Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0040642
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajorhave not tried2019-04-18 13:342019-05-21 15:16
ReporteralostaleView Statuspublic 
Assigned Toalostale 
PrioritynormalResolutionfixedFixed in Version3.0PR19Q3
StatusclosedFix in branchFixed in SCM revision08db5ae97ad2
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0040642: centralize in XMLUtils creation of objects to deal with XML documents

DescriptionXMLUtils class should centralize the creation of secured objects to deal with XML documents.
Steps To Reproduce-
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 00245563.0MP27 closedshuehner Openbravo ERP Reconfigure xml-parser used by /ws/dal to disallow referencing external entities 
related to defect 0040799 closedcaristu Modules Use XMLUtils to create the objects used to deal with XML documents 
depends on backport 00406433.0PR19Q2 closedalostale Openbravo ERP centralize in XMLUtils creation of objects to deal with XML documents 
depends on backport 00406443.0PR19Q1.1 closedalostale Openbravo ERP centralize in XMLUtils creation of objects to deal with XML documents 
related to defect 0040755 closedcaristu Retail Modules MobileCoreLoginHandler should make use of XMLUtils to deal with XML documents 
related to defect 0040800 closedcaristu Modules Use XMLUtils to create the objects used to deal with XML documents 
related to defect 0040958 closedcaristu Modules Use XMLUtils to create the objects used to deal with XML documents 
related to design defect 0049039 closedAugustoMauch Openbravo ERP XML parsers XXE attacks vulnerabilty 
causes defect 0041124 closedcaristu Openbravo ERP Not possible to install modules with MMC having XSL processor in classpath which does not support all the standard attributes 

-  Notes
(0111209)
hgbot (developer)
2019-04-18 15:57

Repository: erp/devel/pi
Changeset: 08db5ae97ad2b0fb0c4499b630018a9bc0c0166f
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Apr 18 13:39:18 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/08db5ae97ad2b0fb0c4499b630018a9bc0c0166f [^]

fixed issue 40642: XMLUtils centralizes creation of objects to deal with XML

---
M src-test/src/org/openbravo/test/dal/IssuesTest.java
M src-test/src/org/openbravo/test/webservice/BaseWSTest.java
M src/org/openbravo/base/provider/OBProviderConfigReader.java
M src/org/openbravo/base/secureApp/LoginUtils.java
M src/org/openbravo/base/session/OBPropertiesProvider.java
M src/org/openbravo/dal/xml/EntityExcelXMLConverter.java
M src/org/openbravo/dal/xml/EntityXMLConverter.java
M src/org/openbravo/dal/xml/XMLUtil.java
M src/org/openbravo/erpCommon/ad_forms/TranslationManager.java
M src/org/openbravo/erpCommon/modules/ImportModule.java
M src/org/openbravo/erpCommon/utility/ISOCurrencyPrecision.java
M src/org/openbravo/service/rest/DalWebService.java
M src/org/openbravo/service/web/WebServiceUtil.java
---
(0111437)
hgbot (developer)
2019-05-02 16:05

Repository: erp/devel/pi
Changeset: 6524aa2ee769bf43c0205f39174371938b53bb90
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Thu May 02 16:04:44 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/6524aa2ee769bf43c0205f39174371938b53bb90 [^]

related to issue 40642: do not use constants

  Replace constants with their own value in order to avoid problems related with library collisions. This can happens when certain versions of the XML APIs[1] library are present in the classpath

  [1] https://mvnrepository.com/artifact/xml-apis/xml-apis [^]

---
M src/org/openbravo/dal/xml/XMLUtil.java
---
(0111441)
caristu (developer)
2019-05-02 16:45

Code reviewed + tested OK
(0111989)
hudsonbot (developer)
2019-05-21 15:16

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test
(0112005)
hudsonbot (developer)
2019-05-21 15:16

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2019-04-18 13:34 alostale New Issue
2019-04-18 13:34 alostale Assigned To => alostale
2019-04-18 13:34 alostale Modules => Core
2019-04-18 13:34 alostale Triggers an Emergency Pack => No
2019-04-18 13:35 alostale Relationship added related to 0024556
2019-04-18 13:41 alostale Review Assigned To => caristu
2019-04-18 13:41 alostale Severity minor => major
2019-04-18 13:42 alostale Status new => scheduled
2019-04-18 15:57 hgbot Checkin
2019-04-18 15:57 hgbot Note Added: 0111209
2019-04-18 15:57 hgbot Status scheduled => resolved
2019-04-18 15:57 hgbot Resolution open => fixed
2019-04-18 15:57 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/08db5ae97ad2b0fb0c4499b630018a9bc0c0166f [^]
2019-05-02 16:05 hgbot Checkin
2019-05-02 16:05 hgbot Note Added: 0111437
2019-05-02 16:45 caristu Note Added: 0111441
2019-05-02 16:45 caristu Status resolved => closed
2019-05-02 16:45 caristu Fixed in Version => 3.0PR19Q3
2019-05-02 18:28 caristu Relationship added related to 0040755
2019-05-07 12:59 caristu Relationship added related to 0040799
2019-05-07 13:00 caristu Relationship added related to 0040800
2019-05-21 15:16 hudsonbot Checkin
2019-05-21 15:16 hudsonbot Note Added: 0111989
2019-05-21 15:16 hudsonbot Checkin
2019-05-21 15:16 hudsonbot Note Added: 0112005
2019-05-28 09:24 caristu Relationship added related to 0040958
2019-06-19 11:29 caristu Relationship added causes 0041124
2022-04-12 13:04 alostale Relationship added related to 0049039


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker