@@ -171,9 +171,6 @@ | |||
<systemProperty>archiva.cassandra.configuration.file=%ARCHIVA_BASE%/conf/archiva-cassandra.properties</systemProperty> | |||
<systemProperty>org.apache.jackrabbit.core.state.validatehierarchy=true</systemProperty> | |||
</systemProperties> | |||
<extraArguments> | |||
<extraArgument>-XX:MaxPermSize=128m</extraArgument> | |||
</extraArguments> | |||
<initialMemorySize>512</initialMemorySize> | |||
<maxMemorySize>512</maxMemorySize> | |||
</jvmSettings> | |||
@@ -253,6 +250,8 @@ | |||
<finalName>apache-archiva-${project.version}</finalName> | |||
</configuration> | |||
</plugin> | |||
</plugins> | |||
<pluginManagement> | |||
<plugins> |
@@ -131,10 +131,7 @@ | |||
<artifactId>maven-surefire-plugin</artifactId> | |||
<configuration> | |||
<reuseForks>false</reuseForks> | |||
<!-- | |||
<argLine>-Xms1024m -Xmx2048m -server -XX:MaxPermSize=256m @{jacocoproperty}</argLine> | |||
--> | |||
<argLine>-Xms512m -Xmx1024m -server -XX:MaxPermSize=256m</argLine> | |||
<argLine>-Xms512m -Xmx1024m -server</argLine> | |||
<systemPropertyVariables> | |||
<appserver.base>${project.build.directory}/appserver-base</appserver.base> | |||
<plexus.home>${project.build.directory}/appserver-base</plexus.home> |
@@ -564,10 +564,7 @@ | |||
<artifactId>maven-surefire-plugin</artifactId> | |||
<configuration> | |||
<reuseForks>false</reuseForks> | |||
<!-- | |||
<argLine>-Xms1024m -Xmx2048m -server -XX:MaxPermSize=256m @{jacocoproperty}</argLine> | |||
--> | |||
<argLine>-Xms1024m -Xmx2048m -server -XX:MaxPermSize=256m</argLine> | |||
<argLine>-Xms1024m -Xmx2048m -server</argLine> | |||
<systemPropertyVariables> | |||
<appserver.base>${project.build.directory}/appserver-base</appserver.base> | |||
<plexus.home>${project.build.directory}/appserver-base</plexus.home> |
@@ -554,6 +554,7 @@ | |||
<exclude>src/test/repositories/test-repo/**</exclude> | |||
<exclude>src/main/resources/META-INF/services/*</exclude> | |||
<exclude>src/main/resources/META-INF/cxf/*</exclude> | |||
<exclude>src/main/resources/META-INF/owasp/cve-suppressions.xml</exclude> | |||
</excludes> | |||
</configuration> | |||
</plugin> | |||
@@ -828,6 +829,24 @@ | |||
</configuration> | |||
</plugin> | |||
<plugin> | |||
<groupId>org.owasp</groupId> | |||
<artifactId>dependency-check-maven</artifactId> | |||
<version>5.3.2</version> | |||
<configuration> | |||
<skipProvidedScope>true</skipProvidedScope> | |||
<failBuildOnCVSS>8</failBuildOnCVSS> | |||
<suppressionFile>${project.basedir}/src/main/resources/META-INF/owasp/cve-suppressions.xml</suppressionFile> | |||
</configuration> | |||
<executions> | |||
<execution> | |||
<goals> | |||
<goal>check</goal> | |||
</goals> | |||
</execution> | |||
</executions> | |||
</plugin> | |||
</plugins> | |||
</build> | |||
@@ -0,0 +1,67 @@ | |||
<?xml version="1.0" encoding="UTF-8"?> | |||
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> | |||
<suppress until="2020-09-01Z"> | |||
<notes><![CDATA[ | |||
file name: jackson-mapper-asl-1.9.2.jar is a dependency of cassandra - Waiting for update of cassandra | |||
]]></notes> | |||
<packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl> | |||
<cpe>cpe:/a:fasterxml:jackson-mapper-asl</cpe> | |||
<cpe>cpe:/a:fasterxml:jackson</cpe> | |||
<vulnerabilityName>CVE-2017-15095</vulnerabilityName> | |||
<vulnerabilityName>CVE-2017-7525</vulnerabilityName> | |||
<vulnerabilityName>CVE-2017-17485</vulnerabilityName> | |||
<vulnerabilityName>CVE-2018-5968</vulnerabilityName> | |||
<vulnerabilityName>CVE-2018-14718</vulnerabilityName> | |||
<vulnerabilityName>CVE-2018-7489</vulnerabilityName> | |||
<vulnerabilityName>CVE-2018-1000873</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-14540</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-14893</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-16335</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-17267</vulnerabilityName> | |||
<vulnerabilityName>CVE-2020-10672</vulnerabilityName> | |||
<vulnerabilityName>CVE-2020-10673</vulnerabilityName> | |||
</suppress> | |||
<suppress> | |||
<notes><![CDATA[ | |||
False positive for oak-jcr packages | |||
]]></notes> | |||
<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/oak\-.*@.*$</packageUrl> | |||
<cpe>cpe:/a:apache:jackrabbit</cpe> | |||
</suppress> | |||
<suppress> | |||
<notes><![CDATA[ | |||
