Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0045086 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | have not tried | 2020-09-17 18:23 | 2020-11-09 08:11 | |||
| Reporter | cberner | View Status | public | |||||
| Assigned To | cberner | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | PR21Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0045086: Remove Apache Tika library with already existing Java 7+ functionality | |||||||
| Description | Apache tika-core 0.9 library is not needed, as Java 7+ alternative already exists in the jdk. It is currently used to handle MIME detection based on file/byte content for images and attachments. Java 7, introduced a functionality that, although a bit more limited, allows to do the same MIME detection. As such, tika-core library should be removed and usage of it should change to the Java 7 "URLConnection.guessContentTypeFromStream" functionality. | |||||||
| Steps To Reproduce | In description | |||||||
| Proposed Solution | Remove tika-core library and change all usage to URLConnection.guessContentTypeFromStream. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0123193) hgbot (developer) 2020-09-17 18:31 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/174 [^] |
|
(0123200) hgbot (developer) 2020-09-18 10:18 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/merge_requests/1 [^] |
|
(0124209) hgbot (developer) 2020-11-06 10:25 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/openbravo [^] Changeset: 2d1e219013bf482f68d4c6809f367dcad8f28e7d Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2020-11-06T09:25:33+00:00 URL: https://gitlab.com/openbravo/product/openbravo/-/commit/2d1e219013bf482f68d4c6809f367dcad8f28e7d [^] Fixes ISSUE-45086: Remove tika-core library and use Java7 functionality instead tika-core 0.9 has some critical vulnerabilities, it is removed and substituted by Java 7 guessContentTypeFromStream functionality, that has the same behaviour, althought is a bit more limited in the list of MIME types available. svg files were not detectable using URLConnection.guessContentType API, as an alternative xml is extracted from the File being checked and if the root element is svg, then it is assumed that the xml is an SVG. --- M legal/Licensing.txt M modules/org.openbravo.client.application/src/org/openbravo/client/application/attachment/AttachImplementationManager.java M src-test/src/org/openbravo/test/mimetypes/MimeTypeTest.java M src-util/modulescript/build/classes/org/openbravo/modulescript/ConvertImages.class M src-util/modulescript/src/org/openbravo/modulescript/ConvertImages.java M src/org/openbravo/dal/xml/XMLUtil.java M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java M src/org/openbravo/erpCommon/utility/MimeTypeUtil.java R lib/runtime/tika-core-0.9.jar --- |
|
(0124210) hgbot (developer) 2020-11-06 10:25 |
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/174 [^] |
|
(0124213) hgbot (developer) 2020-11-06 10:25 |
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco [^] Changeset: e716e91aac70cdbb37a5e0f08bab108a5a27c56e Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2020-10-28T17:37:56+01:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/commit/e716e91aac70cdbb37a5e0f08bab108a5a27c56e [^] Related to ISSUE-45086: Remove usage of Apache Tika core library Apache tika-core is being removed from platform, all usages are substituted by Java API through MimeTypeUtil utility class. This library was used to retrieve MIME type from file/bytes content. --- M src/org/openbravo/integration/alfresco/AlfrescoAttachImplementation.java --- |
|
(0124214) hgbot (developer) 2020-11-06 10:25 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/merge_requests/1 [^] |
|
(0124216) hgbot (developer) 2020-11-06 11:30 |
Repository: https://gitlab.com/openbravo/tools/platform/dependencies [^] Changeset: c7b1328745347610b50117413656aec20dc3133e Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2020-11-06T11:28:58+01:00 URL: https://gitlab.com/openbravo/tools/platform/dependencies/-/commit/c7b1328745347610b50117413656aec20dc3133e [^] Related to ISSUE-45086: Remove Apache tika-core dependency Apache tika-core library has been removed from core, so it is no longer a dependency. --- M build.gradle --- |
|
(0124221) hgbot (developer) 2020-11-06 14:51 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/219 [^] |
|
(0124236) hgbot (developer) 2020-11-09 08:11 |
Repository: https://gitlab.com/openbravo/product/openbravo [^] Changeset: f9de9389948227a1510d21a57811818a1e9c880c Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2020-11-06T15:00:29+01:00 URL: https://gitlab.com/openbravo/product/openbravo/-/commit/f9de9389948227a1510d21a57811818a1e9c880c [^] Related to ISSUE-45086: InputStreams are not being closed on MimeTypeUtil methods File InputStreams are not being closed in MimeTypeUtil detection methods, to fix this, those have been introduced in try-with-resources to be auto-closed after usage. --- M src/org/openbravo/erpCommon/utility/MimeTypeUtil.java --- |
|
(0124237) hgbot (developer) 2020-11-09 08:11 |
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/219 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2020-09-17 18:23 | cberner | New Issue | |
| 2020-09-17 18:23 | cberner | Assigned To | => cberner |
| 2020-09-17 18:23 | cberner | Modules | => Core |
| 2020-09-17 18:23 | cberner | Triggers an Emergency Pack | => No |
| 2020-09-17 18:31 | hgbot | Note Added: 0123193 | |
| 2020-09-18 10:18 | hgbot | Note Added: 0123200 | |
| 2020-09-18 10:25 | cberner | Summary | Remove Apache Tika library because of critical vulnerability => Remove Apache Tika library with already existing Java 7+ functionality |
| 2020-09-18 10:25 | cberner | Description Updated | View Revisions |
| 2020-11-06 07:42 | alostale | Relationship added | related to 0012057 |
| 2020-11-06 09:34 | cberner | Relationship added | causes 0045388 |
| 2020-11-06 10:25 | hgbot | Resolution | open => fixed |
| 2020-11-06 10:25 | hgbot | Status | new => closed |
| 2020-11-06 10:25 | hgbot | Fixed in Version | => PR21Q1 |
| 2020-11-06 10:25 | hgbot | Note Added: 0124209 | |
| 2020-11-06 10:25 | hgbot | Note Added: 0124210 | |
| 2020-11-06 10:25 | hgbot | Note Added: 0124213 | |
| 2020-11-06 10:25 | hgbot | Note Added: 0124214 | |
| 2020-11-06 11:30 | hgbot | Note Added: 0124216 | |
| 2020-11-06 14:51 | hgbot | Note Added: 0124221 | |
| 2020-11-09 08:11 | hgbot | Note Added: 0124236 | |
| 2020-11-09 08:11 | hgbot | Note Added: 0124237 | |
| 2022-04-20 15:56 | alostale | Relationship added | causes 0049062 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |