Skip to content

Commit

Permalink
Merge branch '3.8' of https://github.com/JumpMind/symmetric-ds.git in…
Browse files Browse the repository at this point in the history 
…to 3.8
  • Loading branch information
@jumpmind-josh
jumpmind-josh committed Dec 13, 2017
2 parents 4da3bf6 + 05e197f commit cf5d78e
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 19 deletions.
20 changes: 12 additions & 8 deletions symmetric-assemble/build.gradle
View file
Expand Up @@ -64,7 +64,7 @@ project(":symmetric-wrapper") {
dependencies {
compile "net.java.dev.jna:jna:$jnaVersion"
compile "net.java.dev.jna:jna-platform:$jnaVersion"
compile "bouncycastle:bcprov-jdk15:$bouncyCastleVersion"
compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion"
provided "org.codehaus.mojo:animal-sniffer-annotations:$animalSnifferVersion"
testCompile project(path: ':symmetric-util', configuration: 'testArtifacts')
}
Expand All @@ -86,7 +86,7 @@ project(':symmetric-util') {
compile "commons-io:commons-io:$commonsIoVersion"
compile "commons-codec:commons-codec:$commonsCodecVersion"
compile "commons-collections:commons-collections:$commonsCollectionVersion"
compile "bouncycastle:bcprov-jdk15:$bouncyCastleVersion"
compile "org.bouncycastle:bcprov-jdk15on:$bouncyCastleVersion"
provided "org.codehaus.mojo:animal-sniffer-annotations:$animalSnifferVersion"
}
}
Expand Down Expand Up @@ -189,7 +189,13 @@ project(':symmetric-client') {

provided "org.mongodb:mongo-java-driver:2.12.3"
provided "org.codehaus.mojo:animal-sniffer-annotations:$animalSnifferVersion"
provided "com.amazonaws:aws-java-sdk:1.9.17"
provided ("com.amazonaws:aws-java-sdk:1.9.17") {
exclude group: 'org.apache.httpcomponents'
exclude group: 'commons-logging'
exclude group: 'com.fasterxml.jackson.core'
exclude group: 'commons-codec'
}
provided 'org.apache.httpcomponents:httpclient:4.5.4' // This is required by com.amazonaws:aws-java-sdk. It is called out here to upgrade the version because of a user's security concerns.

testCompile project(path: ':symmetric-util', configuration: 'testArtifacts')
testCompile project(path: ':symmetric-io', configuration: 'testArtifacts')
Expand All @@ -214,17 +220,15 @@ project(':symmetric-server') {
compile "org.jdom:jdom:1.1"
compile ("com.mangofactory:swagger-springmvc:0.6.5") {
exclude group: 'asm'
exclude group: 'com.fasterxml.jackson.core'
}
compile "com.fasterxml.jackson.core:jackson-databind:2.8.10" // This is required by com.mangofactory:swagger-springmvc. It is called out here to upgrade the version because of a user's security concerns.

compile project(":symmetric-wrapper")

provided "javax.jms:jms-api:1.1-rev-1"
provided "org.mongodb:mongo-java-driver:2.12.3"
provided "org.codehaus.mojo:animal-sniffer-annotations:$animalSnifferVersion"
provided ("com.amazonaws:aws-java-sdk:1.8.9.1") {
exclude group: 'commons-logging'
exclude group: 'com.fasterxml.jackson.core'
exclude group: 'commons-codec'
}
compile "javax.servlet:javax.servlet-api:$servletVersion"
provided "org.eclipse.jetty:jetty-annotations:$jettyVersion"
provided "org.eclipse.jetty:jetty-servlets:$jettyVersion"
Expand Down
13 changes: 8 additions & 5 deletions symmetric-assemble/common.gradle
View file
Expand Up @@ -147,15 +147,15 @@ subprojects { subproject ->

ext {
bshVersion = '2.0b5'
commonsBeanUtilsVersion = '1.9.2'
commonsBeanUtilsVersion = '1.9.3'
commonsCliVersion = '1.2'
commonsDbcpVersion = '1.3'
commonsFileuploadVersion = '1.3'
commonsFileuploadVersion = '1.3.3'
commonsIoVersion = '2.4'
commonsLangVersion = '2.6'
commonsNetVersion = '3.3'
commonsCodecVersion = '1.3'
commonsCollectionVersion = '3.2'
commonsCollectionVersion = '3.2.2'
hamcrestVersion = '1.3'
h2Version = '1.3.176'
derbyVersion = '10.10.2.0'
Expand All @@ -174,10 +174,10 @@ subprojects { subproject ->
powerMockVersion = '1.5.3'
mysqlVersion = '5.1.30'
servletVersion = '3.1.0'
springVersion = '4.2.6.RELEASE'
springVersion = '4.3.13.RELEASE'
jtdsVersion = '1.2.8'
voltDbVersion = '6.2'
bouncyCastleVersion = '140'
bouncyCastleVersion = '1.58'
animalSnifferVersion = '1.10'
jnaVersion = '4.1.0'
jettyVersion = '9.2.18.v20160721'
Expand Down Expand Up @@ -208,7 +208,10 @@ subprojects { subproject ->
exclude group: 'geronimo-spec'
exclude group: 'log4j'
exclude group: 'junit'
exclude group: 'xalan'