False positive for oak-segment-tar-1.30.0.jar: netty-transport-4.1.14.Final.jar | |||
Updated netty to higher version | |||
]]></notes> | |||
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-transport@.*$</packageUrl> | |||
<cpe>cpe:/a:netty:netty</cpe> | |||
<vulnerabilityName>CVE-2020-11612</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-20445</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-20444</vulnerabilityName> | |||
</suppress> | |||
<suppress> | |||
<notes><![CDATA[ | |||
False positive for oak-segment-tar-1.30.0.jar: netty-transport-4.1.14.Final.jar | |||
Updated netty to higher version | |||
]]></notes> | |||
<packageUrl regex="true">^.*oak-segment-tar.*$</packageUrl> | |||
<cpe>cpe:/a:netty:netty</cpe> | |||
<vulnerabilityName>CVE-2020-11612</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-20445</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-20444</vulnerabilityName> | |||
</suppress> | |||
<suppress> | |||
<notes><![CDATA[ | |||
file name: oak-segment-tar-1.30.0.jar: netty-codec-4.1.14.Final.jar | |||
]]></notes> | |||
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl> | |||
<cpe>cpe:/a:netty:netty</cpe> | |||
<vulnerabilityName>CVE-2020-11612</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-20445</vulnerabilityName> | |||
<vulnerabilityName>CVE-2019-20444</vulnerabilityName> | |||
</suppress> | |||
</suppressions> |
@@ -31,7 +31,7 @@ | |||
<properties> | |||
<site.staging.base>${project.parent.parent.basedir}</site.staging.base> | |||
<cassandraVersion>3.11.2</cassandraVersion> | |||
<cassandraVersion>3.11.6</cassandraVersion> | |||
</properties> | |||
<dependencies> | |||
@@ -143,6 +143,7 @@ | |||
<groupId>org.jboss.logging</groupId> | |||
<artifactId>jboss-logging</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
@@ -169,24 +170,57 @@ | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.cassandra</groupId> | |||
<artifactId>cassandra-thrift</artifactId> | |||
<version>3.11.2</version> | |||
<version>${cassandraVersion}</version> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>javax.servlet</groupId> | |||
<artifactId>servlet-api</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>org.apache.ant</groupId> | |||
<artifactId>ant</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.thrift</groupId> | |||
<artifactId>libthrift</artifactId> | |||
<version>0.13.0</version> | |||
</dependency> | |||
<!-- | |||
<dependency> | |||
<groupId>org.codehaus.jackson</groupId> | |||
<artifactId>jackson-core-asl</artifactId> | |||
<version>1.9.13</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.jackson</groupId> | |||
<artifactId>jackson-mapper-asl</artifactId> | |||
<version>1.9.13</version> | |||
</dependency> | |||
--> | |||
<!-- Transitive dependency. Declared here to increase the version. --> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-all</artifactId> | |||
<version>${netty.version}</version> | |||
</dependency> | |||
<!-- Is a dependency of cassandra -> hibernate-validator and replaced by new version --> | |||
<dependency> | |||
<groupId>org.jboss.logging</groupId> | |||
<artifactId>jboss-logging</artifactId> | |||
</dependency> | |||
<!-- Dependency of cassandra -> replacing by new version --> | |||
<dependency> | |||
<groupId>org.hibernate</groupId> | |||
<artifactId>hibernate-validator</artifactId> | |||
<version>4.3.2.Final</version> | |||
</dependency> | |||
<!-- TEST Scope --> | |||
@@ -236,6 +270,7 @@ | |||
</dependencies> | |||
<build> | |||
<testResources> | |||
<testResource> |
@@ -84,6 +84,32 @@ | |||
<dependency> | |||
<groupId>org.apache.jackrabbit</groupId> | |||
<artifactId>oak-segment-tar</artifactId> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-transport</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-resolver</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-handler</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-common</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-codec</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-buffer</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.jackrabbit</groupId> | |||
@@ -113,6 +139,34 @@ | |||
<groupId>org.apache.jackrabbit</groupId> | |||
<artifactId>oak-core</artifactId> | |||
</dependency> | |||
<!-- netty is a transitive dependencies of oak-segment-tar | |||
