You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2019/03/25 17:53:01 UTC
svn commit: r1856216 - in /ofbiz/branches/release16.11: build.gradle
specialpurpose/example/build.gradle
Author: jleroux
Date: Mon Mar 25 17:53:01 2019
New Revision: 1856216
URL: http://svn.apache.org/viewvc?rev=1856216&view=rev
Log:
Fixed: Update Tomcat to 9.0.16 due to CVE-2019-0199
(OFBIZ-10873)
The HTTP/2 implementation accepted streams with excessive numbers of
SETTINGS frames and also permitted clients to keep streams open without
reading/writing request/response data. By keeping streams open for
requests that utilised the Servlet API's blocking I/O, clients were able
to cause server-side threads to block eventually leading to thread
exhaustion and a DoS.
Actually it's from 8.5.37 to 8.5.38 in R16
Modified:
ofbiz/branches/release16.11/build.gradle
ofbiz/branches/release16.11/specialpurpose/example/build.gradle
Modified: ofbiz/branches/release16.11/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/build.gradle?rev=1856216&r1=1856215&r2=1856216&view=diff
==============================================================================
--- ofbiz/branches/release16.11/build.gradle (original)
+++ ofbiz/branches/release16.11/build.gradle Mon Mar 25 17:53:01 2019
@@ -123,10 +123,10 @@ dependencies {
compile 'org.apache.shiro:shiro-core:1.3.0'
compile 'org.apache.tika:tika-core:1.12'
compile 'org.apache.tika:tika-parsers:1.12'
- compile 'org.apache.tomcat:tomcat-catalina-ha:8.5.37'
- compile 'org.apache.tomcat:tomcat-catalina:8.5.37'
- compile 'org.apache.tomcat:tomcat-jasper:8.5.37'
- compile 'org.apache.tomcat:tomcat-tribes:8.5.37'
+ compile 'org.apache.tomcat:tomcat-catalina-ha:8.5.38'
+ compile 'org.apache.tomcat:tomcat-catalina:8.5.38'
+ compile 'org.apache.tomcat:tomcat-jasper:8.5.38'
+ compile 'org.apache.tomcat:tomcat-tribes:8.5.38'
compile 'org.apache.xmlgraphics:fop:2.1'
compile 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
compile 'org.apache.xmlrpc:xmlrpc-server:3.1.3'
@@ -229,14 +229,14 @@ sourceSets {
exclude excludedJavaSources
exclude excludedConfigFiles
// Below are necessary for unit tests run by Gradle and integration tests
- exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
- !elem.getName().contains('start.properties') &&
- !elem.getName().contains('load-data.properties') &&
+ exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
+ !elem.getName().contains('start.properties') &&
+ !elem.getName().contains('load-data.properties') &&
!elem.getName().contains('debug.properties') &&
!elem.getName().contains('cache.properties') &&
!elem.getName().contains('test.properties') &&
!elem.getName().contains('rmi.properties')}
- exclude { FileTreeElement elem -> elem.getName().contains('.xml') &&
+ exclude { FileTreeElement elem -> elem.getName().contains('.xml') &&
!elem.getName().contains('entityengine.xml')
}
}
Modified: ofbiz/branches/release16.11/specialpurpose/example/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/specialpurpose/example/build.gradle?rev=1856216&r1=1856215&r2=1856216&view=diff
==============================================================================
--- ofbiz/branches/release16.11/specialpurpose/example/build.gradle (original)
+++ ofbiz/branches/release16.11/specialpurpose/example/build.gradle Mon Mar 25 17:53:01 2019
@@ -1,3 +1,3 @@
dependencies {
- pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:8.5.37'
+ pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:8.5.38'
}
\ No newline at end of file