DOCSLIB.ORG

Third Party Jars Scanning Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Third Party Jars Scanning Report Dependency-Check Report 03/03/20, 1231 PM Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. How to read the report | Suppressing false positives | Getting Help: github issues Project: AdeptiaConnect_3_2_10Feb2020 Scan Information (show all): dependency-check version: 5.2.2 Report Generated On: Thu, 13 Feb 2020 12:18:25 +0530 Dependencies Scanned: 3023 (2125 unique) Vulnerable Dependencies: 23 Vulnerabilities Found: 36 Vulnerabilities Suppressed: 0 ... Summary Display: Showing Vulnerable Dependencies (click to show all) Dependency Vulnerability IDs Package Highest Severity CVE Count jquery.min.js pkg:javascript/[email protected] MEDIUM 2 spring-security- cpe:2.3:a:pivotal_software:spring_security:5.2.1.release:*:*:*:*:*:*:* pkg:maven/org.springframework.security/spring- HIGH 1 core- cpe:2.3:a:security-framework_project:security-framework:5.2.1.release:*:*:*:*:*:*:* [email protected] 5.2.1.RELEASE.jar commons-jelly- cpe:2.3:a:apache:commons-jelly:1.0.1:*:*:*:*:*:*:* CRITICAL 1 1.0.1-beta-4- oldstyle.jar castor-0.9.6.2.jar cpe:2.3:a:castor_project:castor:0.9.6.2:*:*:*:*:*:*:* MEDIUM 1 handlebars- pkg:javascript/[email protected] medium 3 2.0.0.js opensaml-2.6.4.jar cpe:2.3:a:shibboleth:opensaml:2.6.4:*:*:*:*:*:*:* pkg:maven/org.opensaml/[email protected] MEDIUM 1 jakarta.json- cpe:2.3:a:processing:processing:1.1.5:*:*:*:*:*:*:* pkg:maven/org.glassfish/[email protected] MEDIUM 1 1.1.5.jar jquery-1.8.0.min.js pkg:javascript/[email protected] MEDIUM 3 axis-1.1.1.jar cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:* MEDIUM 3 jquery-1.12.4.js pkg:javascript/[email protected] MEDIUM 2 filters-2.0.235.jar cpe:2.3:a:image_processing_software:image_processing_software:2.0.235:*:*:*:*:*:*:* pkg:maven/com.jhlabs/[email protected] LOW 1 jakarta-slide- cpe:2.3:a:apache:jakarta_slide:2.1:*:*:*:*:*:*:* LOW 1 webdavlib-2.1.jar apache-jsp- cpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:* pkg:maven/org.mortbay.jasper/apache- HIGH 2 9.0.29.jar cpe:2.3:a:apache_software_foundation:tomcat:9.0.29:*:*:*:*:*:*:* [email protected] python36.dll cpe:2.3:a:python:python:36:*:*:*:*:*:*:* MEDIUM 1 cpe:2.3:a:python_software_foundation:python:36:*:*:*:*:*:*:* log4j-1.2.17.jar cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:* pkg:maven/log4j/[email protected] HIGH 1 not-yet-commons- cpe:2.3:a:not_yet_commons_ssl_project:not_yet_commons_ssl:0.3.9:*:*:*:*:*:*:* pkg:maven/ca.juliusdavies/not-yet-commons- MEDIUM 1 ssl-0.3.9.jar [email protected] spring-core- cpe:2.3:a:pivotal_software:spring_framework:5.2.2.release:*:*:*:*:*:*:* pkg:maven/org.springframework/spring- HIGH 2 5.2.2.RELEASE.jar cpe:2.3:a:springsource:spring_framework:5.2.2.release:*:*:*:*:*:*:* [email protected] cpe:2.3:a:vmware:springsource_spring_framework:5.2.2:*:*:*:*:*:*:* PDFxStream- cpe:2.3:a:snowtide:pdfxstream:1.0:*:*:*:*:*:*:* MEDIUM 1 1.0.jar castor-doclet- cpe:2.3:a:castor_project:castor:0.4.6:*:*:*:*:*:*:* MEDIUM 1 0.4.6.jar spring-tx- cpe:2.3:a:pivotal_software:spring_framework:5.2.2.release:*:*:*:*:*:*:* pkg:maven/org.springframework/spring- HIGH 2 5.2.2.RELEASE.jar cpe:2.3:a:springsource:spring_framework:5.2.2.release:*:*:*:*:*:*:* [email