[JBoss JIRA] (WFLY-8237) Upgrade to xalan 2.7.1.jbossorg-3 and include fix for cve-2014-0107
by Scott Marlow (JIRA)
[ https://issues.jboss.org/browse/WFLY-8237?page=com.atlassian.jira.plugin.... ]
Scott Marlow moved JBEAP-9127 to WFLY-8237:
-------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-8237 (was: JBEAP-9127)
Issue Type: Task (was: Bug)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: XML Frameworks
(was: XML Frameworks)
> Upgrade to xalan 2.7.1.jbossorg-3 and include fix for cve-2014-0107
> -------------------------------------------------------------------
>
> Key: WFLY-8237
> URL: https://issues.jboss.org/browse/WFLY-8237
> Project: WildFly
> Issue Type: Task
> Components: XML Frameworks
> Reporter: Scott Marlow
> Assignee: Scott Marlow
>
> EAP is still using 2.7.1 with our patches on top of it.
> It would be wise to upgrade to 2.7.2 and add any missing patches we did to 2.7.1
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (WFCORE-2317) Nested attributes are not validated
by Michal Petrov (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2317?page=com.atlassian.jira.plugi... ]
Michal Petrov commented on WFCORE-2317:
---------------------------------------
{quote}
The elements of the list and the values in the map should be validated individually for internal correctness, if those elements/values themselves use ObjectTypeAtributeDefinition.
{quote}
Right, didn't think of that. I'll check how it works.
> Nested attributes are not validated
> -----------------------------------
>
> Key: WFCORE-2317
> URL: https://issues.jboss.org/browse/WFCORE-2317
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 3.0.0.Alpha25
> Reporter: Michal Petrov
> Fix For: 3.0.0.Beta6
>
>
> Attributes of type Object do not have their inner attributes validated for e.g. "requires" and "alternatives".
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (WFCORE-2320) Unable to start Slave host after Master was restarted with enabled RBAC
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2320?page=com.atlassian.jira.plugi... ]
Brian Stansberry reassigned WFCORE-2320:
----------------------------------------
Assignee: Brian Stansberry
> Unable to start Slave host after Master was restarted with enabled RBAC
> -----------------------------------------------------------------------
>
> Key: WFCORE-2320
> URL: https://issues.jboss.org/browse/WFCORE-2320
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Reporter: Jan Tymel
> Assignee: Brian Stansberry
> Priority: Blocker
>
> It is not possible to connect to previously shutdown domain controller that uses RBAC. If steps to reproduce are followed then the following output is given on slave:
> {code}
> [Host Controller] 10:47:57,754 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:48:01,756 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:48:10,918 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:48:26,026 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:48:41,047 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:48:56,059 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:49:11,106 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:49:26,133 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:49:41,148 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:49:56,180 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:50:11,202 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:50:26,215 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:50:41,230 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:50:56,264 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:50:56,273 WARN [org.jboss.as.protocol.connection] (management task-1) WFLYPRT0018: No such request (15) associated with channel Channel ID ce1200c8 (outbound) of Remoting connection 6cf4e35b to /127.0.0.1:9999 of endpoint "my-local-domain:MANAGEMENT" <988a70d>
> [Host Controller] 10:51:11,275 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:51:11,304 WARN [org.jboss.as.protocol.connection] (management task-7) WFLYPRT0018: No such request (16) associated with channel Channel ID cabd84e6 (outbound) of Remoting connection 3083f850 to /127.0.0.1:9999 of endpoint "my-local-domain:MANAGEMENT" <988a70d>
> (...)
> Host Controller] 10:52:26,401 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 8) WFLYHC0150: Trying to reconnect to master host controller.
> [Host Controller] 10:52:40,194 ERROR [org.jboss.as.server] (Host Controller Service Threads - 7) WFLYSRV0216: Error cleaning obsolete content WFLYCTL0313: Unauthorized to execute operation 'read-attribute' for resource '[]' -- "WFLYCTL0332: Permission denied"
> [Host Controller] 10:52:40,196 ERROR [org.jboss.as.server] (Host Controller Service Threads - 7) WFLYSRV0216: Error cleaning obsolete content WFLYCTL0031: No operation named 'clean-obsolete-content' exists at address []
> {code}
> On master instance is given following output after a while:
> {code}
> [Host Controller] 10:52:59,560 ERROR [org.jboss.as.server] (Host Controller Service Threads - 31) WFLYSRV0216: Error cleaning obsolete content WFLYCTL0313: Unauthorized to execute operation 'read-attribute' for resource '[]' -- "WFLYCTL0332: Permission denied"
> [Host Controller] 10:52:59,564 ERROR [org.jboss.as.server] (Host Controller Service Threads - 31) WFLYSRV0216: Error cleaning obsolete content WFLYCTL0031: No operation named 'clean-obsolete-content' exists at address []
> {code}
> Once the slave instance has been shut down, it is not possible to start it again. See following output:
> {code}
> [Host Controller] 10:55:34,409 INFO [org.jboss.as.remoting] (MSC service thread 1-2) WFLYRMT0001: Listening on 127.0.0.1:19999
> [Host Controller] 10:55:34,701 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://127.0.0.1:9999: 1-$-WFLYCTL0216: Management resource '[]' not found
> [Host Controller] at org.jboss.as.host.controller.RemoteDomainConnection$HostControllerConnectRequest.handleRequest(RemoteDomainConnection.java:390)
> [Host Controller] at org.jboss.as.protocol.mgmt.AbstractMessageHandler.handleMessage(AbstractMessageHandler.java:321)
> [Host Controller] at org.jboss.as.protocol.mgmt.AbstractMessageHandler.handleRequest(AbstractMessageHandler.java:286)
> [Host Controller] at org.jboss.as.protocol.mgmt.AbstractMessageHandler.handleMessage(AbstractMessageHandler.java:234)
> [Host Controller] at org.jboss.as.protocol.mgmt.ManagementChannelReceiver.handleMessage(ManagementChannelReceiver.java:85)
> [Host Controller] at org.jboss.remoting3.remote.RemoteConnectionChannel.lambda$handleMessageData$3(RemoteConnectionChannel.java:434)
> [Host Controller] at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:817)
> [Host Controller] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [Host Controller] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [Host Controller] at java.lang.Thread.run(Thread.java:745)
> [Host Controller]
> [Host Controller] 10:55:34,702 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0147: No domain controller discovery options remain.
