Migration Guide 1.0.5 - terasolunaorg/terasoluna-gfw GitHub Wiki

Migrating from 1.0.4 to 1.0.5

.. only:: html

 .. contents:: Table of contents
    :depth: 2
    :local:

Main changes in 1.0.5

Main changes in version 1.0.5 are following.

  • Updated the Spring Framework to 3.2.17
  • Improved blank projects

Updated the Spring Framework to 3.2.17

From version 1.0.5, Spring Framework has been updated to 3.2.17.RELEASE.

Improved blank projects

At version 1.0.5, the content of the following has been improved for blank projects.

  • [single#201] [multi#244] Add workaround settings for CVE-2016-5007(Path Matching Inconsistency)

Migration procedures from 1.0.4 to 1.0.5

Migration procedures are as follows.

Note

Legend

Required : This procedure is mandatory.
Required by case : This procedure is mandatory, if conditions match.
Optional : This procedure is recommended. Perform it if you feel the need.
- : This procedure is not required.

[General]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step Procedure MavenMultiple Projects MavenSingle Project EclipseWTP Project
Update dependency libraries Required Required Required

[Spring Security]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step Procedure MavenMultiple Projects MavenSingle Project EclipseWTP Project
Remove the security vulnerability([CVE-2016-5007] MVC Path Matching Inconsistency) Required Required Required

[Apache Commons Fileupload]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step Procedure MavenMultiple Projects MavenSingle Project EclipseWTP Project
Remove the security vulnerability ([CVE-2016-3092] Apache Commons Fileupload) Required by case Required by case Required by case

[Step 1] Update dependency libraries

Update TERASOLUNA Global Framework Common Library and dependency libraries.

.. tabularcolumns:: |p{0.35\linewidth}|p{0.25\linewidth}|p{0.25\linewidth}|p{0.15\linewidth}|
Library Name From version To version Remarks
TERASOLUNA Global Framework Common Library 1.0.4.RELEASE 1.0.5.RELEASE  
Spring Framework 3.2.16.RELEASE 3.2.17.RELEASE  

[Procedure's required cases]

This procedure is required.

[Step 1-1] Using Maven Multiple Projects

This update procedure is for the projects which are generated by using mvn archetype.

Update pom file in your parent project. ($YOUR_MULTIPLE_PROJECT_ROOT/pom.xml)

[Before correction]

<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>1.0.4.RELEASE</version> <!-- ### Need to edit ### -->
</parent>

[After correction]

<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>1.0.5.RELEASE</version> <!-- ### Need to edit ### -->
</parent>

[Step 1-2] Using Maven Single Project

This update procedure is for projects that are generated by using mvn archetype or downloaded from the release site.

Update pom file in your project. ($YOUR_SINGLE_PROJECT/pom.xml)

[Before correction]

<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>1.0.4.RELEASE</version> <!-- ### Need to edit ### -->
</parent>

[After correction]

<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>1.0.5.RELEASE</version> <!-- ### Need to edit ### -->
</parent>

[Step 1-3] Using Eclipse WTP Project

This update procedure is for Eclipse WTP project which is downloaded from the release site.

For update procedures, refer to Update libraries for using Eclipse WTP Project .

[Step 2] Remove the security vulnerability([CVE-2016-5007] MVC Path Matching Inconsistency)

Change settings for removing the security vulnerability [CVE-2016-5007].

[Procedure's required cases]

This procedure is required.

Note that if URLs contain a space intentionally, your application may not operate as expected when this procedure is applied.

[Modification method]

Add the following settings to the spring-mvc.xml.

[Before correction]

<mvc:annotation-driven>
   <!-- omitted -->
</mvc:annotation-driven>

[After correction]

<mvc:annotation-driven>
   <!-- omitted -->
   <mvc:path-matching path-matcher="pathMatcher" />
</mvc:annotation-driven>


<bean id="pathMatcher" class="org.springframework.util.AntPathMatcher">
    <property name="trimTokens" value="false" />
</bean>

For the detail, please refer to the warning of [Setting <sec:intercept-url> element] in Access authorization. ( English or Japanese )


[Step 3] Remove the security vulnerability ([CVE-2016-3092] Apache Commons Fileupload)

It may be necessary to apply this procedure for removing the security vulnerability [CVE-2016-3092].

[Procedure's required cases]

Modification is required when Apache Commons Fileupload(version 1.3.1 or lower) is used.

