1. 31 Mar, 2022 1 commit
    • Emmanuel Duchastenier's avatar
      chore(2022.1): update default version and SHA256 (#501) · 694bf793
      Emmanuel Duchastenier authored
      + There is no need to declare env using the form `VAR_NAME  ${VAR_NAME:-defaultvalue}` when there is no ARG declared on that variable
      * use binary mode for sha256 check (no double space needed)
      * remove unused `rm -rf /var/lib/apt/lists/*` that was for ubuntu only
      
      + Use correct entry point
      Avoid execution of bonita specific things when the CMD is overriden
      This allows to easily change catalina command line argument or it allows to run
      other tools. When other tools are run, we do not do the customization of scripts.
      This is required to have docker hub tests working.
      694bf793
  2. 30 Mar, 2022 2 commits
  3. 24 Mar, 2022 1 commit
  4. 16 Mar, 2022 2 commits
  5. 15 Mar, 2022 1 commit
  6. 14 Mar, 2022 1 commit
  7. 09 Mar, 2022 4 commits
  8. 04 Mar, 2022 1 commit
  9. 03 Mar, 2022 3 commits
  10. 02 Mar, 2022 1 commit
  11. 28 Feb, 2022 1 commit
  12. 23 Feb, 2022 2 commits
  13. 22 Feb, 2022 1 commit
  14. 16 Feb, 2022 2 commits
  15. 08 Feb, 2022 3 commits
  16. 07 Feb, 2022 4 commits
    • Emmanuel Duchastenier's avatar
      feat(security): hide tomcat error report & version (#460) · 3e240275
      Emmanuel Duchastenier authored
      to mitigate returned info to possible malicious hacker
      
      Before:
      ```
      curl -i 'http://localhost:8080/bonita/login.jsp?redirectUrl=|'
      HTTP/1.1 400
      Content-Type: text/html;charset=utf-8
      Content-Language: fr
      Content-Length: 1950
      Date: Mon, 07 Feb 2022 15:10:05 GMT
      Connection: close
      
      <!doctype html><html lang="fr"><head><title>État HTTP 400 – Requête invalide</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>État HTTP 400 – Requête invalide</h1><hr class="line" /><p><b>Type</b> Rapport d'exception</p><p><b>message</b> Un caractère invalide a été trouvé dans la cible de la requête, les caractères valides sont définis dans RFC 7230 et RFC 3986</p><p><b>description</b> La requête envoyée par le client était syntaxiquement incorrecte.</p><p><b>exception</b></p><pre>java.lang.IllegalArgumentException: Un caractère invalide a été trouvé dans la cible de la requête, les caractères valides sont définis dans RFC 7230 et RFC 3986
          org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:494)
          org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:269)
          org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
          org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895)
          org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1732)
          org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
          org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
          org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
          org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
          java.base&#47;java.lang.Thread.run(Thread.java:829)
      </pre><p><b>note</b> La trace complète de la cause mère de cette erreur est disponible dans les fichiers journaux de ce serveur.</p><hr class="line" /><h3>Apache Tomcat/9.0.56</h3></body></html>%                                                                             ╭─manu@laptop-manu ~/workspace/bonita-distrib-sp git:(security/hide_tomcat_version_in_bundle*)
      ```
      
      After:
      ```
      curl -i 'http://localhost:8080/bonita/login.jsp?redirectUrl=|'
      HTTP/1.1 400
      Content-Type: text/html;charset=utf-8
      Content-Language: fr
      Content-Length: 445
      Date: Mon, 07 Feb 2022 15:10:48 GMT
      Connection: close
      
      <!doctype html><html lang="fr"><head><title>État HTTP 400 – Requête invalide</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>État HTTP 400 – Requête invalide</h1></body></html>%
      ```
      
      Closes [RUNTIME-603](https://bonitasoft.atlassian.net/browse/RUNTIME-603)
      3e240275
    • abirembaut's avatar
      chore(i18n): add permission to upload script · 428e3879
      abirembaut authored
      428e3879
    • danila_mazour's avatar
      fix(resources): restore deleted resources files (#459) · 01726b91
      danila_mazour authored
      
      
      * fix(resources): restore deleted resources files
      
      The files were deleted by 3210c124d7c6d9518a5fb259e5898afae1f0df96
      
      Restore them, as they are apparently needed by the build procedure.
      
      * Delete app-details.less
      Co-authored-by: default avatarabirembaut <anthony.birembaut@gmail.com>
      01726b91
    • abirembaut's avatar
      Merge branch 'master' into dev · 4e051da4
      abirembaut authored
      4e051da4
  17. 02 Feb, 2022 3 commits
  18. 28 Jan, 2022 1 commit
  19. 21 Jan, 2022 1 commit
  20. 17 Jan, 2022 2 commits
  21. 11 Jan, 2022 1 commit
  22. 07 Jan, 2022 2 commits