protected] cpe:2.3:a:vmware:springsource_spring_framework:5.2.2:*:*:*:*:*:*:* spring-web- cpe:2.3:a:pivotal_software:spring_framework:5.2.1.release:*:*:*:*:*:*:* pkg:maven/org.springframework/spring- HIGH 2 5.2.1.RELEASE.jar cpe:2.3:a:springsource:spring_framework:5.2.1.release:*:*:*:*:*:*:* [email protected] cpe:2.3:a:vmware:springsource_spring_framework:5.2.1:*:*:*:*:*:*:* jquery- pkg:javascript/[email protected] MEDIUM 2 1.11.1.min.js file:///Users/avinash/Downloads/ACE_v3.2_3rdPartyJars_Scanning_Report.html Page 1 of 26 Dependency-Check Report 03/03/20, 1231 PM bcpg-jdk15on- cpe:2.3:a:openpgp:openpgp:1.64:*:*:*:*:*:*:* pkg:maven/org.bouncycastle/bcpg- MEDIUM 1 1.64.jar [email protected] Dependencies jquery.min.js File Path: D:\BUILD\CONNECT\V_3.2\MySQL_PatchEnv\AdeptiaConnect-3.1\ConnectPortal\webapps\wars\ROOT\jquery\jquery.min.js MD5: 28dd060f863dd353fac8ec0585d2ab79 SHA1: b8abf6e6a9c086d5df6fedb1f0a7a2d7aff85238 SHA256:b3b6da61b0654e356955b9c12744ec7ad8b9f02235976285d9b3bf7f975636b5 Evidence Related Dependencies Identifiers pkg:javascript/[email protected] (Confidence:Highest) Published Vulnerabilities CVE-2015-9251 suppress jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSSv2: Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:N CVSSv3: Base Score: MEDIUM (6.1) Vector: /AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N References: BID - 105658 BUGTRAQ - 20190509 dotCMS v5.1.1 Vulnerabilities CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html CONFIRM - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html CONFIRM - https://www.tenable.com/security/tns-2019-08 FULLDISC - 20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability FULLDISC - 20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability FULLDISC - 20190510 dotCMS v5.1.1 Vulnerabilities MISC - http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html MISC - http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html MISC - https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc MISC - https://github.com/jquery/jquery/issues/2432 MISC - https://github.com/jquery/jquery/pull/2588 MISC - https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2 MISC - https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 MISC - https://snyk.io/vuln/npm:jquery:20150627 MISC - https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf MISC - https://www.oracle.com/security-alerts/cpujan2020.html MISC - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html MISC - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html MISC - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20190811 Apache flink 1.7.2 security issues MLIST - [flink-user] 20190811 Apache flink 1.7.2 security issues MLIST - [flink-user] 20190813 Apache flink 1.7.2 security issues MLIST - [flink-user] 20190813 Re: Apache flink 1.7.2 security issues MLIST - [roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js info - info info - info info - info info - info Vulnerable Software & Versions (NVD): cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7 cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6 cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* file:///Users/avinash/Downloads/ACE_v3.2_3rdPartyJars_Scanning_Report.html Page 2 of 26 Dependency-Check Report 03/03/20, 1231 PM cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7 cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4 cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