For the detail, please refer to the warning File Upload. ( English or Japanese )

[Modification method]

Upgrade Apache Commons Fileuploadto 1.3.2 or later.

[Before correction]

<dependency>
    <groupId>commons-fileupload</groupId>
    <artifactId>commons-fileupload</artifactId>
    <version>1.3.1</version>
</dependency>

[After correction]

<dependency>
    <groupId>commons-fileupload</groupId>
    <artifactId>commons-fileupload</artifactId>
    <version>1.3.2</version>
</dependency>

Appendix for 1.0.5

Update libraries for using Eclipse WTP Project

This update procedure is for Eclipse WTP project which is downloaded from the release site.

Note

Legend

[Table Header]
Non : Blank project for none O/R Mapper
JPA : Blank project for JPA
MB2 : Blank project for MyBatis 2
[Marks]
* : target for operations

[Step 1]

Download the Eclipse WTP Project of 1.0.5.RELEASE.

[Step 2]

If Eclipse is running, stop the Eclipse.

[Step 3]

Update(delete and add) jar files in $YOUR_ECLIPSE_WTP_PROJECT/src/main/webapp/WEB-INF/lib.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|
Library Name Delete File Add File Non JPA MB2
TERASOLUNA Global Framework Common Library terasoluna-gfw-common-1.0.4.RELEASE.jar terasoluna-gfw-common-1.0.5.RELEASE.jar * * *
  terasoluna-gfw-web-1.0.4.RELEASE.jar terasoluna-gfw-web-1.0.5.RELEASE.jar * * *
  terasoluna-gfw-security-core-1.0.4.RELEASE.jar terasoluna-gfw-security-core-1.0.5.RELEASE.jar * * *
  terasoluna-gfw-security-web-1.0.4.RELEASE.jar terasoluna-gfw-security-web-1.0.5.RELEASE.jar * * *
  terasoluna-gfw-jpa-1.0.4.RELEASE.jar terasoluna-gfw-jpa-1.0.5.RELEASE.jar   *  
  terasoluna-gfw-mybatis2-1.0.4.RELEASE.jar terasoluna-gfw-mybatis2-1.0.5.RELEASE.jar     *
Spring Framework spring-aop-3.2.16.RELEASE.jar spring-aop-3.2.17.RELEASE.jar * * *
  spring-aspects-3.2.16.RELEASE.jar spring-aspects-3.2.17.RELEASE.jar * * *
  spring-beans-3.2.16.RELEASE.jar spring-beans-3.2.17.RELEASE.jar * * *
  spring-context-3.2.16.RELEASE.jar spring-context-3.2.17.RELEASE.jar * * *
  spring-context-support-3.2.16.RELEASE.jar spring-context-support-3.2.17.RELEASE.jar * * *
  spring-core-3.2.16.RELEASE.jar spring-core-3.2.17.RELEASE.jar * * *
  spring-expression-3.2.16.RELEASE.jar spring-expression-3.2.17.RELEASE.jar * * *
  spring-jdbc-3.2.16.RELEASE.jar spring-jdbc-3.2.17.RELEASE.jar * * *
  spring-orm-3.2.16.RELEASE.jar spring-orm-3.2.17.RELEASE.jar * * *
  spring-tx-3.2.16.RELEASE.jar spring-tx-3.2.17.RELEASE.jar * * *
  spring-web-3.2.16.RELEASE.jar spring-web-3.2.17.RELEASE.jar * * *
  spring-webmvc-3.2.16.RELEASE.jar spring-webmvc-3.2.17.RELEASE.jar * * *

[Step 4]

Update(delete and add) jar files in $YOUR_ECLIPSE_WTP_PROJECT/testlib.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|
Library Name Delete File Add File Non JPA MB2
Spring TestContext Framework spring-test-3.2.16.RELEASE.jar spring-test-3.2.17.RELEASE.jar * * *

[Step 5]