increasing version --> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-transport</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-resolver</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-handler</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-common</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-codec</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-buffer</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>javax.inject</groupId> |
@@ -44,8 +44,6 @@ import org.apache.jackrabbit.oak.plugins.index.lucene.hybrid.LocalIndexObserver; | |||
import org.apache.jackrabbit.oak.plugins.index.lucene.hybrid.NRTIndexFactory; | |||
import org.apache.jackrabbit.oak.plugins.index.lucene.property.PropertyIndexCleaner; | |||
import org.apache.jackrabbit.oak.plugins.index.lucene.reader.DefaultIndexReaderFactory; | |||
import org.apache.jackrabbit.oak.plugins.index.lucene.score.ScorerProviderFactory; | |||
import org.apache.jackrabbit.oak.plugins.index.lucene.score.impl.ScorerProviderFactoryImpl; | |||
import org.apache.jackrabbit.oak.plugins.index.lucene.util.IndexDefinitionBuilder; | |||
import org.apache.jackrabbit.oak.plugins.index.search.ExtractedTextCache; | |||
import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants; | |||
@@ -142,7 +140,6 @@ public class OakRepositoryFactory | |||
private LuceneIndexProvider indexProvider; | |||
private ScorerProviderFactory scorerFactory = new ScorerProviderFactoryImpl( ); | |||
private IndexAugmentorFactory augmentorFactory = new IndexAugmentorFactory( ); | |||
private ActiveDeletedBlobCollectorFactory.ActiveDeletedBlobCollector activeDeletedBlobCollector = ActiveDeletedBlobCollectorFactory.NOOP; | |||
@@ -396,7 +393,7 @@ public class OakRepositoryFactory | |||
tracker = createTracker(); | |||
indexProvider = new LuceneIndexProvider(tracker, scorerFactory, augmentorFactory); | |||
indexProvider = new LuceneIndexProvider(tracker, augmentorFactory); | |||
initialize(); | |||
registerObserver(); |
@@ -217,8 +217,6 @@ | |||
</reportSets> | |||
</plugin> | |||
</plugins> | |||
</reporting> | |||
@@ -74,7 +74,8 @@ | |||
<javax.jcr.version>2.0</javax.jcr.version> | |||
<!-- If you change the JCR OAK version, you may have to update the pom.xml in the module oak-jcr-lucene | |||
to adapt to dependency changes --> | |||
<jcr-oak.version>1.22.3</jcr-oak.version> | |||
<jcr-oak.version>1.30.0</jcr-oak.version> | |||
<netty.version>4.1.50.Final</netty.version> | |||
<!-- Jackrabbit classes are still used for webdav --> | |||
@@ -502,6 +503,64 @@ | |||
<groupId>org.apache.jackrabbit</groupId> | |||
<artifactId>oak-segment-tar</artifactId> | |||
<version>${jcr-oak.version}</version> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-transport</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-resolver</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-handler</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-common</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-codec</artifactId> | |||
</exclusion> | |||
<exclusion> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-buffer</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<!-- netty is a transitive dependencies of oak-segment-tar | |||
increasing version --> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-transport</artifactId> | |||
<version>${netty.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-resolver</artifactId> | |||
<version>${netty.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-handler</artifactId> | |||
<version>${netty.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-common</artifactId> | |||
<version>${netty.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-codec</artifactId> | |||
<version>${netty.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>io.netty</groupId> | |||
<artifactId>netty-buffer</artifactId> | |||
<version>${netty.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.jackrabbit</groupId> | |||
@@ -1351,6 +1410,14 @@ | |||
</dependency> | |||
<!-- Transitive dependency - fixing version --> | |||
<dependency> | |||
<groupId>com.google.guava</groupId> | |||
<artifactId>guava</artifactId> | |||
<version>29.0-jre</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.xmlunit</groupId> | |||
<artifactId>xmlunit-core</artifactId> | |||
@@ -1818,6 +1885,10 @@ | |||
</execution> | |||
</executions> | |||
</plugin> | |||
</plugins> | |||
<pluginManagement> | |||
<plugins> |