Skip to content

Sync to Master#5841

Open
krishnaalluhitachi wants to merge 490 commits intoPPP-5370from
master
Open

Sync to Master#5841
krishnaalluhitachi wants to merge 490 commits intoPPP-5370from
master

Conversation

@krishnaalluhitachi
Copy link
Copy Markdown
Contributor

@krishnaalluhitachi krishnaalluhitachi commented Feb 19, 2025

Sync to Master

@krishnaalluhitachi krishnaalluhitachi requested a review from a team as a code owner February 19, 2025 08:16
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Mar 5, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security AI found potential problems May 29, 2025
View reviewed changes
Comment thread extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java
}

private boolean isEncodedRepositoryFilePath( String contextId ) {
return contextId.startsWith( ":" ) || contextId.matches( "^[A-z]\t:.*" );

Check warning

Code scanning / CodeQL

Overly permissive regular expression range Medium

Suspicious character range that is equivalent to [A-Z[]^_`a-z].

Copilot Autofix

AI 9 months ago

To fix the issue, the overly permissive range A-z should be replaced with a more precise range that matches only the intended characters. In this case, the correct range is likely A-Za-z, which includes all uppercase and lowercase alphabetic characters without any unintended symbols. This change ensures that the regular expression behaves as expected and avoids matching unintended characters.

The specific change will be made on line 733 in the isEncodedRepositoryFilePath method.

Suggested changeset 1
extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java b/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java
--- a/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java
+++ b/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java
@@ -732,3 +732,3 @@
   private boolean isEncodedRepositoryFilePath( String contextId ) {
-    return contextId.startsWith( ":" ) || contextId.matches( "^[A-z]\t:.*" );
+    return contextId.startsWith( ":" ) || contextId.matches( "^[A-Za-z]\t:.*" );
   }
EOF
@@ -732,3 +732,3 @@
private boolean isEncodedRepositoryFilePath( String contextId ) {
return contextId.startsWith( ":" ) || contextId.matches( "^[A-z]\t:.*" );
return contextId.startsWith( ":" ) || contextId.matches( "^[A-Za-z]\t:.*" );
}
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
github-advanced-security[bot]
github-advanced-security AI found potential problems Jul 28, 2025
View reviewed changes
Comment thread extensions/src/main/java/org/pentaho/platform/web/http/api/resources/UserConsoleResource.java
public Response clearSessionVariable( @QueryParam( "key" ) String key ) {
try {
var result = userConsoleService.clearSessionVariable( key );
return Response.ok( result ).build();

Check warning

Code scanning / CodeQL

Cross-site scripting Medium

Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
cardosov and others added 26 commits September 2, 2025 15:13
@cardosov
Merge pull request #6000 from pentaho/DEVO-12893
2e3fd76 
[DEVO-12893] - Changing dep GAV
@pdesai16
Merge pull request #5987 from abryant-hv/BACKLOG-43889-c
7b32233 
[BACKLOG-43889] - partial upload message
@joana-fb
fix: add proper initialization to XML parser [PPP-5719] (#5937) (#5972)
25e5b2e 
* fix: add proper initialization to XML parser [PPP-5719]

* fix: add proper initialization to XML parser [PPP-5719]

