[WFLY-18007] Upgrade xalan to 2.7.3 (CVE-2022-34169)

Type: Component Upgrade
Resolution: Done
Priority: Major
Fix Version/s: 29.0.0.Alpha1, 28.0.1.Final, 29.0.0.Beta1, 29.0.0.Final
Affects Version/s: None
Component/s: Test Suite
Labels:
None

Git Pull Request:
https://github.com/wildfly/wildfly/pull/16831, https://github.com/wildfly/wildfly/pull/16832
[QE] How to address?:
---
[QE] Why QE missed?:
---

This is a test-only dependency.

Resolves https://nvd.nist.gov/vuln/detail/CVE-2022-34169

relates to

WFLY-17963 Replace use of testsuite/integration/src/test/scripts/common-targets.xml with yaml

Open

Brian Stansberry added a comment - 2023/07/31 7:33 PM

Bulk closing issues resolved in the 29.0.0.Final release.

Brian Stansberry added a comment - 2023/07/31 7:33 PM Bulk closing issues resolved in the 29.0.0.Final release.

Farah Juma added a comment - 2023/05/11 1:34 AM

It turns out that we just needed to add a plugin dependency on xalan:serializer as xalan:xalan:2.7.3 no longer brings it transitively. Thanks bstansbe@redhat.com for finding that!

Farah Juma added a comment - 2023/05/11 1:34 AM It turns out that we just needed to add a plugin dependency on xalan:serializer as xalan:xalan:2.7.3 no longer brings it transitively. Thanks bstansbe@redhat.com for finding that!

Farah Juma added a comment - 2023/05/10 9:24 PM

The hoped for fix for this is WFLY-17963. More details can also be found in this Zulip thread.

Farah Juma added a comment - 2023/05/10 9:24 PM The hoped for fix for this is WFLY-17963 . More details can also be found in this Zulip thread .

Farah Juma added a comment - 2023/05/10 4:47 PM

Upgrading from xalan 2.7.1 to 2.7.2 succeeds but upgrading to 2.7.3 results in the following error:

An Ant BuildException has occured: The following error occurred while executing this line:
[ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/iiop-build.xml:13: The following error occurred while executing this line:
[ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/common-targets.xml:177: java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace
[ERROR] around Ant part ...<ant antfile="/home/fjuma/Documents/wildfly/testsuite/integration/iiop/../src/test/scripts/iiop-build.xml">... @ 4:127 in /home/fjuma/Documents/wildfly/testsuite/integration/iiop/target/antrun/build-main.xml

Farah Juma added a comment - 2023/05/10 4:47 PM Upgrading from xalan 2.7.1 to 2.7.2 succeeds but upgrading to 2.7.3 results in the following error: An Ant BuildException has occured: The following error occurred while executing this line: [ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/iiop-build.xml:13: The following error occurred while executing this line: [ERROR] /home/fjuma/Documents/wildfly/testsuite/integration/src/test/scripts/common-targets.xml:177: java.lang.NoClassDefFoundError: org/apache/xml/serializer/SerializerTrace [ERROR] around Ant part ...<ant antfile= "/home/fjuma/Documents/wildfly/testsuite/integration/iiop/../src/test/scripts/iiop-build.xml" >... @ 4:127 in /home/fjuma/Documents/wildfly/testsuite/integration/iiop/target/antrun/build-main.xml

Assignee:: Farah Juma

Reporter:: Farah Juma

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2023/05/09 9:29 PM

Updated:: 2024/05/16 4:54 PM

Resolved:: 2023/05/11 2:14 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Brian Stansberry added a comment - 2023/07/31 7:33 PM

Expand comment: Brian Stansberry added a comment - 2023/07/31 7:33 PM

Collapse comment: Farah Juma added a comment - 2023/05/11 1:34 AM

Expand comment: Farah Juma added a comment - 2023/05/11 1:34 AM

Collapse comment: Farah Juma added a comment - 2023/05/10 9:24 PM

Expand comment: Farah Juma added a comment - 2023/05/10 9:24 PM

Collapse comment: Farah Juma added a comment - 2023/05/10 4:47 PM

Expand comment: Farah Juma added a comment - 2023/05/10 4:47 PM

People

Dates