November 2015 - jbosstools-issues

[JBoss JIRA] (JBIDE-21112) D&D install is not working with Internet explorer 11 and MS Edge 20

by Radim Hopp (JIRA)

Radim Hopp created JBIDE-21112: ---------------------------------- Summary: D&D install is not working with Internet explorer 11 and MS Edge 20 Key: JBIDE-21112 URL: https://issues.jboss.org/browse/JBIDE-21112 Project: Tools (JBoss Tools) Issue Type: Bug Components: central Affects Versions: 4.3.0.Final Environment: Windows 10 Microsoft Edge 20.10240.16384.0 Microsoft Internet Explorer 11.0.10240.16384 Reporter: Radim Hopp D&D (JBIDE-15499) links to Central from Edge or MS Explorer is not working. Dropping the same link from Chrome triggers the installation. The same issue is effecting Eclipse marketplace client. I've opened bug there: https://bugs.eclipse.org/bugs/show_bug.cgi?id=482588 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

by Mickael Istria (JIRA)

[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.... ] Mickael Istria edited comment on JBDS-3560 at 11/19/15 9:28 AM: ---------------------------------------------------------------- The only feature in our TP that requires and provide org.apache.commons.collections is org.eclipse.jpt.jpa.feature. It is strictly tied to version 3.2.0. JBDS includes this feature, so it transitively requires the 3.2.0 version of org.apache.commons.collections. I guess there is not much we can do before Mars.2. Anyway, the features and plugins we provide can still decide to enforce dependency on 3.2.2, and we keep both 3.2.0 and 3.2.2. So at least we know that "our" execution threads wouldn't be hurt by the issue. And also, despite it seems like we're currently forced to ship commons.collections 3.2.0, it doesn't mean that it has to be loaded at runtime. So shippng also a 3.2.2 (by making the hibernate.runtime plugin depend on this specific version for example) would enforce loading of 3.2.2 and should avoid loading of 3.2.0. So +1 for the change proposed by [~nickboldt], but it requires an additional step to make sure we "enable" the better version. was (Author: mickael_istria): The only feature in our TP that requires and provide org.apache.commons.collections is org.eclipse.jpt.jpa.feature. It is strictly tied to version 3.2.0. JBDS includes this feature, so it transitively requires the 3.2.0 version of org.apache.commons.collections. I guess there is not much we can do before Mars.2. Anyway, the features and plugins we provide can still decide to enforce dependency on 3.2.2, and we keep both 3.2.0 and 3.2.2. So at least we know that "our" execution threads wouldn't be hurt by the issue. > Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580) > ------------------------------------------------------------------------- > > Key: JBDS-3560 > URL: https://issues.jboss.org/browse/JBDS-3560 > Project: Developer Studio (JBoss Developer Studio) > Issue Type: Bug > Components: upstream > Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1 > Reporter: Nick Boldt > Assignee: Max Rydahl Andersen > Fix For: 9.1.0.Beta1, 10.0.0.Alpha1 > > Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt > > > This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580 > Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBDS-3276) JBDS-IS Installer support

by Catherine Robson (JIRA)

[ https://issues.jboss.org/browse/JBDS-3276?page=com.atlassian.jira.plugin.... ] Catherine Robson commented on JBDS-3276: ---------------------------------------- We have two more usability tests happening today, and then I'll come back and provide my feedback. > JBDS-IS Installer support > ------------------------- > > Key: JBDS-3276 > URL: https://issues.jboss.org/browse/JBDS-3276 > Project: Developer Studio (JBoss Developer Studio) > Issue Type: Feature Request > Components: installer, integration-platform, requirements > Affects Versions: 8.0.0.GA > Reporter: Burr Sutter > Assignee: Paul Leacu > Fix For: 9.1.0.Beta1 > > Attachments: Red Hat JBoss Developer Studio 9.0.0.Alpha2_105.png, EA.png, jbds-is-about.png, JBDSIS_installer_9.png, JBDSIS_installer_space.png, mirroringlog.txt, sai1.png > > > As a Fuse, integration-focused developer, I need a downloadable installer that will allow me to quickly and easily install JBDS with Fuse capabilities. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

by Mickael Istria (JIRA)

[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.... ] Mickael Istria edited comment on JBDS-3560 at 11/19/15 9:21 AM: ---------------------------------------------------------------- The only feature in our TP that requires and provide org.apache.commons.collections is org.eclipse.jpt.jpa.feature. It is strictly tied to version 3.2.0. JBDS includes this feature, so it transitively requires the 3.2.0 version of org.apache.commons.collections. I guess there is not much we can do before Mars.2. Anyway, the features and plugins we provide can still decide to enforce dependency on 3.2.2, and we keep both 3.2.0 and 3.2.2. So at least we know that "our" execution threads wouldn't be hurt by the issue. was (Author: mickael_istria): The only feature in our TP that requires and provide org.apache.commons.collections is org.eclipse.jpt.jpa.feature. It is strictly tied to version 3.2.0. JBDS includes this feature, so it transitively requires the 3.2.0 version of org.apache.commons.collections. I guess there is not much we can do before Mars.2. > Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580) > ------------------------------------------------------------------------- > > Key: JBDS-3560 > URL: https://issues.jboss.org/browse/JBDS-3560 > Project: Developer Studio (JBoss Developer Studio) > Issue Type: Bug > Components: upstream > Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1 > Reporter: Nick Boldt > Assignee: Max Rydahl Andersen > Fix For: 9.1.0.Beta1, 10.0.0.Alpha1 > > Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt > > > This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580 > Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

by Mickael Istria (JIRA)

