After upgrading from 5.2 to 5.4 it seems the 'addContainerExtension(..) method has been completely dropped since 5.3.
We relied on this method for injecting our own custom rules. The method does not seem to have been marked deprecated - its purely missing from the API
Our usage of this method is
for (ProjectDefinition pd : context.projectReactor().getProjects()) {
pd.addContainerExtension(ruleSet);
pd.addContainerExtension(testExecutionService);
pd.addContainerExtension(resultProvider);
}
Any suggestions / help appreicated ?
This API was used to inject some components from the scanner to each module pico container (mainly MavenProject). We have dropped this dangerous feature.
But you don't need to use this to contribute your own rules. Simply pass your extensions in the getExtensions() method of your Plugin class.
Related
I was just curious about Facade and service container binding functions in Laravel 5.1, let's say Reponse::json() and response()->json() are the same. But is there any reason that one of them is better than the other?
It is already stated on the Laravel's documentation
Facades provide a "static" interface to classes that are available in
the application's service container. Laravel ships with many facades,
and you have probably been using them without even knowing it! Laravel
"facades" serve as "static proxies" to underlying classes in the
service container, providing the benefit of a terse, expressive syntax
while maintaining more testability and flexibility than traditional
static methods.
And this article by the creator of Laravel will also help you.
Why does this code
View
Worked in Laravel 4.0 and not anymore in 4.1?
One possibles reason from http://laravel.com/docs/releases:
Laravel 4.1 features a totally re-written routing layer. The API is the same; however, registering routes is a full 100% faster compared to 4.0. The entire engine has been greatly simplified, and the dependency on Symfony Routing has been minimized to the compiling of route expressions.
We have projects using Struts 2.0 and 2.1.
We're using web-hosting with Tomcat and both projects are working fine on remote servers. Recently, we got warning message from the webhosting provider, like:
This notice is inform you that recently numerous vulnerabilities have been discovered related to Struts and Struts2 frameworks and other frameworks which use OGNL classes.
Since your application is using Struts or Struts2 framework, we HIGHLY recommend that you URGENTLY update it to the most recent version: Struts v2.3.16.1
After research, we found there're consistent upgrades:
http://struts.apache.org/announce.html
Therefore, we tried to upgrade our Struts2 to 2.3.16.3 (latest version at present). However, we found it's not a trivial task to upgrade Struts2, since everything doesn't work, including AJAX tags, AJX form submit, auto-complete, etc. In this sense, Struts 2 is not well designed for scalability.
One example is that whenever we submit our AJAX form, the result will be in a new page instead of in the targets field defined in the sx:submit or sj:submit tag. We don't want to re-write all the codes just because of the upgrade.
We want to know if we don't upgrade Struts2 to the latest version, what kind of vulnerabilities our web application will face. Could anyone give us more details or any hint for solutions based on our situation? Thanks so much.
You are probably looking for Security Bulletins. Each documents describe the summary, problem, and solution to resolve the problem. At the end of each document you can find hotfixes if they are available.
One example is that whenever we submit our ajax form, the result will
be in a new page instead of in the targets field defined in the
sx:submit or sj:submit tag.
It seems you are using struts2 and struts 2 jquery plugin, so try to update to struts 2 jquery 3.7.0 too.
I recommend to accept some reworks and upgrade as some security issues are high.
There are some key parts which has changed and may need to be considered during upgrade like acceptableParameterName. Also review your param interceptor stack and list of exclude parameters.
I am using the sonar web api to query the sonar server for violations. Is there a java code to fetch all the Issues/Violations of a particular project in sonarqube? Please, any suggestions?
I think you've found the answer to this question by now. However, I'll go ahead and answer this one. There are two ways of fetching all the issues of a particular project.
Using the webservice sonarqube exposes.
http://docs.sonarqube.org/pages/viewpage.action?pageId=2392181#WebService/api/issues-GetaListofIssues
Using a sonar plugin
How to code a custom sonar plugin?
https://github.com/SonarSource/sonar-custom-plugin-example
How to get all the issues-
Use 'ProjectIssues' BatchComponent to list all the issues using org.sonar.api.issue.ProjectIssues.issues()
Use #DependsUpon(DecoratorBarriers.ISSUES_TRACKED) annotation on your decorator. This will make sure that the decorator is executed once issues are tracked as stated in the documentation.
Extract from DecoratorBarriers class:
/**
* This barrier is after {#link #ISSUES_ADDED}. The decorators that need to list all issues must be declared
* after this barrier : {#code #DependsUpon(value=DecoratorBarriers.ISSUES_TRACKED)}
*
* #since 3.6
*/
String ISSUES_TRACKED = "END_OF_VIOLATION_TRACKING";
I am trying to validate the equality of password with confirmPassword field in a registration form.
I am aware that in v.1(precisely v.1.2.4), you can do this using #Equals("confirmPassword") annotation.
However the same functionality seems to be missing in v2.0.
Am I missing out on something or v2.0 doesn't implement this anymore?
Have a look at Forms Validation for Play 2.0, specifically the Constraints section. The play.data.validation.Constraints class contains several built-in validation annotations according to the documentation. They made a lot of changes between the 1.* and 2.* versions.