* fix: add proper initialization to XML parser [PPP-5719]
@smmribeiro
feat[PPP-5739]: replace ini4j with commons-configuration2
3a88919
@smaring
Merge pull request #6006 from smmribeiro/PPP-5739
871f581 
feat[PPP-5739]: replace ini4j with commons-configuration2
@SahithiKommagani6 @vamshirajidi
[BACKLOG-45596]-Upgrade JDK properties from 11 to 17
37dcbd3
@SahithiKommagani6
Merge pull request #6009 from pentaho/Upgrade-JDK
963df26 
[BACKLOG-45596]-Upgrade JDK properties from 11 to 17
@mbrasil
fix: invalid folder names [PPUC-230]
cefdde9
@dcleao
feat: move generic-file-service to pentaho-platform [PPUC-124]
84e2741
@rmansoor
[BACKLOG-45998] - Adding pdi-engine-configuration-api to WEB-INF/lib
c7c607a
@NJtwentyone
Merge pull request #6014 from rmansoor/master
b1e4d07 
[BACKLOG-45998] - Adding pdi-engine-configuration-api to WEB-INF/lib
@dcleao
Merge pull request #6013 from dcleao/PPUC-124
a90ac46 
feat: move generic-file-service to pentaho-platform [PPUC-124]
@dcleao
fix: change bean scope of GFS providers to session [PPUC-124]
ce38d3e 
- the scope had been lost when moving configs from Browse Files plugin
@rmansoor
Merge pull request #6017 from dcleao/PPUC-124
fd987ba 
fix: change bean scope of GFS providers to session [PPUC-124]
@miguelappleton
fix[BISERVER-15302]: correctly update descriptions in Browse Files to…
b92b7c0 
…oltips
@miguelappleton
Merge pull request #6018 from miguelappleton/BISERVER-15302-2
34a1a41 
fix[BISERVER-15302]: correctly update descriptions in Browse Files tooltips
@dcleao
fix: session scope for spring beans from plugins [PPUC-124]
8772029 
- Apparently, another case not previously covered by the fix #5476
@dcleao
fix: incorrect GFS snapshot version number [PPUC-124]
d09af83
@dcleao
Merge pull request #6020 from dcleao/PPUC-124-fix-gfs-version
6d14095 
fix: incorrect GFS snapshot version number [PPUC-124]
@dcleao
Merge pull request #6019 from dcleao/PPUC-124
59f9cbf 
fix: session scope for spring beans from plugins [PPUC-124]
@dcleao
fix: session scope for spring beans from root app context beans witho…
bae0cef 
…ut http request [PPUC-277]
@dcleao
fix: get all Generic File Service Provider beans [PPUC-124]
5a2da2e
@dcleao
Merge pull request #6022 from dcleao/PPUC-124
54c3cfa 
fix: get all Generic File Service Provider beans [PPUC-124]
@dcleao
Merge pull request #6021 from dcleao/PPUC-277
d202a21 
fix: session scope for spring beans from root app context beans without http request [PPUC-277]
@SahithiKommagani6
[BACKLOG-43874]-Fix JDK21 test pipeline(test1) build failures
76eb4b2
@SahithiKommagani6
[BACKLOG-43935]-Fix JDK21 test pipeline(test1) test case failures
eddd7f4
miguelappleton and others added 30 commits March 2, 2026 21:49
@miguelappleton
Merge pull request #6171 from miguelappleton/BISERVER-15346
f43893c 
fix[BISERVER-15346]: support defaulting to the generated content name on email attachments
@peterrinehart
Merge pull request #6178 from rmansoor/master-latest
1deb6dc 
[BISERVER-15534] [BISERVER-15533] - Update command line processer to …
@vbist23
Merge pull request #6180 from peterrinehart/PPN-366-3
09bb82c 
[PPN-366] Support scheduling ktr and kjb files located in a vfs folder.
@peterrinehart
[chore] fix line terminators
45a680a
@rmansoor
Merge pull request #6182 from peterrinehart/cleanup
69f82f1 
[chore] fix line terminators
@befc
fix: fix properties in message files (#6181)
44e2f2e 
* chore: Normalize message bundle line endings to LF