[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.... ] Mickael Istria commented on JBDS-3560: -------------------------------------- The only feature in our TP that requires and provide org.apache.commons.collections is org.eclipse.jpt.jpa.feature. It is strictly tied to version 3.2.0. JBDS includes this feature, so it transitively requires the 3.2.0 version of org.apache.commons.collections. I guess there is not much we can do before Mars.2. > Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580) > ------------------------------------------------------------------------- > > Key: JBDS-3560 > URL: https://issues.jboss.org/browse/JBDS-3560 > Project: Developer Studio (JBoss Developer Studio) > Issue Type: Bug > Components: upstream > Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1 > Reporter: Nick Boldt > Assignee: Max Rydahl Andersen > Fix For: 9.1.0.Beta1, 10.0.0.Alpha1 > > Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt > > > This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580 > Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBDS-3276) JBDS-IS Installer support

by Paul Leacu (JIRA)

[ https://issues.jboss.org/browse/JBDS-3276?page=com.atlassian.jira.plugin.... ] Paul Leacu edited comment on JBDS-3276 at 11/19/15 9:19 AM: ------------------------------------------------------------ Greetings all watchers... [~maxandersen] [~ldimaggio] [~nickboldt] [~dgolovin] [~crobson] [~ganandan-Redhat] [~mhusnain] [~akazakov] What do we collectively want to do with this Jira from here? The prototype JBDSIS standalone installer works well and does facilitate the installation of integration stack tooling (like Fuse Tooling or Teiid Designer). The latest user experience testing has shown that the latest batch of users didn't find the existing install scenario that different from using the standalone installer. (They had more issues with quickstarts, etc than with the actual IS installation). That being said - it does make things easier so I would say lets go with it. If we reach consensus on that then the following question need to be answered. 1. Should we have 2 standalone installers (one for JBDS and one for JBDSIS) or just 1? My opinion is that we stay with 2. The JBDSIS installer is a superset of the JBDS installer and allows users to pick what they want. Also - given the asynchronous release schedule of JBDS and JBDSIS (even if we try to sync as close as possible) - the JBDSIS installer still must be built from the IS devstudio POM. We don't want the situation of the IS components appearing, disappearing and then appearing again. I think the doc/ QE impact is manageable. 2. Should we restrict the JBDSIS component content to released plugins only or can it have early access content? My opinion is that we stay with released content only. In theory if the installer was made available from a clearly marked EA URL then it's no different than the user selecting 'Enable Early Access' - but it's probably safer to restrict the content to released IS components. 3. There are no blocker issues with this. I can create a separate Jira for the second screen-shot issue above (minor). The first has been addressed. WDYT was (Author: pleacu): Greetings all watchers... What do we collectively want to do with this Jira from here? The prototype JBDSIS standalone installer works well and does facilitate the installation of integration stack tooling (like Fuse Tooling or Teiid Designer). The latest user experience testing has shown that the latest batch of users didn't find the existing install scenario that different from using the standalone installer. (They had more issues with quickstarts, etc than with the actual IS installation). That being said - it does make things easier so I would say lets go with it. If we reach consensus on that then the following question need to be answered. 1. Should we have 2 standalone installers (one for JBDS and one for JBDSIS) or just 1? My opinion is that we stay with 2. The JBDSIS installer is a superset of the JBDS installer and allows users to pick what they want. Also - given the asynchronous release schedule of JBDS and JBDSIS (even if we try to sync as close as possible) - the JBDSIS installer still must be built from the IS devstudio POM. We don't want the situation of the IS components appearing, disappearing and then appearing again. I think the doc/ QE impact is manageable. 2. Should we restrict the JBDSIS component content to released plugins only or can it have early access content? My opinion is that we stay with released content only. In theory if the installer was made available from a clearly marked EA URL then it's no different than the user selecting 'Enable Early Access' - but it's probably safer to restrict the content to released IS components. 3. There are no blocker issues with this. I can create a separate Jira for the second screen-shot issue above (minor). The first has been addressed. WDYT > JBDS-IS Installer support > ------------------------- > > Key: JBDS-3276 > URL: https://issues.jboss.org/browse/JBDS-3276 > Project: Developer Studio (JBoss Developer Studio) > Issue Type: Feature Request > Components: installer, integration-platform, requirements > Affects Versions: 8.0.0.GA > Reporter: Burr Sutter > Assignee: Paul Leacu > Fix For: 9.1.0.Beta1 > > Attachments: Red Hat JBoss Developer Studio 9.0.0.Alpha2_105.png, EA.png, jbds-is-about.png, JBDSIS_installer_9.png, JBDSIS_installer_space.png, mirroringlog.txt, sai1.png > > > As a Fuse, integration-focused developer, I need a downloadable installer that will allow me to quickly and easily install JBDS with Fuse capabilities. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

by Fred Bricon (JIRA)

