Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0045968 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| feature request | [Openbravo ERP] A. Platform | major | have not tried | 2021-03-01 10:11 | 2024-02-07 05:06 | |||
| Reporter | alostale | View Status | public | |||||
| Assigned To | cberner | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | PR22Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0045968: update to the latests 5.x Hibernate version | |||||||
| Description | Currently Openbravo depends on Hibernate 5.4.2. This version was released in 2019. As of today the latest 5.x [1] version is 5.6.0 which includes several fixes and improvements. --- [1] https://hibernate.org/orm/releases/5.5/ [^] | |||||||
| Steps To Reproduce | - | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0126430) shuehner (administrator) 2021-03-01 17:46 edited on: 2021-05-27 11:48 |
Going through all release notes from 5.4.3 to current 5.4.28 (backwards) showed following especially bigger topics as especially interesting (grouped by minor version) - 24 security fix (probably doesn't apply to us) - 23 'Save some memory' retained - 18 security fix (sql/hql injection via Criteria) - 10 the ob issue re-found recently (extra left-join for computed columns) - 5 'strong perf improvements' reduce overhead for trivial queries (up to 400%) All 'maybe interesting for us' from the releases list: 5.4.32 - Update ByteBuddy to 1.10.22 5.4.28 - [HHH-14415] - Upgrade to Jandex 2.2.3.Final - jdk16+ fixes to their own build-system 5.4.27 (and .26) - The Micrometer integration with Hibernate ORM was now moved into the Hibernate ORM repository. 5.4.25 - [HHH-14334] - Make dom4j and jaxb-api optional if hibernate.xml_mapping_enabled=false SHU comment: check if that could apply to our usage 5.4.24 - SECURITY-UPATE: fixing CVE-2020-25638. hibernate.use_sql_comments=false This property also happens to be disabled by default, so unless you had it enabled explicitly you are not affected. - [HHH-14158] - Upgrade Javassist to the latest version 5.4.23 - Memory improvements "this has shown to reduce memory consumption up to 50%" - several jar dep updates 5.4.22 nothing 5.4.21 nothing 5.4.20 nothing 5.4.19 nothing 5.4.18 - SECURITY FIX: CVe-2019-14900 [HHH-14077] - CVE-2019-14900 SQL injection issue using JPA Criteria API https://hibernate.atlassian.net/browse/HHH-14077 [^] 5.4.17 nothing 5.4.16 nothing 5.4.15 - several 3rd party jar updates (dom4j,jandex,bytebuddy) - [HHH-13960] - Add SAXReader sec features to match the defaults 5.4.14 5.4.13 [HHH-13874] - Deprecate relevant methods that are supposed to be removed in v6.0 To see now what needs to be fixed for eventual 6.x udpate 5.4.12 - Janxdex based entity scanner 'Faster boot-up' Note: we use explicitely mapped entities, unclear if applies 5.4.11 - https://hibernate.atlassian.net/browse/HHH-13704 [^] make javassist really optional could allow to drop that having having byte-buddy (which we have) - https://hibernate.atlassian.net/browse/HHH-13821 [^] Update Byte Buddy to 1.10.7 - https://hibernate.atlassian.net/browse/HHH-13833 [^] Byte Buddy enhancer should use ASM7 opcodes to improve compatibility with code compiled for Java 11 5.4.10 - https://hibernate.atlassian.net/browse/HHH-12895 [^] Extra LEFT JOIN generated with @ManyToOne and @JoinTable when projecting on main entity id aka OB-Issue https://issues.openbravo.com/view.php?id=45922 [^] - https://hibernate.atlassian.net/browse/HHH-8091 [^] Hibernate produces SQL - "in ()" - which is invalid in at least Oracle, MySQL and Postgres 5.4.9 - https://hibernate.atlassian.net/browse/HHH-13730 [^] Upgrade to Classmate 1.4.0 - https://hibernate.atlassian.net/browse/HHH-13731 [^] Upgrade to Classmate 1.5.1 - https://hibernate.atlassian.net/browse/HHH-13733 [^] Upgrade to Jandex 2.1.1.Final 5.4.8 none 5.4.7 - https://hibernate.atlassian.net/browse/HHH-13680 [^] Upgrade to Byte Buddy 1.10.2 5.4.6 none 5.4.5 NEWS: - Tested with jd13 - several strong performance improvements A lot of 'reduce overhead' if hibernate used for 'tiny operations' up to 400% - https://hibernate.atlassian.net/browse/HHH-13249 [^] Introduce an option to Log slow queries instead of all queries SHU-note: maybe useful oracle (as missing log_min_duration_statement as we have easily as postgresql feature) 5.4.4 - https://hibernate.atlassian.net/browse/HHH-13504 [^] Upgrade ByteBuddy to 1.9.11 5.4.3 none |
|
(0131134) hgbot (developer) 2021-08-16 10:37 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/424 [^] |
|
(0132425) hgbot (developer) 2021-10-18 18:36 |
