (3.1 -> 3.2.2)

Updated library to match the version in Openbravo which is uesed at
runtime anyway.

---
A lib/commons-collections-3.2.2.jar
M .classpath
M src-test/.classpath
R lib/commons-collections-3.1.jar
---
(0127701)
hgbot   
2021-04-30 12:33   
Merge request merged: https://gitlab.com/openbravo/product/dbsm/-/merge_requests/23 [^]