[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.... ] Fred Bricon commented on JBDS-3560: ----------------------------------- So the m2e archetype feature also embeds a version of vulnerable commons-collections, that we need to fix upstream (even though it's not really vulnerable, just makes people cringy) > Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580) > ------------------------------------------------------------------------- > > Key: JBDS-3560 > URL: https://issues.jboss.org/browse/JBDS-3560 > Project: Developer Studio (JBoss Developer Studio) > Issue Type: Bug > Components: upstream > Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1 > Reporter: Nick Boldt > Assignee: Max Rydahl Andersen > Fix For: 9.1.0.Beta1, 10.0.0.Alpha1 > > Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt > > > This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580 > Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBDS-3560) Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580)

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-3560?page=com.atlassian.jira.plugin.... ] Nick Boldt commented on JBDS-3560: ---------------------------------- I checked a couple of the plugins[1],[2] (didn't see any features) that depend on a.commons.collections and they only state a dependency on 3.2.0+ in their manifests. So if our TP includes 3.2.2 instead of 3.2.0, that should be installed instead. [1] o.apache.velocity 1.5.0 [2] o.j.t.hibernate.runtime 3 5 or 3 6 > Arbitrary remote code execution with InvokerTransformer (COLLECTIONS-580) > ------------------------------------------------------------------------- > > Key: JBDS-3560 > URL: https://issues.jboss.org/browse/JBDS-3560 > Project: Developer Studio (JBoss Developer Studio) > Issue Type: Bug > Components: upstream > Affects Versions: 8.1.0.GA, 9.0.0.GA, 10.0.0.Alpha1 > Reporter: Nick Boldt > Assignee: Max Rydahl Andersen > Fix For: 9.1.0.Beta1, 10.0.0.Alpha1 > > Attachments: apache-commons-collections-in-JBDS7,8,9,10.png, apache-commons-collections-in-JBDS7,8,9,10_refs1.png, apache-commons-collections-in-JBDS7,8,9,10_refs10.png, apache-commons-collections-in-JBDS7,8,9,10_refs7.png, apache-commons-collections-in-JBDS7,8,9,10_refs8-IS-fuse.png, apache-commons-collections-in-JBDS7,8,9,10_refs8.png, apache-commons-collections-in-JBDS7,8,9,10_refs9.png, orbit.R20150519210750_vs_I20151117200049.log.txt, orbit.R20150519210750_vs_I20151117200049.log_onlyLatest.txt > > > This is a container issue to wrap & track https://issues.apache.org/jira/browse/COLLECTIONS-580 > Problem is that JBDS 9 (and probably 8 and 10 too) include org.apache.commons.collections 3.2.0.v2013030210310, which is affected by COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-20609) More accessible and visible Early Access content

by Mickael Istria (JIRA)

[ https://issues.jboss.org/browse/JBIDE-20609?page=com.atlassian.jira.plugi... ] Mickael Istria commented on JBIDE-20609: ---------------------------------------- Up! > More accessible and visible Early Access content > ------------------------------------------------ > > Key: JBIDE-20609 > URL: https://issues.jboss.org/browse/JBIDE-20609 > Project: Tools (JBoss Tools) > Issue Type: Feature Request > Components: central > Reporter: Mickael Istria > Assignee: Mickael Istria > Fix For: 4.3.1.Beta1, 4.4.0.Alpha1 > > > In order to make early-access content more accessible, we can improve the workflow of making EA connectors visible -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-21096) Cannot extract central page when the user's home directory contains spaces

by Radim Hopp (JIRA)

[ https://issues.jboss.org/browse/JBIDE-21096?page=com.atlassian.jira.plugi... ] Radim Hopp closed JBIDE-21096. ------------------------------ Verified on 9.0.1.Beta1-v20151116-1019-B139 on Windows 10. Closing. > Cannot extract central page when the user's home directory contains spaces > -------------------------------------------------------------------------- > > Key: JBIDE-21096 > URL: https://issues.jboss.org/browse/JBIDE-21096 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: central > Affects Versions: 4.3.1.Beta1 > Environment: Windows 8.1, Mars.1 Release (4.5.1), http://download.jboss.org/jbosstools/mars/snapshots/builds/jbosstools-bui... > Reporter: Pavol Srna > Assignee: Fred Bricon > Priority: Blocker > Fix For: 4.3.1.Beta1 > > Attachments: central.png > > > {code} > An internal error occurred during: "Extract Central page". > java.net.URISyntaxException: Illegal character in path at index 19: file:/C:/Users/Pali Srna/.p2/pool/plugins/org.jboss.tools.central_2.0.1.Beta1-v20151110-2120-B55/resources/jbosstools-central-webpage.zip > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 4 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbosstools-issues November 2015