This addresses CVE-2022-40151 and CVE-2022-41966, see:
https://x-stream.github.io/changes.html#1.4.20
This version also fixes an issue with closing streams so the workaround in GenerateDefaultTranslationsMojoTest is no longer needed.
Signed-off-by: Wouter Born <github@maindrain.net>
* Sync runtime dependencies with Karaf 4.4.3, most notably:
* Jetty 9.4.50.v20221201
* Pax Logging 2.2.0
* Pax Web 8.0.15
* Use OSGi R8 as compile dependency
* Rework Servlets to use Http Whiteboard annotations in favor of proprietary `org.openhab.core.io.http.servlet` classes
* Resolve itest runbundles
Also-by: Jan N. Klug <github@klug.nrw>
Signed-off-by: Wouter Born <github@maindrain.net>
* Raise source level to Java 17 (except for model classes)
* Remove Nashorn script engine
* Upgrade spotless and add jvm options
See https://github.com/diffplug/spotless/issues/834
* Add suppression for findBugs false positive error
* Upgrade xtext to 2.29.0
* Adjust JNA
* Resolve itests
Signed-off-by: Jan N. Klug <github@klug.nrw>
This fixes the build being broken when building on Windows.
It also contains many fixes for timing issues which seem to impact macOS and Windows more than Linux.
* Fix .gitattributes and add *.xml_gen to fix line ending issues on Windows
* Derive fork count from CPU details in org.openhab.core tests for more stable tests on machines with fewer cores
* Adjust SafeCallerImplTest timings
* Increase ExecUtilTest timeout
* Increase SchedulerImplTest timeouts
* Increase AudioConsoleTest serveStream timeout
* Increase AudioServletTest serveStream timeout
* Increase SchedulerImplTest test timeouts
* Increase ExpireManagerTest timeout used for checking published events
* Increase PeriodicSchedulerImplTest max allowed delta
* Increase SchedulerImplTest timeouts
* Fix BundleInfoReader file stream not closed causing temp dir deletion issues on Windows
* Fix GenerateDefaultTranslationsMojoTest Windows line endings issues
* Fix GenerateDefaultTranslationsMojoTest Windows temp dir deletion problem
* Fix GenericItemProviderTest tearDown sometimes fails because of queued events
* Fix ChannelLinkNotifierOSGiTest wait for channel link events
* Fix ChannelCommandDescriptionProviderOSGiTest fails if provider not immediately registered
* Fix ChannelStateDescriptionProviderOSGiTest fails if provider not immediately registered
* Fix GenericItemChannelLinkProviderTest not waiting for async updated state to become true
* Fix GenericThingProviderTest failing due to events of previous test
* Fix InboxOSGiTest sometimes fails because of queued events
* Fix ScriptEngineOSGiTest failing because items are not yet added to registry
* Fix ThingManagerOSGiTest failing due to async handleRemoval call
Signed-off-by: Wouter Born <github@maindrain.net>
* Add more null annotations
* Fix mock name
Adds null annotations to most of the tests as well as a few other classes.
Also fixes a few other SAT findings.
Fixes ~300 SAT findings in total.
Signed-off-by: Wouter Born <github@maindrain.net>
This prevents typos and using the constants makes it easier to find out what other items types are accepted.
It also makes it easier to see that these values are item types and not labels or descriptions.
Signed-off-by: Wouter Born <github@maindrain.net>
Upgrades XStream from 1.4.15 to 1.4.17
Prevents the following vulnerabilities when using XStream instances with an uninitialized security framework:
* CVE-2021-21341
* CVE-2021-21342
* CVE-2021-21343
* CVE-2021-21344
* CVE-2021-21345
* CVE-2021-21346
* CVE-2021-21347
* CVE-2021-21348
* CVE-2021-21349
* CVE-2021-21350
* CVE-2021-21351
* CVE-2021-29505
See: http://x-stream.github.io/changes.html#1.4.17
Related to: #2250, #2251
Signed-off-by: Wouter Born <github@maindrain.net>
Upgrades UoM dependencies to:
* javax.measure 2.1.2
* si-units 2.0.1
* indriya 2.1.2
An openHAB OSGi-ified si-units bundle is used as runtime dependency, because the latest si-units release is still missing proper OSGi manifest headers.
Notable changes:
* Quantity not longer implements an `equals` method, so the unit tests had to be adjusted. This should have any impact outside of the unit tests though since the rest of openHAB should be using QuantityType instead.
* RationalConverter is not package private, so instances of it much be created through the MultiplyConverter static functions.
* Quantities.getQuantity can no longer parse values without units like `100`. A workaround has been implemented.
* The unicode greek `mu` letter is now returned for unit prefixes instead of the unicode `micro` character. These characters are visually identical but the unit tests had to be adjusted. The new library seems to parse both types just fine.
Also-by: Connor Petty <mistercpp2000+gitsignoff@gmail.com>
Signed-off-by: Wouter Born <github@maindrain.net>