Update(delete and add) source jar files in $YOUR_ECLIPSE_WTP_PROJECT/libsrc.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|
Library Name Delete File Add File Non JPA MB2
TERASOLUNA Global Framework Common Library terasoluna-gfw-common-1.0.4.RELEASE-sources.jar terasoluna-gfw-common-1.0.5.RELEASE-sources.jar * * *
  terasoluna-gfw-web-1.0.4.RELEASE-sources.jar terasoluna-gfw-web-1.0.5.RELEASE-sources.jar * * *
  terasoluna-gfw-security-core-1.0.4.RELEASE-sources.jar terasoluna-gfw-security-core-1.0.5.RELEASE-sources.jar * * *
  terasoluna-gfw-security-web-1.0.4.RELEASE-sources.jar terasoluna-gfw-security-web-1.0.5.RELEASE-sources.jar * * *
Spring Framework spring-aop-3.2.16.RELEASE-sources.jar spring-aop-3.2.17.RELEASE-sources.jar * * *
  spring-aspects-3.2.16.RELEASE-sources.jar spring-aspects-3.2.17.RELEASE-sources.jar * * *
  spring-beans-3.2.16.RELEASE-sources.jar spring-beans-3.2.17.RELEASE-sources.jar * * *
  spring-context-3.2.16.RELEASE-sources.jar spring-context-3.2.17.RELEASE-sources.jar * * *
  spring-context-support-3.2.16.RELEASE-sources.jar spring-context-support-3.2.17.RELEASE-sources.jar * * *
  spring-core-3.2.16.RELEASE-sources.jar spring-core-3.2.17.RELEASE-sources.jar * * *
  spring-expression-3.2.16.RELEASE-sources.jar spring-expression-3.2.17.RELEASE-sources.jar * * *
  spring-jdbc-3.2.16.RELEASE-sources.jar spring-jdbc-3.2.17.RELEASE-sources.jar * * *
  spring-orm-3.2.16.RELEASE-sources.jar spring-orm-3.2.17.RELEASE-sources.jar * * *
  spring-tx-3.2.16.RELEASE-sources.jar spring-tx-3.2.17.RELEASE-sources.jar * * *
  spring-web-3.2.16.RELEASE-sources.jar spring-web-3.2.17.RELEASE-sources.jar * * *
  spring-webmvc-3.2.16.RELEASE-sources.jar spring-webmvc-3.2.17.RELEASE-sources.jar * * *
Spring TestContext Framework spring-test-3.2.16.RELEASE-sources.jar spring-test-3.2.17.RELEASE-sources.jar * * *

[Step 6]

Update the referenced libraries in all of the following files, using replace string.

  • $YOUR_ECLIPSE_WTP_PROJECT/.classpath
  • $YOUR_ECLIPSE_WTP_PROJECT/build.xml
.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|
Library Name Before After Non JPA MB2
TERASOLUNA Global Framework Common Library terasoluna-gfw-common-1.0.4.RELEASE terasoluna-gfw-common-1.0.5.RELEASE * * *
  terasoluna-gfw-web-1.0.4.RELEASE terasoluna-gfw-web-1.0.5.RELEASE * * *
  terasoluna-gfw-security-core-1.0.4.RELEASE terasoluna-gfw-security-core-1.0.5.RELEASE * * *
  terasoluna-gfw-security-web-1.0.4.RELEASE terasoluna-gfw-security-web-1.0.5.RELEASE * * *
  terasoluna-gfw-jpa-1.0.4.RELEASE terasoluna-gfw-jpa-1.0.5.RELEASE   *  
  terasoluna-gfw-mybatis2-1.0.4.RELEASE terasoluna-gfw-mybatis2-1.0.5.RELEASE     *
Spring Framework spring-aop-3.2.16.RELEASE spring-aop-3.2.17.RELEASE * * *
  spring-aspects-3.2.16.RELEASE spring-aspects-3.2.17.RELEASE * * *
  spring-beans-3.2.16.RELEASE spring-beans-3.2.17.RELEASE * * *
  spring-context-3.2.16.RELEASE spring-context-3.2.17.RELEASE * * *
  spring-context-support-3.2.16.RELEASE spring-context-support-3.2.17.RELEASE * * *
  spring-core-3.2.16.RELEASE spring-core-3.2.17.RELEASE * * *
  spring-expression-3.2.16.RELEASE spring-expression-3.2.17.RELEASE * * *
  spring-jdbc-3.2.16.RELEASE spring-jdbc-3.2.17.RELEASE * * *
  spring-orm-3.2.16.RELEASE spring-orm-3.2.17.RELEASE * * *
  spring-tx-3.2.16.RELEASE spring-tx-3.2.17.RELEASE * * *
  spring-web-3.2.16.RELEASE spring-web-3.2.17.RELEASE * * *
  spring-webmvc-3.2.16.RELEASE spring-webmvc-3.2.17.RELEASE * * *
Spring TestContext Framework spring-test-3.2.16.RELEASE spring-test-3.2.17.RELEASE * * *
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️