Load more

Recommended publications
  • Thin Server Architecture
    HTML5 Application Development with Java Peter Doschkinow Senior Java Architect The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Agenda . Motivation . HTML5 Overview – Related Java Technologies . Thin Server Architecture . Demo Motivation . Need for clarification Gartner’s 2012 Emerging Technologies Hype Cycle – What is behind the hype . Architectural consequences of new trends . What offers the Java platform to meet the new challenges . Building of common understanding Web Technology History . 1991 HTML . 1995 JavaScript @ Netscape . 1994 HTML2 . 1996 ECMAScript 1.0, 1.1 . 1996 CSS1 . 1997 ECMAScript 1.2 . 1997 HTML4 . 1998 ECMAScript 1.3 . 1998 CSS2 . 2000 ECMAScript 3 . 2000 XHTML1 . 2010 ECMAScript 5 . 2002 Tableless Web Design . Next: ECMAScript 6 Harmony . 2005 AJAX . 2009 HTML5: as of Dec 2012 W3C CR HTML5 Features W3C / Web Hypertext Application Technology Working Group(WHATWG) . Markup – Semantic markup replacing common usages of generic <span>, <div> . <nav>, <footer>,<audio>, <video>, ... API – Canvas 2D (for immidate mode 2D drawing),Timed media playback – Offline Web Applications, Local Srorage and Filesystem, Web Storage – Geolocation, Web Storage, IndexedDB – File API, Drag-and-Drop, Browser History – ... HTML5 Features Offloaded to other specs, originally part of HTML5 . WebSocket API, Server-Sent Events(SSE), Web Messaging, Web Workers, Web Storage (Web Apps WG ) .
    [Show full text]
  • Java Programming Standards & Reference Guide
    Java Programming Standards & Reference Guide Version 3.2 Office of Information & Technology Department of Veterans Affairs Java Programming Standards & Reference Guide, Version 3.2 REVISION HISTORY DATE VER. DESCRIPTION AUTHOR CONTRIBUTORS 10-26-15 3.2 Added Logging Sid Everhart JSC Standards , updated Vic Pezzolla checkstyle installation instructions and package name rules. 11-14-14 3.1 Added ground rules for Vic Pezzolla JSC enforcement 9-26-14 3.0 Document is continually Raymond JSC and several being edited for Steele OI&T noteworthy technical accuracy and / PD Subject Matter compliance to JSC Experts (SMEs) standards. 12-1-09 2.0 Document Updated Michael Huneycutt Sr 4-7-05 1.2 Document Updated Sachin Mai L Vo Sharma Lyn D Teague Rajesh Somannair Katherine Stark Niharika Goyal Ron Ruzbacki 3-4-05 1.0 Document Created Sachin Sharma i Java Programming Standards & Reference Guide, Version 3.2 ABSTRACT The VA Java Development Community has been establishing standards, capturing industry best practices, and applying the insight of experienced (and seasoned) VA developers to develop this “Java Programming Standards & Reference Guide”. The Java Standards Committee (JSC) team is encouraging the use of CheckStyle (in the Eclipse IDE environment) to quickly scan Java code, to locate Java programming standard errors, find inconsistencies, and generally help build program conformance. The benefits of writing quality Java code infused with consistent coding and documentation standards is critical to the efforts of the Department of Veterans Affairs (VA). This document stands for the quality, readability, consistency and maintainability of code development and it applies to all VA Java programmers (including contractors).
