Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.13.5.GA, IBM BAMOE 8.0.5.GA
Affects Version/s: 7.13.4.GA
Component/s: Kie-Server
Labels:
- bamoe-verified
- support

Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

Release Notes
QE Test Coverage:
+
Target Release:

7.13.5.GA
Workaround Description:

Hide

Removing the exclusion from jboss-structure-deployment.xml

Show
Removing the exclusion from jboss-structure-deployment.xml
Git Pull Request:
https://github.com/kiegroup/droolsjbpm-integration/pull/3015, https://github.com/kiegroup/droolsjbpm-integration/pull/3016
[QE] How to address?:
---
[QE] Why QE missed?:
---

SFDC Cases Counter:
SFDC Cases Links:

Description

Implementing a custom endopoint:

@ApiOperation(value = "Completes Specified User Task in a specified KIE Container.", code = 200)
	@ApiResponses(value = { @ApiResponse(code = 500, message = "Unexpected error"),
			@ApiResponse(code = 404, message="User Task Not Found"),
			@ApiResponse(code = 200,message="SUCCESS")/* examples = @Example(value = {
					@ExampleProperty(mediaType ="application/json", value = "NO-Content") }))*/ })
	@PUT
	@Path("containers/{containerId}/tasks/{taskInstanceId}/states/completed")
	@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN })
	@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN })
	public Response completeUserTask(@javax.ws.rs.core.Context HttpHeaders headers,
			@ApiParam(value = "identifier of the Container to be fetched", required = true, example = "Example_1.0.3-SNAPSHOT") @PathParam("containerId") String containerId,
			@ApiParam(value = "identifier of the TaskInstance to be fetched", required = true, example = "12") @PathParam("taskInstanceId") Long taskInstanceId,
			@ApiParam(value = "optional user id to be used instead of authenticated user - only when bypass authenticated user is enabled", required = false) @QueryParam("user") String user,
			@ApiParam(value = "optional flag that allows to directly claim and start task (if needed) before completion", required = false) @QueryParam("auto-progress") boolean autoprogress,
			@ApiParam(value = "Optional Output Variables can be passed to User Task", required = false, examples=@Example(value= {
                    @ExampleProperty(mediaType ="application/json", value=COMPLETE_USERTASK_JSON)})) Map<String, Object> outputvariables)

is faling in RHPAM version 7.13.4

024-01-05 11:15:07,010 | hz0v:13119547 | FUSE-taskjms:pim-case-uber:13119547:41538317 | PAM-WIH:pim-case-uber:13119547:41538317 | ERROR | org.jboss.resteasy.resteasy_ja | RESTEASY002010: Failed to execute: javax.ws.rs.NotSupportedException: RESTEASY003200: Could not find message body reader for type: org.jboss.resteasy.util.Types$1@3d5f3ab6 of content type: application/json
	at org.jboss.resteasy.resteasy-jaxrs@3.15.7.Final-redhat-00001//org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.throwReaderNotFound(ServerReaderInterceptorContext.java:53)
	at org.jboss.resteasy.resteasy-jaxrs@3.15.7.Final-redhat-

The origin seems to be:

https://issues.redhat.com/browse/RHPAM-4700

https://github.com/kiegroup/droolsjbpm-integration/pull/2959/files

A exclusion to use correct snakeyaml. Nowadays (RHPAM 7.13.4+) exclusion is not needed as:

snakeyaml issue has been solved in EAP itself since EAP 7.4.10.

https://access.redhat.com/errata/RHSA-2023:1516
~~~
Security Fix(es):
SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
...
~~~

In addition, EAP 7.4.10+ is required for RHPAM 7.13.3+ https://access.redhat.com/articles/3405381

Attachments

Issue Links

is depended on by

JBPM-10221 Fix assembly for webc,ee7 after RHPAM-4876

Resolved

Activity

People

Assignee:: Toshiya Kobayashi

Reporter:: Alberto Fanjul Alonso

QA Contact:: Daniel Rosa

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2024/01/12 2:58 PM

Updated:: 2024/04/19 8:26 AM

Resolved:: 2024/01/24 1:05 PM