You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/11/27 13:19:02 UTC
[ofbiz-framework] branch release22.01 updated (a8d2138448 -> 37f3e39b05)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
from a8d2138448 Fixed: newsletter multiple subscript. w same email address (OFBIZ-9361)
new a10e9b3674 Fixed: Manufacturing - MRP Run Failure (OFBIZ-12716)
new a31719d3d9 Fixed: Update version of GitHub Action used to checkout sources during CI build (OFBIZ-12714)
new 37f3e39b05 Fixed: Update version of GitHub Action setup-java (OFBIZ-12714) (#567)
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/workflows/gradle.yaml | 5 +++--
build.gradle | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
[ofbiz-framework] 02/03: Fixed: Update version of GitHub Action used to checkout sources during CI build (OFBIZ-12714)
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit a31719d3d9bbbf3bde842a27ba072b4002fd9b32
Author: Daniel Watford <da...@watfordconsulting.com>
AuthorDate: Mon Nov 21 16:45:05 2022 +0000
Fixed: Update version of GitHub Action used to checkout sources during CI build (OFBIZ-12714)
GitHub Actions have deprecated use of Node.js version 12, as used by
version 2 of the checkout action. Upgraded to version 3 of the action
which uses Node.js 16 by default.
---
.github/workflows/gradle.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/gradle.yaml b/.github/workflows/gradle.yaml
index d71ef186a0..7442472d8a 100644
--- a/.github/workflows/gradle.yaml
+++ b/.github/workflows/gradle.yaml
@@ -31,7 +31,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
[ofbiz-framework] 03/03: Fixed: Update version of GitHub Action setup-java (OFBIZ-12714) (#567)
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 37f3e39b05472b3494cbd0b496c74716b2cae47c
Author: Daniel Watford <da...@watfordconsulting.com>
AuthorDate: Mon Nov 21 17:32:37 2022 +0000
Fixed: Update version of GitHub Action setup-java (OFBIZ-12714) (#567)
Resolves deprecation warning regarding version of Node.js used by the
action, updating to Node.js v16, and also resolves the deprecation
warning about the set-output workflow command.
---
.github/workflows/gradle.yaml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/gradle.yaml b/.github/workflows/gradle.yaml
index 7442472d8a..5f6525e5a6 100644
--- a/.github/workflows/gradle.yaml
+++ b/.github/workflows/gradle.yaml
@@ -33,9 +33,10 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
- uses: actions/setup-java@v1
+ uses: actions/setup-java@v3.6.0
with:
java-version: 11
+ distribution: zulu
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
[ofbiz-framework] 01/03: Fixed: Manufacturing - MRP Run Failure (OFBIZ-12716)
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit a10e9b36740cce0ea5cdafe38e99e82641c80f28
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sun Nov 27 12:47:42 2022 +0100
Fixed: Manufacturing - MRP Run Failure (OFBIZ-12716)
This was broken by
"Preventing possible DOS attack done using Java deserialisation" done with
OFBIZ-12592
The exact solution was not an easy find. Because, despite knowing that it was
related to serialization filtering (ie using
'-Djdk.serialFilter=maxarray=100000;maxdepth=20;maxrefs=500;maxbytes=500000'
in build.gradle) and suspecting that it was not related to a class because
adding an all classes allowed filter (ie *) to -Djdk.serialFilter, ie
'-Djdk.serialFilter=*;maxarray=100000;maxdepth=20;maxrefs=500;maxbytes=500000'
that did not fix the problem.
So it was, at least, one of values of the 4 other parameters initially chosen
based on default values often suggested.
With trial and error tactic, I finally found I needed only to increase maxrefs*.
I picked 1000. It should allow bigger MRP needs and should not be an issue for
DOS attacks.
* The maximum number of internal references
Note that I could have used the "Logging Filter Actions" suggestion at bottom of
https://docs.oracle.com/javase/10/core/serialization-filtering1.htm
but trial and error tactic turned to be faster.
I guess, if I refer to https://access.redhat.com/discussions/5577051, that it
could be due to using Tomcat or to OFBiz log4j2.xml setting.
Anyway Java 17 seems to have a better solution for that** and we need to turn to
it in 2023 (EOL of Java 11)
** https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk
thanks: Yannong Huang for report
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index 89ef866c2d..dde2914bd1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -83,7 +83,7 @@ application {
// jdk.serialFilter is to "Prevent possible DOS attack done using Java deserialisation" (OFBIZ-12592)
applicationDefaultJvmArgs = project.hasProperty('jvmArgs')
? jvmArgs.tokenize()
- : ['-Xms128M','-Xmx1024M','-Djdk.serialFilter=maxarray=100000;maxdepth=20;maxrefs=500;maxbytes=500000']
+ : ['-Xms128M','-Xmx1024M','-Djdk.serialFilter=maxarray=100000;maxdepth=20;maxrefs=1000;maxbytes=500000']
}
distributions.main.contents.from(rootDir) {