> [Host Controller] 10:55:34,702 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0002: Could not connect to master. Error was: java.lang.IllegalStateException: WFLYHC0120: Tried all domain controller discovery option(s) but unable to connect
> [Host Controller] 10:55:34,707 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0178: Aborting with exit code 99
> [Host Controller] 10:55:34,734 INFO [org.jboss.as] (MSC service thread 1-4) WFLYSRV0050: JBoss EAP 7.1.0.Alpha1 (WildFly Core 3.0.0.Beta2-redhat-1) stopped in 16ms
> {code}
> Setting priority to blocker since this is a regression against 7.0.0.GA
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (WFCORE-2327) embed-server froze during start when RBAC used
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2327?page=com.atlassian.jira.plugi... ]
Brian Stansberry reassigned WFCORE-2327:
----------------------------------------
Assignee: Brian Stansberry
> embed-server froze during start when RBAC used
> ----------------------------------------------
>
> Key: WFCORE-2327
> URL: https://issues.jboss.org/browse/WFCORE-2327
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI
> Affects Versions: 3.0.0.Alpha17
> Reporter: Jan Kalina
> Assignee: Brian Stansberry
> Priority: Critical
> Attachments: standalone.xml
>
>
> When RBAC enabled, embed-server froze during start - CLI prompt of started server does not show and need to be interrupted by Ctrl+C.
> {code}
> bin/jboss-cli.sh
> You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
> [disconnected /] embed-server --std-out=echo
> 15:55:41,588 INFO [org.jboss.modules] (AeshProcess: 1) JBoss Modules version 1.6.0.Beta3
> 15:55:41,650 INFO [org.jboss.msc] (AeshProcess: 1) JBoss MSC version 1.2.7.Final
> 15:55:41,773 INFO [org.jboss.as] (MSC service thread 1-8) WFLYSRV0049: WildFly Core 3.0.0.Alpha18-SNAPSHOT "Kenny" starting
> 15:55:41,966 INFO [org.jboss.as.domain.management] (MSC service thread 1-4) WFLYDM0136: Registered OpenSSL provider
> 15:55:42,302 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
> 15:55:42,367 INFO [org.jboss.as.patching] (MSC service thread 1-8) WFLYPAT0050: WildFly cumulative patch ID is: base, one-off patches include: none
> 15:55:42,386 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-4) WFLYDM0111: Keystore /home/jkalina/wildfly/wildfly-core/build/target/wildfly-core-3.0.0.Alpha18-SNAPSHOT/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
> 15:55:42,466 INFO [org.jboss.as.server] (ServerService Thread Pool -- 5) WFLYSRV0212: Resuming server
> 15:55:42,469 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Core 3.0.0.Alpha18-SNAPSHOT "Kenny" started in 875ms - Started 37 of 46 services (17 services are lazy, passive or on-demand)
> {code}
> In this stage it froze and need to be interrupted by Ctrl+C.
> {code}
> Interrupted while waiting for embedded server to start
> [disconnected /]
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months
[JBoss JIRA] (WFCORE-2317) Nested attributes are not validated
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2317?page=com.atlassian.jira.plugi... ]
Brian Stansberry commented on WFCORE-2317:
------------------------------------------
[~michpetrov]
Nice! I haven't had time to look, but it's nice you are attacking this. Since you are working this, please assign it to yourself.
"My assumption is that requires/alternatives is only meant for siblings (and as such list and map do not need to be validated)"
Two answers -- the theoretical and the practical:
Theoretical:
The elements of the list and the values in the map should be validated individually for internal correctness, if those elements/values themselves use ObjectTypeAtributeDefinition. Those checks can be limited to cases where the enclosing list/map uses ObjectListAttributeDefinition or ObjectMapAttributeDefinition. There is no need to validate across list elements or map values.
Practical:
I see no uses of ObjectMapAttributeDefinition in WildFly. I'm glad, as maps of objects are fairly ugly. So dealing with it is not a priority.
There are some uses of ObjectListAttributeDefinition. I don't see any uses of requires/alternatives in those, so dealing with lists is not a priority.
I believe my IDE search would have caught any uses in the elytron subsystem, but it's good to double check, particularly for list. It's uses of list in the elytron subsystem that would provide some motivation to get the list handling in, since that's new API and correctness of security config is more important than most config. Otherwise I'd be fine with ignoring lists at this point.
> Nested attributes are not validated
> -----------------------------------
>
> Key: WFCORE-2317
> URL: https://issues.jboss.org/browse/WFCORE-2317
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 3.0.0.Alpha25
> Reporter: Michal Petrov
> Fix For: 3.0.0.Beta6
>
>
> Attributes of type Object do not have their inner attributes validated for e.g. "requires" and "alternatives".
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 8 months