Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0045086
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajorhave not tried2020-09-17 18:232020-11-09 08:11
ReportercbernerView Statuspublic 
Assigned Tocberner 
PrioritynormalResolutionfixedFixed in VersionPR21Q1
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0045086: Remove Apache Tika library with already existing Java 7+ functionality

DescriptionApache tika-core 0.9 library is not needed, as Java 7+ alternative already exists in the jdk. It is currently used to handle MIME detection based on file/byte content for images and attachments.

Java 7, introduced a functionality that, although a bit more limited, allows to do the same MIME detection. As such, tika-core library should be removed and usage of it should change to the Java 7 "URLConnection.guessContentTypeFromStream" functionality.
Steps To ReproduceIn description
Proposed SolutionRemove tika-core library and change all usage to URLConnection.guessContentTypeFromStream.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 00120572.50MP14 closediperdomo ShowImage servlet should include mime types in the header 
causes defect 0045388 closedcberner API Change: Remove a couple of methods from MimeTypeUtil class 

-  Notes
(0123193)
hgbot (developer)
2020-09-17 18:31

Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/174 [^]
(0123200)
hgbot (developer)
2020-09-18 10:18

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/merge_requests/1 [^]
(0124209)
hgbot (developer)
2020-11-06 10:25

Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: 2d1e219013bf482f68d4c6809f367dcad8f28e7d
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-11-06T09:25:33+00:00
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/2d1e219013bf482f68d4c6809f367dcad8f28e7d [^]

Fixes ISSUE-45086: Remove tika-core library and use Java7 functionality instead

tika-core 0.9 has some critical vulnerabilities, it is removed and
substituted by Java 7 guessContentTypeFromStream functionality, that
has the same behaviour, althought is a bit more limited in the list of
MIME types available.

svg files were not detectable using URLConnection.guessContentType API,
as an alternative xml is extracted from the File being checked and if
the root element is svg, then it is assumed that the xml is an SVG.

---
M legal/Licensing.txt
M modules/org.openbravo.client.application/src/org/openbravo/client/application/attachment/AttachImplementationManager.java
M src-test/src/org/openbravo/test/mimetypes/MimeTypeTest.java
M src-util/modulescript/build/classes/org/openbravo/modulescript/ConvertImages.class
M src-util/modulescript/src/org/openbravo/modulescript/ConvertImages.java
M src/org/openbravo/dal/xml/XMLUtil.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java
M src/org/openbravo/erpCommon/utility/MimeTypeUtil.java
R lib/runtime/tika-core-0.9.jar
---
(0124210)
hgbot (developer)
2020-11-06 10:25

Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/174 [^]
(0124213)
hgbot (developer)
2020-11-06 10:25

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco [^]
Changeset: e716e91aac70cdbb37a5e0f08bab108a5a27c56e
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-10-28T17:37:56+01:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/commit/e716e91aac70cdbb37a5e0f08bab108a5a27c56e [^]

Related to ISSUE-45086: Remove usage of Apache Tika core library

Apache tika-core is being removed from platform, all usages are
substituted by Java API through MimeTypeUtil utility class.

This library was used to retrieve MIME type from file/bytes content.

---
M src/org/openbravo/integration/alfresco/AlfrescoAttachImplementation.java
---
(0124214)
hgbot (developer)
2020-11-06 10:25

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.integration.alfresco/-/merge_requests/1 [^]
(0124216)
hgbot (developer)
2020-11-06 11:30

Repository: https://gitlab.com/openbravo/tools/platform/dependencies [^]
Changeset: c7b1328745347610b50117413656aec20dc3133e
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-11-06T11:28:58+01:00
URL: https://gitlab.com/openbravo/tools/platform/dependencies/-/commit/c7b1328745347610b50117413656aec20dc3133e [^]

Related to ISSUE-45086: Remove Apache tika-core dependency

Apache tika-core library has been removed from core, so it is no longer
a dependency.

---
M build.gradle
---
(0124221)
hgbot (developer)
2020-11-06 14:51

Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/219 [^]
(0124236)
hgbot (developer)
2020-11-09 08:11

Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: f9de9389948227a1510d21a57811818a1e9c880c
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-11-06T15:00:29+01:00
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/f9de9389948227a1510d21a57811818a1e9c880c [^]

Related to ISSUE-45086: InputStreams are not being closed on MimeTypeUtil methods

File InputStreams are not being closed in MimeTypeUtil detection
methods, to fix this, those have been introduced in try-with-resources
to be auto-closed after usage.

---
M src/org/openbravo/erpCommon/utility/MimeTypeUtil.java
---
(0124237)
hgbot (developer)
2020-11-09 08:11

Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/219 [^]

- Issue History
Date Modified Username Field Change
2020-09-17 18:23 cberner New Issue
2020-09-17 18:23 cberner Assigned To => cberner
2020-09-17 18:23 cberner Modules => Core
2020-09-17 18:23 cberner Triggers an Emergency Pack => No
2020-09-17 18:31 hgbot Note Added: 0123193
2020-09-18 10:18 hgbot Note Added: 0123200
2020-09-18 10:25 cberner Summary Remove Apache Tika library because of critical vulnerability => Remove Apache Tika library with already existing Java 7+ functionality
2020-09-18 10:25 cberner Description Updated View Revisions
2020-11-06 07:42 alostale Relationship added related to 0012057
2020-11-06 09:34 cberner Relationship added causes 0045388
2020-11-06 10:25 hgbot Resolution open => fixed
2020-11-06 10:25 hgbot Status new => closed
2020-11-06 10:25 hgbot Fixed in Version => PR21Q1
2020-11-06 10:25 hgbot Note Added: 0124209
2020-11-06 10:25 hgbot Note Added: 0124210
2020-11-06 10:25 hgbot Note Added: 0124213
2020-11-06 10:25 hgbot Note Added: 0124214
2020-11-06 11:30 hgbot Note Added: 0124216
2020-11-06 14:51 hgbot Note Added: 0124221
2020-11-09 08:11 hgbot Note Added: 0124236
2020-11-09 08:11 hgbot Note Added: 0124237


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker