[Git][java-team/libhibernate-validator-java][upstream] New upstream version 4.3.4

Wed Oct 17 16:17:47 BST 2018

Emmanuel Bourg pushed to branch upstream at Debian Java Maintainers / libhibernate-validator-java


Commits:
c1111399 by Emmanuel Bourg at 2018-10-17T15:13:00Z
New upstream version 4.3.4
- - - - -


14 changed files:

- README.md
- annotation-processor/pom.xml
- archetype/pom.xml
- changelog.txt
- distribution/pom.xml
- documentation/pom.xml
- engine/pom.xml
- + engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java
- engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java
- engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java
- integration/pom.xml
- performance/pom.xml
- pom.xml
- tck-runner/pom.xml


Changes:

=====================================
README.md
=====================================
@@ -1,6 +1,6 @@
 # Hibernate Validator
 
-*Version: 4.3.3.Final, 19.05.2016*
+*Version: 4.3.4.Final, 29.05.2018*
 
 
 ## What is it?
@@ -40,7 +40,7 @@ Logging will delegate any log requests to that provider.
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-validator</artifactId>
-            <version>4.3.3.Final</version>
+            <version>4.3.4.Final</version>
         </dependency>
 
 
@@ -70,7 +70,7 @@ There are more build options available as well. For more information refer to [C
 ## Hibernate Validator URLs
 
 * [Home Page](http://hibernate.org/validator/)
-* [Downloads](http://www.hibernate.org/subprojects/validator/download.html)
+* [Downloads](http://hibernate.org/validator/releases/4.3/)
 * [Community Info](http://hibernate.org/community/)
 * [Source Code](git://github.com/hibernate/hibernate-validator.git)
 * [Issue Tracking](https://hibernate.atlassian.net/projects/HV)


=====================================
annotation-processor/pom.xml
=====================================
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 


=====================================
archetype/pom.xml
=====================================
@@ -30,7 +30,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 


=====================================
changelog.txt
=====================================
@@ -1,6 +1,13 @@
 Hibernate Validator Changelog
 =============================
 
+
+4.3.4.Final (29.05.2018)
+------------------------
+
+** Bug
+    * [HV-1498] - Privilege escalation when running under the security manager
+
 4.3.3.Final (19.05.2016)
 ------------------------
 


=====================================
distribution/pom.xml
=====================================
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 


=====================================
documentation/pom.xml
=====================================
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 


=====================================
engine/pom.xml
=====================================
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 


=====================================
engine/src/main/java/org/hibernate/validator/HibernateValidatorPermission.java
=====================================
@@ -0,0 +1,39 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2018, Red Hat, Inc. and/or its affiliates, and individual contributors
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+* http://www.apache.org/licenses/LICENSE-2.0
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.hibernate.validator;
+
+import java.security.BasicPermission;
+
+/**
+ * Our specific implementation of {@link BasicPermission} as we cannot define additional {@link RuntimePermission}.
+ * <p>
+ * {@code HibernateValidatorPermission} is thread-safe and immutable.
+ *
+ * @author Guillaume Smet
+ */
+public class HibernateValidatorPermission extends BasicPermission {
+
+	public static final HibernateValidatorPermission ACCESS_PRIVATE_MEMBERS = new HibernateValidatorPermission( "accessPrivateMembers" );
+
+	public HibernateValidatorPermission(String name) {
+		super( name );
+	}
+
+	public HibernateValidatorPermission(String name, String actions) {
+		super( name, actions );
+	}
+}


=====================================
engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorImpl.java
=====================================
@@ -41,6 +41,7 @@ import javax.validation.Validator;
 import javax.validation.groups.Default;
 import javax.validation.metadata.BeanDescriptor;
 
+import org.hibernate.validator.HibernateValidatorPermission;
 import org.hibernate.validator.internal.engine.groups.Group;
 import org.hibernate.validator.internal.engine.groups.GroupWithInheritance;
 import org.hibernate.validator.internal.engine.groups.Sequence;
@@ -1426,6 +1427,11 @@ public class ValidatorImpl implements Validator, MethodValidator {
 			return member;
 		}
 
+		SecurityManager sm = System.getSecurityManager();
+		if ( sm != null ) {
+			sm.checkPermission( HibernateValidatorPermission.ACCESS_PRIVATE_MEMBERS );
+		}
+
 		Class<?> clazz = original.getDeclaringClass();
 
 		if ( original instanceof Field ) {


=====================================
engine/src/main/java/org/hibernate/validator/internal/util/privilegedactions/GetDeclaredField.java
=====================================
@@ -41,7 +41,6 @@ public final class GetDeclaredField implements PrivilegedAction<Field> {
 	public Field run() {
 		try {
 			final Field field = clazz.getDeclaredField( fieldName );
-			field.setAccessible( true );
 			return field;
 		}
 		catch ( NoSuchFieldException e ) {


=====================================
integration/pom.xml
=====================================
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 


=====================================
performance/pom.xml
=====================================
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 


=====================================
pom.xml
=====================================
@@ -20,7 +20,7 @@
 
     <groupId>org.hibernate</groupId>
     <artifactId>hibernate-validator-parent</artifactId>
-    <version>4.3.3.Final</version>
+    <version>4.3.4.Final</version>
     <packaging>pom</packaging>
 
     <name>Hibernate Validator Aggregator</name>


=====================================
tck-runner/pom.xml
=====================================
@@ -21,7 +21,7 @@
     <parent>
         <artifactId>hibernate-validator-parent</artifactId>
         <groupId>org.hibernate</groupId>
-        <version>4.3.3.Final</version>
+        <version>4.3.4.Final</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 



View it on GitLab: https://salsa.debian.org/java-team/libhibernate-validator-java/commit/c11113996ce7fbf6d8e74f7de2f09d349a0356e3

-- 
View it on GitLab: https://salsa.debian.org/java-team/libhibernate-validator-java/commit/c11113996ce7fbf6d8e74f7de2f09d349a0356e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20181017/596a65f5/attachment.html>