Merge Request created: https://gitlab.com/openbravo/tools/platform/dependencies/-/merge_requests/8 [^] |
|
(0132450) hgbot (developer) 2021-10-19 13:43 |
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/424 [^] |
|
(0132451) hgbot (developer) 2021-10-19 13:43 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/openbravo [^] Changeset: e6c865bc914cee8b667a8feec1ed60990d458a16 Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2021-10-19T09:39:56+02:00 URL: https://gitlab.com/openbravo/product/openbravo/-/commit/e6c865bc914cee8b667a8feec1ed60990d458a16 [^] Fixes FR-45968: Update Hibernate to the latest 5.6 version It also removes javaassist library, which is no longer a hibernate dependency and after extensive testing, no usage has been found. --- A lib/runtime/byte-buddy-1.11.20.jar A lib/runtime/classmate-1.5.1.jar A lib/runtime/hibernate-commons-annotations-5.1.2.Final.jar A lib/runtime/hibernate-core-5.6.0.Final.jar A lib/runtime/jandex-2.2.3.Final.jar A lib/runtime/jboss-logging-3.4.2.Final.jar M legal/Licensing.txt R lib/runtime/byte-buddy-1.9.10.jar R lib/runtime/classmate-1.3.4.jar R lib/runtime/hibernate-commons-annotations-5.1.0.Final.jar R lib/runtime/jandex-2.0.5.Final.jar R lib/runtime/javassist-3.24.0-GA.jar R lib/runtime/jboss-logging-3.3.2.Final.jar --- |
|
(0132452) hgbot (developer) 2021-10-19 13:43 |
Merge request merged: https://gitlab.com/openbravo/tools/platform/dependencies/-/merge_requests/8 [^] |
|
(0132453) hgbot (developer) 2021-10-19 13:43 |
Repository: https://gitlab.com/openbravo/tools/platform/dependencies [^] Changeset: 11ed198f08e5cdd89d9520d218e83187981d52f2 Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2021-10-18T18:35:26+02:00 URL: https://gitlab.com/openbravo/tools/platform/dependencies/-/commit/11ed198f08e5cdd89d9520d218e83187981d52f2 [^] Related to FR-45968: Update hibernate dependency to version 5.6.0 and remove javassist --- M build.gradle --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2021-03-01 10:11 | alostale | New Issue | |
| 2021-03-01 10:11 | alostale | Assigned To | => platform |
| 2021-03-01 10:11 | alostale | Modules | => Core |
| 2021-03-01 10:11 | alostale | Triggers an Emergency Pack | => No |
| 2021-03-01 10:12 | alostale | Relationship added | blocks 0045922 |
| 2021-03-01 10:24 | alostale | Relationship added | related to 0045969 |
| 2021-03-01 11:09 | shuehner | Issue Monitored: shuehner | |
| 2021-03-01 17:46 | shuehner | Note Added: 0126430 | |
| 2021-05-26 16:38 | shuehner | Description Updated | View Revisions |
| 2021-05-27 11:47 | shuehner | Description Updated | View Revisions |
| 2021-05-27 11:48 | shuehner | Note Edited: 0126430 | View Revisions |
| 2021-06-11 17:44 | shuehner | Relationship added | blocks 0047090 |
| 2021-08-02 09:00 | alostale | Relationship added | related to 0037064 |
| 2021-08-02 09:03 | alostale | Relationship added | related to 0040552 |
| 2021-08-02 09:19 | cberner | Assigned To | platform => cberner |
| 2021-08-02 09:19 | cberner | Status | new => acknowledged |
| 2021-08-16 10:37 | hgbot | Note Added: 0131134 | |
| 2021-08-17 11:23 | cberner | Summary | update to the latests 5.4.x Hibernate version => update to the latests 5.5.x Hibernate version |
| 2021-08-17 11:23 | cberner | Description Updated | View Revisions |
| 2021-09-21 13:35 | alostale | Relationship deleted | blocks 0045922 |
| 2021-10-04 09:25 | cberner | Relationship added | related to 0047800 |
| 2021-10-04 09:36 | cberner | Description Updated | View Revisions |
| 2021-10-04 10:25 | cberner | Status | acknowledged => scheduled |
| 2021-10-18 18:36 | hgbot | Note Added: 0132425 | |
| 2021-10-19 13:43 | hgbot | Resolution | open => fixed |
| 2021-10-19 13:43 | hgbot | Status | scheduled => closed |
| 2021-10-19 13:43 | hgbot | Note Added: 0132450 | |
| 2021-10-19 13:43 | hgbot | Fixed in Version | => PR22Q1 |
| 2021-10-19 13:43 | hgbot | Note Added: 0132451 | |
| 2021-10-19 13:43 | hgbot | Note Added: 0132452 | |
| 2021-10-19 13:43 | hgbot | Note Added: 0132453 | |
| 2021-10-22 09:54 | hgbot | Note Added: 0132555 | |
| 2021-10-22 09:58 | cberner | Note Deleted: 0132555 | |
| 2021-10-22 09:58 | hgbot | Note Added: 0132556 | |
| 2021-10-22 09:59 | cberner | Note Deleted: 0132556 | |
| 2021-11-03 10:59 | alostale | Summary | update to the latests 5.5.x Hibernate version => update to the latests 5.x Hibernate version |
| 2021-11-03 10:59 | alostale | Description Updated | View Revisions |
| 2024-02-07 05:06 | emmausa | Note Added: 0160322 | |
| 2024-02-07 15:28 | shuehner | Note Deleted: 0160322 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |