Migration Guide 5.1.1_en - terasolunaorg/terasoluna-gfw GitHub Wiki
.. only:: html .. contents:: table of contents :depth: 2 :local:
The key changes in 5.1.1 are as below.
From 5.1.1,updated MyBatis to 3.3.1 to incorporate the following bug fixes. In accordance with this update, MyBatis Spring has been updated to 1.2.5
- [#492] NPE when ResultSet is null
From 5.1.1, changed some specification of common library for bug fixes
- [#554] MessagePanelTag doesn't close with </div> when it's empty
- [#565] TransactionToken does not support some special flows
- [#593] createToken() of TransactionTokenContextImpl does not work properly
From 5.1.1, changed some setting files of blank project
Changes due to modification of common library
Changes to resolve security vulnerability[(CVE-2016-5007)]
- [single#201] [multi#244] Add workaround settings for CVE-2016-5007(Path Matching Inconsistency)
The migration procedure is as follows.
Note
Legend
Required : This procedure is mandatoryRequired by case : This procedure is mandatory if conditions matchOptional : This procedure is recommended (Implement it as required)- : This procedure is not required
[General]
.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step | Procedure | MavenMultiple Projects | MavenSingle Project | EclipseWTP Project |
---|---|---|---|---|
|
Update the dependent library | Required | Required | Required |
|
Change HTTP proxy setting of RestClient | Optional | Optional | Optional |
[Spring Security]
.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step | Procedure | MavenMultiple Projects | MavenSingle Project | EclipseWTP Project |
---|---|---|---|---|
|
[CVE-2016-5007] Setting for vulnerability resolution of MVC Path Matching Inconsistency. | Required | Required | Required |
[Apache Commons Fileupload]
.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step | Procedure | MavenMultiple Projects | MavenSingle Project | EclipseWTP Project |
---|---|---|---|---|
|
[CVE-2016-3092] Setting for vulnerability resolution of Apache Commons Fileupload | Required by case | Required by case | Required by case |
[MyBatis Spring]
.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step | Procedure | MavenMultiple Projects | MavenSingle Project | EclipseWTP Project |
---|---|---|---|---|
|
Temporary countermeasures to deal with WARN log bug which is the output at the time of application termination by defining SqlSessionTemplate as a bean |
Required by case | Required by case | Required by case |
[Common Library]
.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|
Step | Procedure | MavenMultiple Projects | MavenSingle Project | EclipseWTP Project |
---|---|---|---|---|
|
Correction due to specification change of MassagePanelTag
|
Required by case | Required by case | Required by case |
|
Correction due to deprecation of TransactionTokenContext
|
Required by case | Required by case | Required by case |
|
Correction due to addition of @TransactionTokenCheck type attribute,TransactionTokenType.CHECK
|
Optional | Optional | Optional |
Please update common library and dependent library of TERASOLUNA Server Framework for Java (5.x)
.. tabularcolumns:: |p{0.35\linewidth}|p{0.25\linewidth}|p{0.25\linewidth}|p{0.15\linewidth}|
Library name | Version before update | Version after update | Remarks |
---|---|---|---|
TERASOLUNA Server Framework for Java (5.x) Common Library | 5.1.0.RELEASE | 5.1.1.RELEASE | |
MyBatis | 3.3.0 | 3.3.1 | |
MyBatis Spring | 1.2.3 | 1.2.5 |
[Procedure's required cases]
This procedure is mandatory.
This update procedure is for projects created using mvn archetype
Please modify the version
to ``5.1.1.RELEASE``of pom file of the parent project.
- (
$YOUR_MULTIPLE_PROJECT_ROOT/pom.xml
)
<!-- omitted -->
<parent>
<groupId>org.terasoluna.gfw</groupId>
<artifactId>terasoluna-gfw-parent</artifactId>
<version>5.1.1.RELEASE</version> <!-- ### Modification location ### -->
</parent>
<!-- omitted -->
This update procedure is for projects created using mvn archetype or for the project downloaded from release site
Please modify the version
to ``5.1.1.RELEASE``of project's pom file .
- (
$YOUR_SINGLE_PROJECT/pom.xml
)
<!-- omitted -->
<parent>
<groupId>org.terasoluna.gfw</groupId>
<artifactId>terasoluna-gfw-parent</artifactId>
<version>5.1.1.RELEASE</version> <!-- ### Modification location ### -->
</parent>
<!-- omitted -->
This update procedure is for Eclipse WTP projects downloaded from release site
For the update procedure please refer :ref:`Eclipse_WTP_Project`.
