You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by sm...@apache.org on 2022/05/10 18:06:50 UTC
[knox] branch master updated: KNOX-2741 - Upgraded Velocity and Pac4j versions (#570)
This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 08ba70c4c KNOX-2741 - Upgraded Velocity and Pac4j versions (#570)
08ba70c4c is described below
commit 08ba70c4cc16c7c74f9f792aa779f6dcb18392ae
Author: Sandor Molnar <sm...@cloudera.com>
AuthorDate: Tue May 10 20:06:44 2022 +0200
KNOX-2741 - Upgraded Velocity and Pac4j versions (#570)
* KNOX-2741 - Upgraded velocity to 2.3 due to CVE-2020-13936
* KNOX-2741 - Upgraded Pac4j to 4.5.2
---
gateway-provider-identity-assertion-common/pom.xml | 2 +-
gateway-provider-rewrite-func-hostmap-static/pom.xml | 2 +-
gateway-provider-rewrite-func-service-registry/pom.xml | 2 +-
gateway-provider-rewrite-step-encrypt-uri/pom.xml | 2 +-
gateway-provider-rewrite/pom.xml | 2 +-
gateway-provider-security-pac4j/pom.xml | 4 ++++
gateway-server/pom.xml | 2 +-
gateway-spi/pom.xml | 2 +-
gateway-test-utils/pom.xml | 2 +-
.../src/main/java/org/apache/knox/test/TestUtils.java | 15 ++++++++++++---
gateway-test/pom.xml | 2 +-
.../apache/knox/gateway/AmbariServiceDefinitionTest.java | 2 +-
.../org/apache/knox/gateway/GatewayBasicFuncTest.java | 6 +++---
pom.xml | 6 +++---
14 files changed, 32 insertions(+), 19 deletions(-)
diff --git a/gateway-provider-identity-assertion-common/pom.xml b/gateway-provider-identity-assertion-common/pom.xml
index 7d7b3c52d..deee75c37 100644
--- a/gateway-provider-identity-assertion-common/pom.xml
+++ b/gateway-provider-identity-assertion-common/pom.xml
@@ -112,7 +112,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
diff --git a/gateway-provider-rewrite-func-hostmap-static/pom.xml b/gateway-provider-rewrite-func-hostmap-static/pom.xml
index 4291999f8..c962c51a5 100644
--- a/gateway-provider-rewrite-func-hostmap-static/pom.xml
+++ b/gateway-provider-rewrite-func-hostmap-static/pom.xml
@@ -85,7 +85,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/gateway-provider-rewrite-func-service-registry/pom.xml b/gateway-provider-rewrite-func-service-registry/pom.xml
index 6f43a6095..6f44b7a32 100644
--- a/gateway-provider-rewrite-func-service-registry/pom.xml
+++ b/gateway-provider-rewrite-func-service-registry/pom.xml
@@ -97,7 +97,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/gateway-provider-rewrite-step-encrypt-uri/pom.xml b/gateway-provider-rewrite-step-encrypt-uri/pom.xml
index c2766c874..c86434044 100644
--- a/gateway-provider-rewrite-step-encrypt-uri/pom.xml
+++ b/gateway-provider-rewrite-step-encrypt-uri/pom.xml
@@ -80,7 +80,7 @@
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
diff --git a/gateway-provider-rewrite/pom.xml b/gateway-provider-rewrite/pom.xml
index c57aa2373..a14aa77c7 100644
--- a/gateway-provider-rewrite/pom.xml
+++ b/gateway-provider-rewrite/pom.xml
@@ -187,7 +187,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/gateway-provider-security-pac4j/pom.xml b/gateway-provider-security-pac4j/pom.xml
index 023f6067c..44d46d0f1 100644
--- a/gateway-provider-security-pac4j/pom.xml
+++ b/gateway-provider-security-pac4j/pom.xml
@@ -137,6 +137,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/gateway-server/pom.xml b/gateway-server/pom.xml
index bf6fa837c..c6151cedd 100644
--- a/gateway-server/pom.xml
+++ b/gateway-server/pom.xml
@@ -456,7 +456,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
diff --git a/gateway-spi/pom.xml b/gateway-spi/pom.xml
index 95b07c19e..4e29530a8 100644
--- a/gateway-spi/pom.xml
+++ b/gateway-spi/pom.xml
@@ -191,7 +191,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/gateway-test-utils/pom.xml b/gateway-test-utils/pom.xml
index efc96b413..5eec6a6f4 100644
--- a/gateway-test-utils/pom.xml
+++ b/gateway-test-utils/pom.xml
@@ -119,7 +119,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>provided</scope>
</dependency>
diff --git a/gateway-test-utils/src/main/java/org/apache/knox/test/TestUtils.java b/gateway-test-utils/src/main/java/org/apache/knox/test/TestUtils.java
index 9471d1f9f..6304c6c96 100644
--- a/gateway-test-utils/src/main/java/org/apache/knox/test/TestUtils.java
+++ b/gateway-test-utils/src/main/java/org/apache/knox/test/TestUtils.java
@@ -44,11 +44,14 @@ import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
import java.util.Locale;
+import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
public class TestUtils {
private static final Logger LOG = LogManager.getLogger(TestUtils.class);
@@ -162,16 +165,22 @@ public class TestUtils {
public static String merge( String resource, Properties properties ) {
ClasspathResourceLoader loader = new ClasspathResourceLoader();
- loader.getResourceStream( resource );
+ loader.getResourceReader(resource, StandardCharsets.UTF_8.name());
VelocityEngine engine = new VelocityEngine();
Properties config = new Properties();
- config.setProperty( RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, "org.apache.velocity.runtime.log.NullLogSystem" );
+ config.setProperty( "runtime.log.logsystem.class", "org.apache.velocity.runtime.log.NullLogSystem" );