    [Show full text]
  • Exceptions and Libraries
    9/7/2016 Exceptions and Libraries RS 9.3, 6.4 Some slides created by Marty Stepp http://www.cs.washington.edu/143/ Edited by Sarah Heckman CSC216: Programming Concepts –Java © NC State CSC216 Faculty 1 Exceptions • exception: An object representing an error or unusual condition. – unchecked exceptions: One that does not have to be handled for the program to compile – checked exception: One that must be handled for the program to compile. • What are some unchecked and checked exceptions? • What may cause unchecked or checked exceptions? • For any checked exception, you must either: –also throw that exception yourself – catch (handle) the exception CSC216: Programming Concepts –Java © NC State CSC216 Faculty 2 1 9/7/2016 Throwing an exception public type name(params) throws type { • throws clause: Keywords on a method's header that states that the method may generate an exception. – You only need to list the checked exceptions for compilation – Good form to list all exceptions (including unchecked exceptions) –Example: public class ReadFile { public static void main(String[] args) throws FileNotFoundException { } "I hereby announce that this method might throw an exception, and the caller must accept the consequences if it happens." CSC216: Programming Concepts –Java © NC State CSC216 Faculty 3 Catching an exception try { statement(s); } catch (ExceptionType name) { code to handle the exception } – The try code executes – at least one statement should potentially cause an exception • A method call that throws an exception – If the exception
    [Show full text]
  • Perspectives on Free and Open Source Software.Pdf
    Perspectives on Free and Open Source Software Perspectives on Free and Open Source Software edited by Joseph Feller, Brian Fitzgerald, Scott A. Hissam, and Karim R. Lakhani The MIT Press Cambridge, Massachusetts London, England © 2005 Massachusetts Institute of Technology All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher. MIT Press books may be purchased at special quantity discounts for business or sales promotional use. For information, please e-mail [email protected] or write to Special Sales Department, The MIT Press, 5 Cambridge Center, Cambridge, MA 02142. This book was set in Stone sans and Stone serif by SNP Best-set Typesetter Ltd., Hong Kong. Printed and bound in the United States of America. Library of Congress Cataloging-in-Publication Data Perspectives on free and open source software / edited by Joseph Feller . [et al.]. p. cm. Includes bibliographical references and index. ISBN 0-262-06246-1 (alk. paper) 1. Shareware (Computer software) 2. Open source software. 3. Computer software—Development. I. Feller, Joseph, 1972– QA76.76.S46P47 2005 005.36—dc22 2004064954 10987654321 My love, thanks and humble apologies go to my very patient and supportive family: Carol, Caelen, Damien, and Dylan. JF Arís as Gaeilge: Buíochas mór le mo chlann, Máire, Pól agus Eimear. Is mór agam an iarracht a rinne sibh ar mo shon. BF With heartfelt warmth, I dedicate this book to my wife, Jacqueline, and my two sons, Derek and Zachery, who bring meaning to everything I do.
    [Show full text]
  • [1 ] Glassfish Server Open Source Edition
    GlassFish[1] Server Open Source Edition Installation Guide Release 5.0 September 2017 This book contains instructions for installing and uninstalling GlassFish Server Open Source Edition software. GlassFish Server Open Source Edition Installation Guide, Release 5.0 Copyright © 2010, 2017 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • Sun Glassfish Enterprise Server V3 Preludetroubleshooting Guide
    Sun GlassFish Enterprise Server v3 PreludeTroubleshooting Guide Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 820–6823–10 November 2008 Copyright 2008 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Enterprise JavaBeans, EJB, GlassFish, J2EE, J2SE, Java Naming and Directory Interface, JavaBeans, Javadoc, JDBC, JDK, JavaScript, JavaServer, JavaServer Pages, JMX, JSP,JVM, MySQL, NetBeans, OpenSolaris, SunSolve, Sun GlassFish, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
    [Show full text]
  • E-Mail: [email protected] , Phone: +61 (412) 421-925
    Joshua M. Clulow E-mail: [email protected] , Phone: +61 (412) 421-925 TECHNICAL Software Development: SKILLS • Proficient in many high-level programming languages including Javascript (node.js), C, Java, Korn Shell (ksh), awk, etc. • Web application development with particular focus on delegated administration tools • System programming with particular focus on distributed job control and au- tomation • Kernel-level development and debugging of Illumos with mdb(1) and DTrace, with recent focus on porting support for the AMD-V instruction set extensions from Linux to Illumos KVM See: https://github.com/jclulow/illumos-kvm • Kernel-level development and debugging of OpenBSD with ddb and gdb, most recently due to my final year engineering project to create a single-system image cluster of OpenBSD machines See: https://jmc.sysmgr.org/~leftwing/files/fyp.pdf System Administration: • A range of operating systems including Illumos, Solaris, BSD, Linux, Mac OS and Windows • Web servers including Apache and Sun Web Server • Web proxies including Squid and Sun Proxy Server • Java application servers including Glassfish and Tomcat • Networking concepts including DHCP, DNS, IP networks (subnetting and rout- ing) and Firewalls • Solaris-specific technologies including Zones, SMF, ZFS and DTrace • Sun Cluster for highly available and load balanced systems • F5 BIG-IP Load Balancers • Sun 7000-series Unified Storage Systems • Entry-level and mid-range Sun x86 and SPARC hardware • Discrete servers and Blade systems EMPLOYMENT UNIX System Administrator (Manager)