From 5.1.1, the recommended setting of HTTP proxy has been changed from system property to RestClient as it affects the entire application.
[Procedure's required case]
This procedure is recommended when HTTP proxy of RestClient is set to system property.
[Modification method]
For each RestTemplate
modify the setting of HTTP proxy server,
using SimpleClientHttpRequestFactory
or HttpComponentsClientHttpRequestFactory
.
【Before modification】
- Example of system property setting
//omitted
@Value("${api.proxy.host}")
String proxyHost;
@Value("${api.proxy.portNum}")
String proxyPort;
// omitted
System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
【After modification】
For implementation after modification,please refer How to configure HTTP Proxy server of guideline. ( English or Japanese )
[Procedure's required case]
This procedure is mandatory.
However,please note that if intentionally an URL with spaces is used then applying this may prevent the system from operating normally.
[Modification method]
Add following setting to spring-mvc.xml.
【Before modification】
<mvc:annotation-driven>
<!-- omitted -->
</mvc:annotation-driven>
【After modification】
<mvc:annotation-driven>
<!-- omitted -->
<mvc:path-matching path-matcher="pathMatcher" />
</mvc:annotation-driven>
<bean id="pathMatcher" class="org.springframework.util.AntPathMatcher">
<property name="trimTokens" value="false" />
</bean>
For details please refer Specifying a Web resource for applying access policy. ( English or Japanese )
It may be necessary to address the following vulnerability.
[CVE-2016-3092] Apache Commons Fileupload information disclosure vulnerability
[Procedure's required case]
If Apache Commons Fileupload
version managed by Spring IO Platform 2.0.6.RELEASE which is 5.1.1 compliant is used,
the vulnerability reported in CVE-2016-3092 does not occur.
Also when the version of Apache Commons Fileupload
is changed and used.
For details, please refer File Upload Warning of guideline. ( English or Japanese )
[Modification method]
When using Apache Commons Fileupload
use version 1.3.2 or above.
【Before modification】
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
【After modification】
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.2</version>
</dependency>
[Step 5]Temporary countermeasures to deal with WARN log bug which is the output at the time of application termination by defining SqlSessionTemplate as a bean
From 5.1.1, bug fixes were made by updating MyBatis Spring to 1.2.5.
[Procedure's required case]
Please make corrections as necessary,
when SqlSessionTemplate
is defined as a bean,to temporarily countermeasure against a bug in which the WARN log is outputted when the application is terminated.
[Fix]
Delete the method(destroy-method
attribute)that is called when Spring's ApplicationContext is terminated.
【Before modification】
<bean id="batchSqlSessionTemplate"
class="org.mybatis.spring.SqlSessionTemplate"
destroy-method="getExecutorType">
<constructor-arg index="0" ref="sqlSessionFactory"/>
<constructor-arg index="1" value="BATCH"/>
</bean>
【After modification】
<bean id="batchSqlSessionTemplate"
class="org.mybatis.spring.SqlSessionTemplate">
<constructor-arg index="0" ref="sqlSessionFactory"/>
<constructor-arg index="1" value="BATCH"/>
</bean>
[Procedure's required case]
If implementing tests that are aware of MassagePanelTag
specification then modification is necessary.
[Specification change contents]
If the value was empty <div/>
was output,
even if it is empty, changed it to output complete tag <div></div>
For details, refer to the following.
- [#554] MessagePanelTag doesn't close with </div> when it's empty
From 5.1.1, `` TransactionTokenContext`` has been deprecated.
[Procedure's required case]
If TransactionTokenContext
is used then modification is necessary so that it will not be used.
[Remarks]
If the application-oriented API provided by TransactionTokenContext
is used,
it will affect the internal behavior of the framework,since it can be built in such a way that TransactionToken
can not be maintained in a correct state,
it is recommended not to use this API.
[Step 8] Correction due to addition of @TransactionTokenCheck's type attribute,TransactionTokenType.CHECK
[Procedure's required case]
Application of this procedure is optional. Please check if necessary.
[Specification change contents]
TransactionTokenType.CHECK
has been added to the type attribute of @TransactionTokenCheck
For details, please refer No. 3 Type of Attributes of @TransactionTokenCheck annotation of guideline. ( English or Japanese )
This update procedure is for Eclipse WTP project downloaded from,`release site <https://github.com/terasolunaorg/terasoluna-gfw-web-blank/releases/>`_
Note
Legend
[Table header]Non : Blank project independent of O/R MapperMB3 : Blank project for MyBatis3JPA : Blank project for JPA[Remarks column]* : Operation target
Please download Eclipse WTP Project of 5.1.1.RELEASE .
