This addresses CVE-2022-40151 and CVE-2022-41966, see:
https://x-stream.github.io/changes.html#1.4.20
This version also fixes an issue with closing streams so the workaround in GenerateDefaultTranslationsMojoTest is no longer needed.
Signed-off-by: Wouter Born <github@maindrain.net>
This service provides add-on information when debugging in Eclipse so it is possible to add Things based on the installed bindings and configure installed add-ons in the UI.
Replaces the Sample Add-on Service.
Also shows the "Add-on Management" configuration which allows for configuring if incompatible add-ons are included.
Signed-off-by: Wouter Born <github@maindrain.net>
* Sync runtime dependencies with Karaf 4.4.3, most notably:
* Jetty 9.4.50.v20221201
* Pax Logging 2.2.0
* Pax Web 8.0.15
* Use OSGi R8 as compile dependency
* Rework Servlets to use Http Whiteboard annotations in favor of proprietary `org.openhab.core.io.http.servlet` classes
* Resolve itest runbundles
Also-by: Jan N. Klug <github@klug.nrw>
Signed-off-by: Wouter Born <github@maindrain.net>
* Raise source level to Java 17 (except for model classes)
* Remove Nashorn script engine
* Upgrade spotless and add jvm options
See https://github.com/diffplug/spotless/issues/834
* Add suppression for findBugs false positive error
* Upgrade xtext to 2.29.0
* Adjust JNA
* Resolve itests
Signed-off-by: Jan N. Klug <github@klug.nrw>
* Bump commons-net from 3.7.2 to 3.9.0 in /bom/runtime
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Wouter Born <github@maindrain.net>
This fixes a security issue in commons-io 1.4. According to the release-notes of commons-io version 1.4 and 2.x are binary compatible and (mostly) source-compatible. I check that openhab-addons compiles with these changes and successfully runs all itests.
Signed-off-by: Jan N. Klug <github@klug.nrw>
The `jackson-databind` bundle contains a vulnerability that is fixed in version 2.12.6.1. This version is only available for that bundle, all other bundles are still available as 2.12.6.
Signed-off-by: Jan N. Klug <github@klug.nrw>
Uses an openHAB 5.2.1.OH1 build based on the latest changes in the nrjavaserial master branch (7aa21d1dc8).
When there is an official release containing those changes we can upgrade to that.
Most importantly this fixes a file descriptor leak when checking lock dir permissions.
It also adds FreeBSD aarch64 (ARM64) support.
Fixes#1842
Signed-off-by: Wouter Born <github@maindrain.net>
This prevents deprecation warnings when running the itests with Java 17:
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.eclipse.osgi.internal.framework.SystemBundleActivator (file:org.openhab.core.tests/target/test/tmp/testing/itest/cnf/cache/6.2.0/org.openhab.core.bom.runtime-index/org.eclipse.osgi-3.16.300.v20210525-1715.jar)
WARNING: Please consider reporting this to the maintainers of org.eclipse.osgi.internal.framework.SystemBundleActivator
WARNING: System::setSecurityManager will be removed in a future release
See: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574729
Signed-off-by: Wouter Born <github@maindrain.net>
It causes unneccessary bundle refreshes whenever add-ons are installed/uninstalled.
As a result the UI does not get properly notified of installation changes.
Fixes#2580
Reverts the Aries JAX-RS Whiteboard upgrade of #2532
Signed-off-by: Wouter Born <github@maindrain.net>