config.setProperty( RuntimeConstants.RESOURCE_LOADER, "classpath" );
config.setProperty( "classpath.resource.loader.class", ClasspathResourceLoader.class.getName() );
engine.init( config );
- VelocityContext context = new VelocityContext( properties );
+ final Map<String, Object> propertiesMap = properties.entrySet().stream().collect(
+ Collectors.toMap(
+ e -> String.valueOf(e.getKey()),
+ e -> String.valueOf(e.getValue()),
+ (prev, next) -> next, HashMap::new
+ ));
+ VelocityContext context = new VelocityContext( propertiesMap );
Template template = engine.getTemplate( resource );
StringWriter writer = new StringWriter();
template.merge( context, writer );
diff --git a/gateway-test/pom.xml b/gateway-test/pom.xml
index 347af29b6..e4145975d 100644
--- a/gateway-test/pom.xml
+++ b/gateway-test/pom.xml
@@ -187,7 +187,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
diff --git a/gateway-test/src/test/java/org/apache/knox/gateway/AmbariServiceDefinitionTest.java b/gateway-test/src/test/java/org/apache/knox/gateway/AmbariServiceDefinitionTest.java
index d3d14d80c..c781d3062 100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/AmbariServiceDefinitionTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/AmbariServiceDefinitionTest.java
@@ -155,7 +155,7 @@ public class AmbariServiceDefinitionTest {
params.put( "AMBARI_URL", "http://localhost:" + mockAmbari.getPort() );
velocity = new VelocityEngine();
- velocity.setProperty( RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, "org.apache.velocity.runtime.log.NullLogSystem" );
+ velocity.setProperty( "runtime.log.logsystem.class", "org.apache.velocity.runtime.log.NullLogSystem" );
velocity.setProperty( RuntimeConstants.RESOURCE_LOADER, "classpath" );
velocity.setProperty( "classpath.resource.loader.class", ClasspathResourceLoader.class.getName() );
velocity.init();
diff --git a/gateway-test/src/test/java/org/apache/knox/gateway/GatewayBasicFuncTest.java b/gateway-test/src/test/java/org/apache/knox/gateway/GatewayBasicFuncTest.java
index 3f413ad93..e62b5496f 100644
--- a/gateway-test/src/test/java/org/apache/knox/gateway/GatewayBasicFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/knox/gateway/GatewayBasicFuncTest.java
@@ -1000,7 +1000,7 @@ public class GatewayBasicFuncTest {
createFile( user, pass, group, root+"/input/changes.txt", "666", "text/plain", "changes.txt", 307, 201, 200 );
VelocityEngine velocity = new VelocityEngine();
- velocity.setProperty( RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, "org.apache.velocity.runtime.log.NullLogSystem" );
+ velocity.setProperty( "runtime.log.logsystem.class", "org.apache.velocity.runtime.log.NullLogSystem" );
velocity.setProperty( RuntimeConstants.RESOURCE_LOADER, "classpath" );
velocity.setProperty( "classpath.resource.loader.class", ClasspathResourceLoader.class.getName() );
velocity.init();
@@ -2410,7 +2410,7 @@ public class GatewayBasicFuncTest {
String gatewayAddrName = InetAddress.getByName( gatewayHostName ).getHostAddress();
VelocityEngine velocity = new VelocityEngine();
- velocity.setProperty( RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, "org.apache.velocity.runtime.log.NullLogSystem" );
+ velocity.setProperty( "runtime.log.logsystem.class", "org.apache.velocity.runtime.log.NullLogSystem" );
velocity.setProperty( RuntimeConstants.RESOURCE_LOADER, "classpath" );
velocity.setProperty( "classpath.resource.loader.class", ClasspathResourceLoader.class.getName() );
velocity.init();
@@ -2663,7 +2663,7 @@ public class GatewayBasicFuncTest {
Map<String, Matcher<?>> matchers = new HashMap<>();
VelocityEngine velocity = new VelocityEngine();
- velocity.setProperty( RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, "org.apache.velocity.runtime.log.NullLogSystem" );
+ velocity.setProperty( "runtime.log.logsystem.class", "org.apache.velocity.runtime.log.NullLogSystem" );
velocity.setProperty( RuntimeConstants.RESOURCE_LOADER, "classpath" );
velocity.setProperty( "classpath.resource.loader.class", ClasspathResourceLoader.class.getName() );
velocity.init();
diff --git a/pom.xml b/pom.xml
index 412ca751f..8dc2e60cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -249,7 +249,7 @@
<nodejs.version>v12.18.2</nodejs.version>
<okhttp.version>2.7.5</okhttp.version>
<opensaml.version>3.4.5</opensaml.version>
- <pac4j.version>4.3.0</pac4j.version>
+ <pac4j.version>4.5.2</pac4j.version>
<postgresql.version>42.2.19</postgresql.version>
<mysql.version>8.0.25</mysql.version>
<protobuf.version>3.14.0</protobuf.version>
@@ -269,7 +269,7 @@
<taglibs-standard.version>1.2.5</taglibs-standard.version>
<testcontainers.version>1.15.1</testcontainers.version>
<txw2.version>2.4.0-b180830.0438</txw2.version>
- <velocity.version>1.7</velocity.version>
+ <velocity.version>2.3</velocity.version>
<woodstox-core.version>6.1.1</woodstox-core.version>
<xmlsec.version>2.1.5</xmlsec.version>
<xmltool.version>3.3</xmltool.version>
@@ -2433,7 +2433,7 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<version>${velocity.version}</version>
<!--scope>test</scope-->
</dependency>