You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@jmeter.apache.org by bu...@apache.org on 2019/09/27 10:11:59 UTC
[Bug 63776] New: Please update dependency of jackson to 2.9.10
https://bz.apache.org/bugzilla/show_bug.cgi?id=63776
Bug ID: 63776
Summary: Please update dependency of jackson to 2.9.10
Product: JMeter
Version: Nightly (Please specify date)
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Main
Assignee: issues@jmeter.apache.org
Reporter: stefan@trilobyte-se.de
Target Milestone: JMETER_5.2
Hello,
the currently used version of Jackson-databind contains an security
vulnerability (again). This one is fixed at 2.9.10 (CVE-2019-14540)
https://github.com/FasterXML/jackson-databind/issues/2410
I try to create a PR but failed. Maybe someone can help...
I did all steps as described inside CONTRIBUTING.md.
I checked out the code from github. Opened build.gradle.kts inside Intellij
(2019.2.3). Here i was not asked about poitn 2 "Create separate module per
source set".
Than later on running './gradlew check' fails. It seems to be a locale problem.
Two tests fail with the following:
org.apache.jmeter.assertions.gui.AssertionGuiSpec > Modification of
ResponseAssertion by GUI has no unexpected behaviour FAILED
Condition not satisfied:
element.getName() == "Response Assertion"
| | |
| | false
| | 15 differences (21% similarity)
| | (V)e(r)s(ichert)e A(ntwo)rt(---)
| | (R)e(-)s(pons--)e A(sse-)rt(ion)
| Versicherte Antwort
<org.apache.jmeter.assertions.ResponseAssertion@c074e66
propMap=[Asserion.test_strings:[], TestElement.name:Versicherte Antwort,
TestElement.gui_class:org.apache.jmeter.
...
What should i change to resolve these?
Another thing - Felix Schumacher created a fix last time (e5a2fe13 from 15.Aug)
where i reported a similiar problem. He change version numbers inside three
files, but i do not find the checksum.propoerties file in my project. Was it
removed or gets automatically recreated somehow? I see a lot of changes going
on to the build system right now...
Thanks,
Stefan Seide
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 63776] Please update dependency of jackson to 2.9.10
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63776
--- Comment #4 from Vladimir Sitnikov <si...@gmail.com> ---
>may i suggest to add these two variables to the gradle build script itself?
I would tentatively decline that proposal.
The build script should work no matter what user locale is.
Further, we should encourage users to execute tests in different locales. That
might help to surface bugs.
I've pushed a change that compares the exact values only when default language
is English, and it resorts to "not null" comparison for other languages.
On top of that, I made Travis CI exercise tests in fr_FR locale to detect new
bugs of that kind.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 63776] Please update dependency of jackson to 2.9.10
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63776
--- Comment #3 from S. Seide <st...@trilobyte-se.de> ---
Thanks.
As current behaviour of the gradle build scripts depend on user environent
may i suggest to add these two variables to the gradle build script itself?
This would prevent such errors in the future - even more when locale specific
strings are used for test comparison...
The failures came from me runnning the build in a "normal" terminal. Setting
LANG and LC_ALL as you suggested fixed it.
Running the same command inside IntelliJ terminal does not show these errors as
these variables are resetted/removed there it seems...
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 63776] Please update dependency of jackson to 2.9.10
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63776
Vladimir Sitnikov <si...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Vladimir Sitnikov <si...@gmail.com> ---
S. Seide, thanks for the alert.
The fix is merged.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 63776] Please update dependency of jackson to 2.9.10
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63776
--- Comment #1 from Vladimir Sitnikov <si...@gmail.com> ---
checksum.propoerties has been superseded by checksum.xml (see
https://github.com/apache/jmeter/pull/488 )
So you need to update gradle.properties and it should be enough.
If it is not enough the build will fail and it will print the way to proceed.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 63776] Please update dependency of jackson to 2.9.10
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63776
--- Comment #2 from Felix Schumacher <fe...@internetallee.de> ---
(In reply to S. Seide from comment #0)
> Hello,
>
> the currently used version of Jackson-databind contains an security
> vulnerability (again). This one is fixed at 2.9.10 (CVE-2019-14540)
> https://github.com/FasterXML/jackson-databind/issues/2410
>
> I try to create a PR but failed. Maybe someone can help...
>
> I did all steps as described inside CONTRIBUTING.md.
>
> I checked out the code from github. Opened build.gradle.kts inside Intellij
> (2019.2.3). Here i was not asked about poitn 2 "Create separate module per
> source set".
>
> Than later on running './gradlew check' fails. It seems to be a locale
> problem. Two tests fail with the following:
>
> org.apache.jmeter.assertions.gui.AssertionGuiSpec > Modification of
> ResponseAssertion by GUI has no unexpected behaviour FAILED
> Condition not satisfied:
>
> element.getName() == "Response Assertion"
> | | |
> | | false
> | | 15 differences (21% similarity)
> | | (V)e(r)s(ichert)e A(ntwo)rt(---)
> | | (R)e(-)s(pons--)e A(sse-)rt(ion)
> | Versicherte Antwort
> <org.apache.jmeter.assertions.ResponseAssertion@c074e66
> propMap=[Asserion.test_strings:[], TestElement.name:Versicherte Antwort,
> TestElement.gui_class:org.apache.jmeter.
> ...
>
> What should i change to resolve these?
>
I always set LANG and LC_ALL before running gradle like this:
$ LANG= LC_ALL=C ./gradlew build
--
You are receiving this mail because:
You are the assignee for the bug.