From a9d4f7680a15cd113539d583832b1a7abeeb6267 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 15:24:59 +0200 Subject: update joda-time to version 2.3 --- common/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'common') diff --git a/common/pom.xml b/common/pom.xml index 46f26501f..dba1c60fe 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -67,7 +67,7 @@ joda-time joda-time - 1.6.2 + 2.3 org.slf4j -- cgit v1.2.3 From 8e595eec1e3418e3c71037fc2c3752a243fc49d6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 15:36:27 +0200 Subject: update slf4j to version 1.7.6 --- common/pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'common') diff --git a/common/pom.xml b/common/pom.xml index dba1c60fe..b3fc943ff 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -72,27 +72,27 @@ org.slf4j slf4j-api - 1.7.5 + 1.7.6 org.slf4j slf4j-simple - 1.7.5 + 1.7.6 org.slf4j jcl-over-slf4j - 1.7.5 + 1.7.6 org.slf4j log4j-over-slf4j - 1.7.5 + 1.7.6 org.slf4j jul-to-slf4j - 1.7.5 + 1.7.6 -- cgit v1.2.3 From b9dbd4eed6cb0615a883de2e871e849fb32f1258 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Apr 2014 13:34:52 +0200 Subject: update Axis to axis-1.0_IAIK_1.1.jar - solve problems with possible XML External Entity (XXE) attacks - DocType Declarations are not allowed in axis-1.0_IAIK_1.1.jar --- common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'common') diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java index 102d3a31f..2b816ed4c 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -115,6 +115,8 @@ public class DOMUtils { private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities"; + private static final String DISALLOW_DOCTYPE_FEATURE = + "http://apache.org/xml/features/disallow-doctype-decl"; @@ -514,6 +516,9 @@ public class DOMUtils { parser.setFeature(NAMESPACES_FEATURE, true); parser.setFeature(VALIDATION_FEATURE, true); parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); + parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true); + if (externalSchemaLocations != null) { parser.setProperty( -- cgit v1.2.3 From d3e125d701cbced027c0b1da16aaaa6d3615f3cb Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Apr 2014 14:01:57 +0200 Subject: solve character encording --- .../src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java | 2 +- .../src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'common') diff --git a/common/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java b/common/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java index 59163f112..2ded896d0 100644 --- a/common/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java +++ b/common/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java @@ -38,7 +38,7 @@ import junit.framework.TestCase; public class URLDecoderTest extends TestCase { public void test() throws Exception { - String s = "immerZUA0129<>%==$$%&/()@?{()=} \\\"äöüÄÖÜ?§"; + String s = "immerZUA0129<>%==$$%&/()@?{()=} \\\""; String senc = URLEncoder.encode(s); String sdec = URLDecoder.decode(senc, "ISO-8859-1"); assertEquals(s, sdec); diff --git a/common/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java b/common/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java index 88c74f3ae..5f72c8aad 100644 --- a/common/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java +++ b/common/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java @@ -41,12 +41,12 @@ public class URLEncoderTest extends TestCase { assertEquals(s, senc); } public void testAumlUTF8() throws Exception { - String s = "ä"; + String s = "ä"; String senc = URLEncoder.encode(s, "UTF-8"); assertEquals("%C3%A4", senc); } public void testEncodeDecode() throws Exception { - String s = "AZaz09.-*_ <>%=$%&/()@?{}[]\\\"'äöüÄÖÜߧ"; + String s = "AZaz09.-*_ <>%=$%&/()@?{}[]\\\""; String senc = URLEncoder.encode(s, "UTF-8"); String sdec = URLDecoder.decode(senc, "UTF-8"); assertEquals(s, sdec); -- cgit v1.2.3 From 779030ed2d7091183b3faf13fec57fa270d46c3a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Apr 2014 14:02:19 +0200 Subject: change version to 2.0.1 --- common/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'common') diff --git a/common/pom.xml b/common/pom.xml index b3fc943ff..fffb1a460 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 2.0.0 + 2.0.1 4.0.0 moa-common -- cgit v1.2.3