* fix: Correct ACL settings message in Japanese properties file
@vbist23
Open
9a6e47f 
[BACKLOG-48378] Provide a means for PDI to locate PDC API
@peterrinehart
Merge pull request #6188 from vbist23/BACKLOG-48378
675d1ca 
[BACKLOG-48378] Provide a means for PDI to locate PDC API
@eddie-martinez
Merge pull request #6176 from peterrinehart/PPN-367
060cc7b 
[PPN-367] Support for scheduling reports on VFS.
@smmribeiro
fix[BISERVER-15538]: fix regression introduced by BACKLOG-45029 (#6193)
ebfa706 
This fixes BACKLOG-49004
@srallapa
[PPN-19] Scheduler pause/resume status update event log
29ce12c
@rmansoor
[PPP-6305] - Remove weka plugins and its dependencies from pentaho pr…
e9d4f25 
…oduct
@rmansoor
Merge pull request #6197 from rmansoor/remove-weka
6e43126 
[PPP-6305] - Remove weka plugins and its dependencies from pentaho product
@ddiroma
Merge pull request #6195 from srallapa/PPN-19-scheduler-status-logs
428441c 
[PPN-19] Scheduler pause/resume status update event log
@peterrinehart
[BISERVER-15569] Fix race condition in HvCacheRegionFactory.createCac…
318b8c1 
…he()

by catching CacheException for already-existing caches.

Synchronize public methods to access the CacheManager and add an atomic
getOrCreateFromRegionCache method to reduce the chances for race
conditions. Other users of the cache should migrate to this new method
when possible.
@ddiroma
Merge pull request #6196 from peterrinehart/BISERVER-15569
dc5acbb 
[BISERVER-15569] Fix race condition in HvCacheRegionFactory.createCache() by catching …
@kmeadows1980 @smmribeiro
feat(BISERVER-14985): new features for brute force administration
2cc4a35 
FICS requested changes for brute force administration and unlock via UI

(cherry picked from commit 7dac72c)
@smmribeiro
chore(BISERVER-14985): some optimizations and improvements
d5af7c6 
Also improved unit testing for the class (functionalities and coverage)
@smmribeiro
feat(BISERVER-14985): new features for brute force administration (#6200
796acf8 
)
@miguelappleton
feat[BISERVER-15398]: receive an email when a schedule fails
afc149a
@miguelappleton
test[BISERVER-15398]: add unit tests for BISERVER-15398
31a077f
@joana-fb
fix[BISERVER-15545]: update doSetMetadata endpoint to accept XML (#6201)
d782d53 
* fix[BISERVER-15545]: update doSetMetadata endpoint to accept XML

* Apply suggestion from @Copilot

Co-authored-by: Copilot <[email protected]>

* fix[BISERVER-15545]: update doSetMetadata endpoint to accept XML

---------

Co-authored-by: Copilot <[email protected]>
@miguelappleton
fix[BISERVER-15398]: address several comments
a2de944 
- get smtp.sendpartial via email configuration
- only fetch email failure properties on startup
- apply regex to remove invalid email addresses
@peterrinehart
[BACKLOG-49227] CacheManager needs finer-grained locking than
c92cc73 
synchronized blocks to avoid deadlocks. Switched to concurrenthashmap to
provide read/write locking on data structures and further
synchronization around object creation in getOrCreate to prevent
duplicate object creation.
@peterrinehart
Merge pull request #6203 from peterrinehart/BACKLOG-49227
9efd286 
[BACKLOG-49227] CacheManager needs finer-grained locking than
@joana-fb
build[PPP-6248]: update Hibernate groupId (#6204)
6cc7849 
* build[PPP-6248]: update Hibernate groupId

* build[PPP-6248]: update Hibernate groupId
@miguelappleton
fix[BISERVER-15398]: address several comments
d40a461 
- add lazy init for the failure email properties
- add constants for repeated strings
- fix wrong if for message validation
- fix formatting
@miguelappleton
tes[BISERVER-15398]: fix action util tests
469e14f
@miguelappleton
Merge pull request #6202 from miguelappleton/BISERVER-15398-miguel
4b9ccf9 
feat[BISERVER-15398]: receive an email when a schedule fails
@mbrasil
feat: add get file acl with forced inheriting [PPUC-23] (#6199)
0dd6fa0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.