    [Show full text]
  • Oracle Glassfish Server Application Development Guide Release 3.1.2 E24930-01
    Oracle GlassFish Server Application Development Guide Release 3.1.2 E24930-01 February 2012 This Application Development Guide describes how to create and run Java Platform, Enterprise Edition (Java EE platform) applications that follow the open Java standards model for Java EE components and APIs in the Oracle GlassFish Server environment. Topics include developer tools, security, and debugging. This book is intended for use by software developers who create, assemble, and deploy Java EE applications using Oracle servers and software. Oracle GlassFish Server Application Development Guide, Release 3.1.2 E24930-01 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations.
    [Show full text]
  • An Unobtrusive, Scalable Approach to Large Scale Software License Analysis
    DRAT: An Unobtrusive, Scalable Approach to Large Scale Software License Analysis Chris A. Mattmann1,2, Ji-Hyun Oh1,2, Tyler Palsulich1*, Lewis John McGibbney1, Yolanda Gil2,3, Varun Ratnakar3 1Jet Propulsion Laboratory 2Computer Science Department 3USC Information Sciences Institute California Institute of Technology University of Southern California University of Southern California Pasadena, CA 91109 USA Los Angeles, CA 90089 USA Marina Del Rey, CA [email protected] {mattmann,jihyuno}@usc.edu {gil,varunr}@ isi.edu Abstract— The Apache Release Audit Tool (RAT) performs (OSI) for complying with open source software open source license auditing and checking, however definition, however, there exist slight differences among these RAT fails to successfully audit today's large code bases. Being a licenses [2]. For instance, GPL is a “copyleft” license that natural language processing (NLP) tool and a crawler, RAT only allows derivative works under the original license, marches through a code base, but uses rudimentary black lists whereas MIT license is a “permissive” license that grants the and white lists to navigate source code repositories, and often does a poor job of identifying source code versus binary files. In right to sublicense the code under any kind of license [2]. This addition RAT produces no incremental output and thus on code difference could affect architectural design of the software. bases that themselves are "Big Data", RAT could run for e.g., a Furthermore, circumstances are more complicated when month and still not provide any status report. We introduce people publish software under the multiple licenses. Distributed "RAT" or the Distributed Release Audit Tool Therefore, an automated tool for verifying software licenses in (DRAT).
    [Show full text]
  • This Hands-On Book Shows Readers Why and How Common Java Development Problems Can Be Solved by Using New Aspect-Oriented Program
    AspectJ Cookbook By Russell Miles Publisher: O'Reilly Pub Date: December 2004 ISBN: 0-596-00654-3 Pages: 354 Table of • Contents • Index • Reviews Reader This hands-on book shows readers why and how common Java • Reviews development problems can be solved by using new Aspect-oriented • Errata programming (AOP) techniques. With a wide variety of code recipes for • Academic solving day-to-day design and coding problems using AOP's unique approach, AspectJ Cookbook demonstrates that AOP is more than just a concept; it's a development process that will benefit users in an immediate and visible manner. AspectJ Cookbook By Russell Miles Publisher: O'Reilly Pub Date: December 2004 ISBN: 0-596-00654-3 Pages: 354 Table of • Contents • Index • Reviews Reader • Reviews • Errata • Academic Copyright Preface Audience About This Book Assumptions This Book Makes Conventions Used in This Book Using the Code Examples We'd Like to Hear from You Safari Enabled Acknowledgments Chapter 1. Aspect Orientation Overview Section 1.1. A Brief History of Aspect Orientation Section 1.2. AspectJ Section 1.3. A Definition of Aspect Orientation Section 1.4. Where to Go for More Information Chapter 2. Getting Started with AspectJ Introduction Recipe 2.1. Installing AspectJ Recipe 2.2. Developing a Simple Aspect Recipe 2.3. Compiling an Aspect and Multiple Java Files Recipe 2.4. Weaving Aspects into Jars Recipe 2.5. Weaving Aspects at Load Time Recipe 2.6. Generating Javadoc Documentation Recipe 2.7. Compiling an AspectJ Project Using Eclipse Recipe 2.8. Selecting the Aspects That Are Woven in a Build Within Eclipse Recipe 2.9.