If Eclipse is running, exit Eclipse.
Please update(delete and then add)jar file of``$YOUR_ECLIPSE_WTP_PROJECT/src/main/webapp/WEB-INF/lib``.
.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|
Libraray name | Delete file | Add file | Non | MB3 | JPA |
---|---|---|---|---|---|
TERASOLUNA Server Framework for Java (5.x) Common Library | terasoluna-gfw-common-5.1.0.RELEASE.jar | terasoluna-gfw-common-5.1.1.RELEASE.jar | * | * | * |
terasoluna-gfw-jodatime-5.1.0.RELEASE.jar | terasoluna-gfw-jodatime-5.1.1.RELEASE.jar | * | * | * | |
terasoluna-gfw-security-core-5.1.0.RELEASE.jar | terasoluna-gfw-security-core-5.1.1.RELEASE.jar | * | * | * | |
terasoluna-gfw-security-web-5.1.0.RELEASE.jar | terasoluna-gfw-security-web-5.1.1.RELEASE.jar | * | * | * | |
terasoluna-gfw-web-5.1.0.RELEASE.jar | terasoluna-gfw-web-5.1.1.RELEASE.jar | * | * | * | |
terasoluna-gfw-web-jsp-5.1.0.RELEASE.jar | terasoluna-gfw-web-jsp-5.1.1.RELEASE.jar | * | * | * | |
terasoluna-gfw-mybatis3-5.1.0.RELEASE.jar | terasoluna-gfw-mybatis3-5.1.1.RELEASE.jar | * | |||
terasoluna-gfw-jpa-5.1.0.RELEASE.jar | terasoluna-gfw-jpa-5.1.1.RELEASE.jar | * | |||
MyBatis | mybatis-3.3.0.jar | mybatis-3.3.1.jar | * | ||
mybatis-spring-1.2.3.jar | mybatis-spring-1.2.5.jar | * |
Please update (delete and then add) the jar file for source storage``$YOUR_ECLIPSE_WTP_PROJECT/libsrc``.
.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|
Library name | Delete file | Add file | Non | MB3 | JPA |
---|---|---|---|---|---|
TERASOLUNA Server Framework for Java (5.x) Common Library | terasoluna-gfw-common-5.1.0.RELEASE-sources.jar | terasoluna-gfw-common-5.1.1.RELEASE-sources.jar | * | * | * |
terasoluna-gfw-jodatime-5.1.0.RELEASE-sources.jar | terasoluna-gfw-jodatime-5.1.1.RELEASE-sources.jar | * | * | * | |
terasoluna-gfw-security-web-5.1.0.RELEASE-sources.jar | terasoluna-gfw-security-web-5.1.1.RELEASE-sources.jar | * | * | * | |
terasoluna-gfw-web-5.1.0.RELEASE-sources.jar | terasoluna-gfw-web-5.1.1.RELEASE-sources.jar | * | * | * | |
terasoluna-gfw-web-jsp-5.1.0.RELEASE-sources.jar | terasoluna-gfw-web-jsp-5.1.1.RELEASE-sources.jar | * | * | * | |
MyBatis | mybatis-3.3.0-sources.jar | mybatis-3.3.1-sources.jar | * | ||
mybatis-spring-1.2.3-sources.jar | mybatis-spring-1.2.5-sources.jar | * |
Please use the replacement string to update the reference library.
$YOUR_ECLIPSE_WTP_PROJECT/.classpath
$YOUR_ECLIPSE_WTP_PROJECT/build.xml
.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|
Library name | Replacement target string | Replacement string | Non | MB3 | JPA |
---|---|---|---|---|---|
TERASOLUNA Server Framework for Java (5.x) Common Library | terasoluna-gfw-common-5.1.0.RELEASE | terasoluna-gfw-common-5.1.1.RELEASE | * | * | * |
terasoluna-gfw-jodatime-5.1.0.RELEASE | terasoluna-gfw-jodatime-5.1.1.RELEASE | * | * | * | |
terasoluna-gfw-security-web-5.1.0.RELEASE | terasoluna-gfw-security-web-5.1.1.RELEASE | * | * | * | |
terasoluna-gfw-web-5.1.0.RELEASE | terasoluna-gfw-web-5.1.1.RELEASE | * | * | * | |
terasoluna-gfw-web-jsp-5.1.0.RELEASE | terasoluna-gfw-web-jsp-5.1.1.RELEASE | * | * | * | |
MyBatis | mybatis-3.3.0 | mybatis-3.3.1 | * | ||
mybatis-spring-1.2.3 | mybatis-spring-1.2.5 | * |