}
provided "xalan:xalan:2.7.1" // Required by org.firebirdsql.jdbc:jaybird, but a user's security requirement was for a newer version of xalan.
provided ("net.sf.jt400:jt400:$jt400Version")
provided "com.nuodb.jdbc:nuodb-jdbc:$nuodbVersion"
provided "jdbc.tibero:tibero:$tiberoVersion"
Expand Down
20 changes: 14 additions & 6 deletions symmetric-db/src/main/java/org/jumpmind/db/sql/SqlPersistenceManager.java
View file
Expand Up @@ -8,8 +8,9 @@
import java.util.Map;
import java.util.Set;

import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.beanutils.BeanUtilsBean;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector;
import org.jumpmind.db.model.Column;
import org.jumpmind.db.model.Table;
import org.jumpmind.db.platform.IDatabasePlatform;
Expand All @@ -19,9 +20,16 @@
public class SqlPersistenceManager extends AbstractPersistenceManager {

IDatabasePlatform databasePlatform;

// [BEANUTILS-463]
// Added new SuppressPropertiesBeanIntrospector class to deal with a potential
// class loader vulnerability.
private final BeanUtilsBean BEAN_UTILS = new BeanUtilsBean();

public SqlPersistenceManager(IDatabasePlatform databasePlatform) {
this.databasePlatform = databasePlatform;
BEAN_UTILS.getPropertyUtils().addBeanIntrospector(
SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
}

@Override
Expand All @@ -33,7 +41,7 @@ public <T> T map(Map<String, Object> row, Class<T> clazz, String catalogName, St
Set<String> propertyNames = objectToTableMapping.keySet();
for (String propertyName : propertyNames) {
Object value = row.get(objectToTableMapping.get(propertyName).getName());
BeanUtils.copyProperty(object, propertyName, value);
BEAN_UTILS.copyProperty(object, propertyName, value);
}
return object;
} catch (Exception e) {
Expand Down Expand Up @@ -213,7 +221,7 @@ public <T> List<T> find(Class<T> clazz, Map<String, Object> conditions, String c
Set<String> propertyNames = objectToTableMapping.keySet();
for (String propertyName : propertyNames) {
Object value = row.get(objectToTableMapping.get(propertyName).getName());
BeanUtils.copyProperty(object, propertyName, value);
BEAN_UTILS.copyProperty(object, propertyName, value);
}
objects.add(object);
}
Expand Down Expand Up @@ -251,7 +259,7 @@ public <T> List<T> find(Class<T> clazz, String catalogName, String schemaName, S
Set<String> propertyNames = objectToTableMapping.keySet();
for (String propertyName : propertyNames) {
Object value = row.get(objectToTableMapping.get(propertyName).getName());
BeanUtils.copyProperty(object, propertyName, value);
BEAN_UTILS.copyProperty(object, propertyName, value);
}
objects.add(object);
}
Expand Down Expand Up @@ -292,7 +300,7 @@ public void refresh(Object object, String catalogName, String schemaName, String
Set<String> propertyNames = objectToTableMapping.keySet();
for (String propertyName : propertyNames) {
Object value = row.get(objectToTableMapping.get(propertyName).getName());
BeanUtils.copyProperty(object, propertyName, value);
BEAN_UTILS.copyProperty(object, propertyName, value);
}
}
} catch (Exception e) {
Expand Down Expand Up @@ -352,7 +360,7 @@ protected LinkedHashMap<String, Object> getObjectValuesByColumnName(Object objec
Set<String> propertyNames = objectToTableMapping.keySet();
for (String propertyName : propertyNames) {
objectValuesByColumnName.put(objectToTableMapping.get(propertyName).getName(),
PropertyUtils.getProperty(object, propertyName));
BEAN_UTILS.getProperty(object, propertyName));
}
return objectValuesByColumnName;
} catch (IllegalAccessException e) {
Expand Down

0 comments on commit cf5d78e

Please sign in to comment.