You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@velocity.apache.org by GitBox <gi...@apache.org> on 2020/08/05 18:59:44 UTC
[GitHub] [velocity-engine] wglasshusain opened a new pull request #16: Velocity 931 update secure classlist
wglasshusain opened a new pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] arkanovicz merged pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
arkanovicz merged pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] martin-g commented on a change in pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
martin-g commented on a change in pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#discussion_r553891428
##########
File path: velocity-engine-core/src/test/java/org/apache/velocity/test/SecureIntrospectionTestCase.java
##########
@@ -163,14 +166,35 @@ public void setProperty(String val)
}
- public Collection getCollection()
- {
- Collection c = new HashSet();
- c.add("aaa");
- c.add("bbb");
- c.add("ccc");
- return c;
- }
+ public Collection getCollection()
+ {
+ Collection c = new HashSet();
+ c.add("aaa");
+ c.add("bbb");
+ c.add("ccc");
+ return c;
+ }
+
+ public ClassLoader getSampleClassLoader1()
+ {
+ return this.getClass().getClassLoader();
+ }
+
+ /**
+ * sample property which is a subclass of ClassLoader
+ * @return
+ */
+ public ClassLoader getSampleClassLoader2()
Review comment:
are those two new methods being used somewhere/somehow ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] cesarhernandezgt commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
cesarhernandezgt commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-804596546
@lishuochuan @arkanovicz
Hello, I created https://issues.apache.org/jira/browse/VELOCITY-941 with the backport to 1.7.x branch.
I basically cherry-pick the changes from this PR made by @wglasshusain.
I'll follow up in the dev@ mailing list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] lishuochuan commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
lishuochuan commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-799059648
May I know any plan to merge the fix to velocity-1.7?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] nbubna commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
nbubna commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-669670311
Looks good to me.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester edited a comment on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester edited a comment on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
hi @wglasshusain @nbubna, any update on this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
No description provided.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] martin-g commented on a change in pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
martin-g commented on a change in pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#discussion_r553891428
##########
File path: velocity-engine-core/src/test/java/org/apache/velocity/test/SecureIntrospectionTestCase.java
##########
@@ -163,14 +166,35 @@ public void setProperty(String val)
}
- public Collection getCollection()
- {
- Collection c = new HashSet();
- c.add("aaa");
- c.add("bbb");
- c.add("ccc");
- return c;
- }
+ public Collection getCollection()
+ {
+ Collection c = new HashSet();
+ c.add("aaa");
+ c.add("bbb");
+ c.add("ccc");
+ return c;
+ }
+
+ public ClassLoader getSampleClassLoader1()
+ {
+ return this.getClass().getClassLoader();
+ }
+
+ /**
+ * sample property which is a subclass of ClassLoader
+ * @return
+ */
+ public ClassLoader getSampleClassLoader2()
Review comment:
are those two new methods being used somewhere/somehow ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-706034658
hi wglasshusain, can we get this one merged so the new version can be released?
Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester removed a comment on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester removed a comment on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-706034658
hi wglasshusain, can we get this one merged so the new version can be released?
Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-714275346
hi @wglasshusain @nbubna , can we get this merged so the new version can be released?
Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] arkanovicz commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
arkanovicz commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-799180202
There is no plan whatsoever to update 1.7.
Look. Velocity 1.7 was released in 2010. That's more than ten years ago. You can't seriously ask for us to maintain ten years old code. Feel free to integrate the patch yourself, though.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester edited a comment on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester edited a comment on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
hi @wglasshusain @nbubna, any update on this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] arkanovicz commented on a change in pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
arkanovicz commented on a change in pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#discussion_r583195133
##########
File path: velocity-engine-core/src/test/java/org/apache/velocity/test/SecureIntrospectionTestCase.java
##########
@@ -163,14 +166,35 @@ public void setProperty(String val)
}
- public Collection getCollection()
- {
- Collection c = new HashSet();
- c.add("aaa");
- c.add("bbb");
- c.add("ccc");
- return c;
- }
+ public Collection getCollection()
+ {
+ Collection c = new HashSet();
+ c.add("aaa");
+ c.add("bbb");
+ c.add("ccc");
+ return c;
+ }
+
+ public ClassLoader getSampleClassLoader1()
+ {
+ return this.getClass().getClassLoader();
+ }
+
+ /**
+ * sample property which is a subclass of ClassLoader
+ * @return
+ */
+ public ClassLoader getSampleClassLoader2()
Review comment:
Apparently not. I removed them.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
No description provided.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[GitHub] [velocity-engine] pwntester commented on pull request #16: Velocity 931 update secure classlist
Posted by GitBox <gi...@apache.org>.
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-706034658
hi wglasshusain, can we get this one merged so the new version can be released?
Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org