From d2390835c5cd5ecd6cb52384eee4b9823fbf92b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francesco=20Chicchiricc=C3=B2?= Date: Wed, 29 Apr 2026 16:03:53 +0200 Subject: [PATCH 1/3] Restricting fields for JEXL expressions --- .../core/provisioning/api/jexl/JexlContextBuilder.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/jexl/JexlContextBuilder.java b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/jexl/JexlContextBuilder.java index bed2130497..8329891786 100644 --- a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/jexl/JexlContextBuilder.java +++ b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/jexl/JexlContextBuilder.java @@ -32,7 +32,6 @@ import java.util.Set; import org.apache.commons.jexl3.JexlContext; import org.apache.commons.jexl3.MapContext; -import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.ClassUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.Pair; @@ -53,7 +52,9 @@ public class JexlContextBuilder { protected static final Logger LOG = LoggerFactory.getLogger(JexlContextBuilder.class); - private static final String[] IGNORE_FIELDS = { "password", "clearPassword", "serialVersionUID", "class" }; + private static final Set IGNORE_FIELDS = Set.of( + "class", "serialVersionUID", "cipherAlgorithm", "password", "passwordHistory", + "securityAnswer", "token", "tokenExpireTime"); private static final Map, Set>> FIELD_CACHE = Collections.synchronizedMap(new HashMap<>()); @@ -80,7 +81,7 @@ public JexlContextBuilder fields(final Object object) { try { for (PropertyDescriptor desc : Introspector.getBeanInfo(clazz).getPropertyDescriptors()) { if (!desc.getName().startsWith("pc") - && !ArrayUtils.contains(IGNORE_FIELDS, desc.getName()) + && !IGNORE_FIELDS.contains(desc.getName()) && !Collection.class.isAssignableFrom(desc.getPropertyType()) && !Map.class.isAssignableFrom(desc.getPropertyType()) && !desc.getPropertyType().isArray()) { From 6445ebdcf9551625ffd7a22619eddc84c5e0df62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francesco=20Chicchiricc=C3=B2?= Date: Thu, 30 Apr 2026 09:40:38 +0200 Subject: [PATCH 2/3] Restoring Wiki link --- .../syncope/client/console/panels/DashboardSystemPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/DashboardSystemPanel.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/DashboardSystemPanel.java index 34eb7ebc8c..02a6f5f494 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/DashboardSystemPanel.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/DashboardSystemPanel.java @@ -58,7 +58,7 @@ public DashboardSystemPanel(final String id) { String versionLink = StringUtils.isNotBlank(gitAndBuildInfo.getLeft()) && gitAndBuildInfo.getRight().endsWith("-SNAPSHOT") ? "https://gitbox.apache.org/repos/asf?p=syncope.git;a=commit;h=" + gitAndBuildInfo.getLeft() - : "https://cwiki.apache.org/confluence/display/SYNCOPE/Capriccio"; + : "https://cwiki.apache.org/confluence/display/SYNCOPE/Notturno"; version.add(new AttributeModifier("onclick", "window.open('" + versionLink + "', '_blank')")); add(version); From 9a89af0c386ac9ee17464c0a6cc0ab192b256eb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francesco=20Chicchiricc=C3=B2?= Date: Mon, 4 May 2026 08:19:23 +0200 Subject: [PATCH 3/3] Upgrading Jakarta Faces --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e67aa7371c..c7a655064a 100644 --- a/pom.xml +++ b/pom.xml @@ -530,7 +530,7 @@ under the License. 10.1.54 39.0.0.Final 6.2025.11 - 4.1.7 + 4.1.8 17-alpine 9.0