    [Show full text]
  • JDK 9 Outreach JDK 9 Outreach
    JDK 9 Outreach JDK 9 Outreach JDK 9 Outreach Introduction Caveat Lector JDK 9 Features The Little Things JDK 9 Early Access Builds Look for unrecognized VM options Run jdeps on your code Update your dependencies Cross compilation for older platform versions Testing Your Code JDK 9 changes that may affect your code Added OCSP Stapling for TLS Multi-Release JAR Files Parser API for Nashorn Prepare for v53 class files Prepare JavaFX UI Controls & CSS APIs for Modularization Validate JVM Command-Line Flag Arguments XML Catalogs Platform-Specific Desktop Features Changed Arrays.asList(x).toArray() returns Object[] Create PKCS12 Keystores by Default Disable SHA-1 Certificates Enable GTK 3 on Linux Encapsulate Most Internal APIs HarfBuzz Font-Layout Engine Indify String Concatenation Make G1 the Default Garbage Collector Marlin Graphics Renderer Modular Run-Time Images New Version-String Scheme Unified GC Logging Unified JVM Logging Use CLDR Locale Data by Default UTF-8 Property Files Removed Remove apple script engine code in jdk repository Remove GC Combinations Deprecated in JDK 8 Remove HTTP Proxy implementation from RMI Remove Launch-Time JRE Version Selection Remove java-rmi.exe and java-rmi.cgi Remove the JVM TI hprof Agent Remove the jhat Tool Removed API references to java.awt.peer and java.awt.dnd.peer packages Removed Packer/Unpacker addPropertyChangeListener and removePropertyChangeListener methods Removed LogManager addPropertyChangeListener and removePropertyChangeListener methods Removed com.sun.security.auth.callback.DialogCallbackHandler
    [Show full text]
  • Open Source and Third Party Documentation
    Open Source and Third Party Documentation Verint.com Twitter.com/verint Facebook.com/verint Blog.verint.com Content Introduction.....................2 Licenses..........................3 Page 1 Open Source Attribution Certain components of this Software or software contained in this Product (collectively, "Software") may be covered by so-called "free or open source" software licenses ("Open Source Components"), which includes any software licenses approved as open source licenses by the Open Source Initiative or any similar licenses, including without limitation any license that, as a condition of distribution of the Open Source Components licensed, requires that the distributor make the Open Source Components available in source code format. A license in each Open Source Component is provided to you in accordance with the specific license terms specified in their respective license terms. EXCEPT WITH REGARD TO ANY WARRANTIES OR OTHER RIGHTS AND OBLIGATIONS EXPRESSLY PROVIDED DIRECTLY TO YOU FROM VERINT, ALL OPEN SOURCE COMPONENTS ARE PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. Any third party technology that may be appropriate or necessary for use with the Verint Product is licensed to you only for use with the Verint Product under the terms of the third party license agreement specified in the Documentation, the Software or as provided online at http://verint.com/thirdpartylicense. You may not take any action that would separate the third party technology from the Verint Product. Unless otherwise permitted under the terms of the third party license agreement, you agree to only use the third party technology in conjunction with the Verint Product.
    [Show full text]