Permalink
Browse files

Removed UPnP protocol due to XXE vulnerability in Cling library

  • Loading branch information...
christianbauer committed Sep 26, 2018
1 parent 1c955e3 commit c81544fc0edf16c0230fa71fc01f410c254a4b84
View
@@ -58,7 +58,6 @@ org.bouncycastle:bcpkix-jdk15on: BOUNCYCASTLE LICENSE
org.bouncycastle:bcprov-jdk15on: BOUNCYCASTLE LICENSE
org.codehaus.btm:btm: GNU LESSER GENERAL PUBLIC LICENSE, VERSION 3
org.codehaus.groovy:*: APACHE LICENSE, VERSION 2.0
org.fourthline.cling:cling-core: GNU LESSER GENERAL PUBLIC LICENSE, VERSION 2.1
org.hibernate.common:hibernate-commons-annotations: GNU LESSER GENERAL PUBLIC LICENSE, VERSION 2.1
org.hibernate.javax.persistence:hibernate-jpa-2.1-api: ECLIPSE DISTRIBUTION LICENSE, VERSION 1.0
org.hibernate:hibernate-core: GNU LESSER GENERAL PUBLIC LICENSE, VERSION 2.1
View
@@ -24,8 +24,6 @@ dependencies {
exclude group: "org.slf4j"
}
compile "org.fourthline.cling:cling-core:$clingVersion"
compile "net.sf.saxon:Saxon-HE:$saxonHEVersion"
}

This file was deleted.

Oops, something went wrong.
@@ -2,7 +2,6 @@ org.openremote.agent.protocol.simulator.SimulatorProtocol
org.openremote.agent.protocol.macro.MacroProtocol
org.openremote.agent.protocol.timer.TimerProtocol
org.openremote.agent.protocol.knx.KNXProtocol
org.openremote.agent.protocol.upnp.UpnpProtocol
org.openremote.agent.protocol.velbus.VelbusSocketProtocol
org.openremote.agent.protocol.velbus.VelbusSerialProtocol
org.openremote.agent.protocol.http.HttpClientProtocol
@@ -22,9 +22,6 @@ repositories {
maven {
url "http://m2repo.openremote.com/content/groups/public/"
}
maven {
url "http://4thline.org/m2"
}
}
apply plugin: "com.android.library"
View
@@ -34,7 +34,6 @@ sunriseSunsetCalculatorVersion = 1.2
easyRulesVersion = 3.1.0
quartzVersion= 2.2.3
calimeroVersion = 2.4-SNAPSHOT
clingVersion = 2.1.1
uuidGeneratorVersion = 3.1.3
nrjavaserialVersion = 3.13.0
saxonHEVersion = 9.8.0-3
@@ -20,7 +20,6 @@
package org.openremote.manager.setup.builtin;
import org.openremote.agent.protocol.knx.KNXProtocol;
import org.openremote.agent.protocol.upnp.UpnpProtocol;
import org.openremote.agent.protocol.velbus.VelbusSerialProtocol;
import org.openremote.container.Container;
import org.openremote.manager.setup.AbstractManagerSetup;
@@ -49,8 +48,6 @@
public static final String SETUP_IMPORT_DEMO_AGENT_VELBUS = "SETUP_IMPORT_DEMO_AGENT_VELBUS";
public static final String SETUP_IMPORT_DEMO_AGENT_VELBUS_COM_PORT = "SETUP_IMPORT_DEMO_AGENT_VELBUS_COM_PORT";
public static final String SETUP_IMPORT_DEMO_AGENT_UPNP = "SETUP_IMPORT_DEMO_AGENT_UPNP";
public String masterRealmId;
final protected boolean knx;
@@ -60,8 +57,6 @@
final protected boolean velbus;
final protected String velbusComPort;
final protected boolean upnp;
public ManagerDemoAgentSetup(Container container) {
super(container);
@@ -71,8 +66,6 @@ public ManagerDemoAgentSetup(Container container) {
this.velbus = getBoolean(container.getConfig(), SETUP_IMPORT_DEMO_AGENT_VELBUS, false);
this.velbusComPort = getString(container.getConfig(), SETUP_IMPORT_DEMO_AGENT_VELBUS_COM_PORT, "COM3");
this.upnp = getBoolean(container.getConfig(), SETUP_IMPORT_DEMO_AGENT_UPNP, false);
}
@Override
@@ -111,19 +104,6 @@ public void onStart() throws Exception {
velbusDevices = assetStorageService.merge(velbusDevices);
}
if (upnp) {
LOG.info("Enable UPnP demo protocol configuration");
Asset upnpDevices = new Asset("UPnP Devices", THING, agent, masterRealmId);
upnpDevices = assetStorageService.merge(upnpDevices);
agent.addAttributes(
initProtocolConfiguration(new AssetAttribute("upnpConfig"), UpnpProtocol.PROTOCOL_NAME)
.addMeta(
// TODO Protocols should create these grouping assets automatically and import assets underneath for each protocol configuration
new MetaItem(UpnpProtocol.GROUP_ASSET_ID, Values.create(upnpDevices.getId()))
)
);
}
agent = assetStorageService.merge(agent);
}
}
View
@@ -121,15 +121,13 @@ services:
#
# - KNX IP gateway
# - Velbus IP gateway or serial bridge
# - UPnP (asset discovery only)
#
SETUP_IMPORT_DEMO_AGENT: 'true'
SETUP_IMPORT_DEMO_AGENT_KNX: 'false'
# SETUP_IMPORT_DEMO_AGENT_KNX_GATEWAY_IP: '10.0.0.11'
# SETUP_IMPORT_DEMO_AGENT_KNX_LOCAL_IP: '10.0.0.12'
SETUP_IMPORT_DEMO_AGENT_VELBUS: 'false'
# SETUP_IMPORT_DEMO_AGENT_VELBUS_COM_PORT: 'COM3'
SETUP_IMPORT_DEMO_AGENT_UPNP: 'false'
# TODO: Additional docker settings are necessary to use com ports and multicast from within containers
# The public host name of this OpenRemote installation. This name is used in bearer tokens
View
@@ -28,9 +28,6 @@ repositories {
maven {
url "http://m2repo.openremote.com/content/groups/public/"
}
maven {
url "http://4thline.org/m2"
}
}
// Eclipse needs help

0 comments on commit c81544f

Please sign in to comment.