I upgraded struts2 to 2.3.32 with no problem, but I also depend on struts2-tiles-plugin-2.3.15.3.jar which I can't upgrade as easily. Is this a problem or is upgrading struts2-core enough to fix the issue?
No I think. At S2-046's workaround section I read:
Another option is to remove the File Upload Interceptor from the stack
Which means that vulnerability was inside core. However, struts2-tiles-plugin does not have dependency to core!
Related
I'm trying to initialize local Hybris 2205.3 version and getting following error -
ERROR [hybrisHTTP27] [HacInitUpdateFacade] Failed to initialize
java.lang.IllegalArgumentException: Property 'http://javax.xml.XMLConstants/property/accessExternalSchema' is not recognized.
Using Oracle JDK 17.0.4.1. Initialization triggered from HAC.
I've tried adding following property to tomcat.generaloptions also which didn't help -
"-Djavax.xml.accessExternalSchema=all"
Any pointers to fix this? Or need more information?
It could be that one of the custom jar is older version and conflicting with oob. In one of our project we faced a similar issue and found that xerces.jar version in custom code was of lower version.
Both the jars I.e in oob and custom there was xmlconstant class but lower version jar used in custom code didn't have accessExternalSchema as class variable and was being picked up by system on startup because of conflict.
Oracle JDK not supported anymore, you need to try with SapMachine 17.0.
Whole system requirements by version is here.
We resolved the issue with Oracle JDK 17 only. We faced the same issue while upgrade from 2105 to 2211. This is due to jar dependency. We tried with the above given solution but it didn't work for us. We researched more and found the issue with dependency with xerces which caused conflict. We also found there is "xerces-2.12-orbeon' xerces-2.12-orbeon in OOTB. We did two things to resolve the issue
we updated classpath with xerces-2.12-orbeon( OOTB jar) in out custom code
We need to modify few code base as we were using xerces for Base64 encrytion and decryption for SSO
Please let me know if you have any questions, I will try my best to respond in time.
Regards,
Abhijit Das
Please find the link here:
https://answers.sap.com/questions/13781195/hybris-2211-upgradation-error.html?childToView=13818282
I've recently come to discover this ridiculous notion of protestware.
In my particular case it is related to the lastest version of the es5-ext package.
The recommendation i've received is to downgrade to version 0.10.53.
Unfortunately, this is opening up a whole can of worms - compile errors that seem to be related to versioning/dependencies.
Is there any way to remove the es5-ext package from a React web application?
From this thread it looks like this issue, alerts a lot of antiverios and scanner and the post install file will be removed at the next major relese
https://github.com/medikoo/es5-ext/issues/186
Creating a docker image with gradle 7.4.1 triggers the security scan which shows vulnerability CVE-2020-36518. How can this particular jar file within the gradle package be updated?
I would just reject the security issue, explaining that it is not possible to exploit the vulnerability as the Gradle build runs isolated on controlled input, and is not accessible by any potential attackers.
(Assuming this is the case, of cause, and you don't have a custom Gradle plugin that reads untrusted JSON documents using Jackson from the Gradle classpath. But even then, all you are risking is a denial-of-service on the build.)
Fiddling around with jar files in external tools could easily lead to problems hard to debug later. But if you like, you could create an issue for them, asking if they could bump the Jackson version to avoid unnecessary noise from security scans like this. There is an example of that here.
I want to know how to apply the issue changes done in the Liferay Issues can be applied in our portal.
For example my issues are cleared in the following links,
https://issues.liferay.com/browse/LPS-14417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
https://issues.liferay.com/browse/LPS-14220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
I want to apply the issue changed in the above links in my portal.
Please some one help me to achieve this.
Thanks in Advance.
Regards,
Dinesh M K
You have to see the resolution and fix version stated.
the second issue says :
Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1
and that means that the issue was solved in all Portals after version 6.1.0 CE.
the first issue , is no longer reproducible, and duplicate of https://issues.liferay.com/browse/LPS-14220 which is again solved in 6.1.0 CE RC1
In other words, If your portal is older than this version, you can't do anything. You'll have to upgrade to version 6.1.0 RC1 or later
It seems that the fixed-in version is a bit weirdly set in those issues - e.g. LPS-14220 is a subtask of a story in LPS-14414, which is stated as completed for 6.2.0. Careful: I did not fully read through all of the issue's descriptions, links and mix what I read with the answer (and comment to) #yannicuLar gave
Basically, this seems to be a new feature. The way to backport it to your installation is to identify the relevant commits (e.g. download the repository from https://github.com/liferay/liferay-portal or https://github.com/liferay/liferay-plugins, identify the relevant commits (they all contain the LPS number), "backport" them (e.g. see if they can just be applied to your codebase or if they need manual adaptation because the whole code changed.
Some features are easier to backport than others, I can't tell about the complexity for this one.
In order to separate your changes from Liferay's core changes, you should try to implement this in plugins (or patched plugins) rather than changing the original code and recompile. Most likely it's only the kaleo-web plugin that's effected, but if there are core changes, you'd be better of having them isolated in plugins.
The simplest (and most futureproof) possibility is to wait a bit for 6.2 (RCs are already out) and upgrade your portal to this version. If you want to stay on a version that gets updates, you should do this soon anyway.
This happens when I try to deploy a Sharepoint WebPart solution. Is there a file or configuration option that I have missed that is causing this error to occur?
Thanks.
I assume that you're using VSeWSS 1.3 to deploy you solution and that these error occur when you try to deploy the solution. I'm not 100% sure but I think I had the same error some time ago. Unfortunately I could remember what I exactly did to solve this problem. But I'm quite sure the problem was related to some network issues as VSeWSS 1.3 uses web services to handle solutions.
So I would advise you to double check you network settings. For example you could try to adjust your hosts file so that your computer's name could be resolved.