diff --git a/3RD_PARTY_LICENSES.txt b/3RD_PARTY_LICENSES.txt index 223da27128..06bd24c816 100644 --- a/3RD_PARTY_LICENSES.txt +++ b/3RD_PARTY_LICENSES.txt @@ -5,7 +5,7 @@ Copyright 2021 Phase: RELEASED Distribution: OPENSOURCE -Components: +Components: ANTLR 2.7.7 : ANTLR Software Rights Notice ASM 5.0.4 : BSD 3-clause "New" or "Revised" License @@ -109,8 +109,6 @@ S3Mock - Testsupport - JUnit4 2.1.16 : Apache License 2.0 SLF4J API Module 1.7.30 : MIT License SnakeYAML 1.27 : Apache License 2.0 Spring Aspects 5.3.1 : Apache License 2.0 -Spring Batch 4.3.0 : Apache License 2.0 -Spring Batch Infrastructure 4.3.0 : Apache License 2.0 Spring Boot v2.4.0 : Apache License 2.0 Spring Boot Actuator AutoConfigure 2.4.0 : Apache License 2.0 Spring Boot Json Starter 2.4.0 : Apache License 2.0 @@ -192,7 +190,7 @@ thymeleaf-extras-java8time 3.0.4.RELEASE : Apache License 2.0 thymeleaf-spring5 3.0.11.RELEASE : Apache License 2.0 unbescape 1.1.6.RELEASE : Apache License 2.0 -Licenses: +Licenses: ANTLR Software Rights Notice (ANTLR 2.7.7) @@ -293,7 +291,7 @@ Illinois, Urbana-Champaign. --- Apache License 2.0 -(ASM based accessors helper used by json-smart 1.2, AWS Event Stream 1.0.1, AWS Java SDK :: AWS Core 2.7.19, AWS Java SDK :: Annotations 2.7.19, AWS Java SDK :: Auth 2.7.19, AWS Java SDK :: Core :: Protocols :: AWS Query Protocol 2.7.19, AWS Java SDK :: Core :: Protocols :: AWS Xml Protocol 2.7.19, AWS Java SDK :: Core :: Protocols :: Protocol Core 2.7.19, AWS Java SDK :: HTTP Client Interface 2.7.19, AWS Java SDK :: HTTP Clients :: Apache 2.7.19, AWS Java SDK :: HTTP Clients :: Netty Non-Blocking I/O 2.7.19, AWS Java SDK :: HTTP Clients :: URL Connection 2.7.19, AWS Java SDK :: Profiles 2.7.19, AWS Java SDK :: Regions 2.7.19, AWS Java SDK :: SDK Core 2.7.19, AWS Java SDK :: Services :: Amazon S3 2.7.19, AWS Java SDK :: Utilities 2.7.19, AWS Java SDK for AWS KMS 1.11.666, AWS Java SDK for Amazon S3 1.11.666, AWS SDK for Java - Core 1.11.666, Apache Commons BeanUtils 1.9.2, Apache Commons CLI 1.4, Apache Commons Codec 1.11, Apache Commons Codec 1.15, Apache Commons Collections 3.2.2, Apache Commons Lang 3.11, Apache Commons Lang 3.12.0, Apache Commons Logging 1.2, Apache Commons Validator 1.6, Apache HttpClient 4.5.10, Apache HttpClient 4.5.13, Apache HttpComponents Core 4.4.12, Apache HttpComponents Core 4.4.13, Apache HttpComponents Core 4.4.9, Apache Log4j to SLF4J Adapter 2.13.3, Apache Tomcat Embed 9.0.39, AssertJ fluent assertions 3.18.1, Bean Validation API 2.0.2, Byte Buddy byte-buddy-1.10.15, Byte Buddy byte-buddy-1.10.18, Commons IO 2.6, Hibernate Validator 6.1.6.Final, HikariCP HikariCP-3.4.5, JBoss Logging 3 3.4.1.Final, JMES Path Query library 1.11.666, JSON library from Android SDK 0.0.20131108.vaadin1, JSONassert 1.5.0, Jackson-Datatype-JSR310 2.11.3, Jackson-dataformat-CBOR 2.11.3, Jackson-datatype-jdk8 2.10.3, Jackson-datatype-jdk8 2.11.3, Jackson-module-parameter-names 2.11.3, Java Annotation Indexer 2.1.3.Final, Javassist 3.24.0-GA, Jetbrains annotations 13.0, Jettison - Json Stax implementation 1.2, Jetty :: Servlet Handling 9.4.34.v20201102, Jetty :: Utility Servlets and Filters 9.4.34.v20201102, Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server jetty-9.4.34.v20201102, Joda Time 2.8.1, Kotlin Stdlib 1.4.10, Log4J API 2.13.3, Netty Project netty-4.1.54.Final, Netty Reactive Streams HTTP support 2.0.0, Netty Reactive Streams Implementation 2.0.0, Netty/Transport/Native/Unix/Common 4.1.54.Final, Prometheus Java Simpleclient 0.5.0, Prometheus Java Simpleclient Common 0.5.0, S3 Mock 2.1.16, S3Mock - Testsupport - Common 2.1.16, S3Mock - Testsupport - JUnit4 2.1.16, SnakeYAML 1.27, Spring Aspects 5.3.1, Spring Batch 4.3.0, Spring Batch Infrastructure 4.3.0, Spring Boot v2.4.0, Spring Boot Actuator AutoConfigure 2.4.0, Spring Boot Json Starter 2.4.0, Spring Boot Mail Starter 2.4.0, Spring Boot Test 2.4.0, Spring Boot Test Auto-Configure 2.4.0, Spring Boot Validation Starter 2.4.0, Spring Commons Logging Bridge 5.3.1, Spring Data Commons 2.4.1, Spring Data JPA 2.4.1, Spring Framework v5.3.1, Spring REST Docs Core 2.0.5.RELEASE, Spring REST Docs MockMvc 2.0.5.RELEASE, Spring Security 5.4.1, Spring TestContext Framework 5.3.1, Spring Transaction 5.3.1, Thymeleaf thymeleaf-3.0.11.RELEASE, WireMock 2.27.2, Woodstox 6.2.1, attoparser 2.0.5.RELEASE, byte-buddy-agent 1.10.15, byte-buddy-agent 1.10.18, flyway-core 6.0.8, gradle-plugins 5.6.1, jackson-annotations 2.10.3, jackson-annotations jackson-annotations-2.11.3, jackson-core 2.10.1, jackson-core 2.10.3, jackson-core 2.11.3, jackson-databind 2.10.1, jackson-databind 2.10.3, jackson-databind 2.11.3, jackson-dataformat-xml 2.11.3, jackson-jr-all 2.11.0, jackson-module-jaxb-annotations 2.11.3, jackson-module-kotlin 2.11.3, java-classmate classmate-1.5.1, javax.batch-api 1.0, json-path 2.4.0, json-smart 2.3, kotlin-reflect 1.4.10, kotlin-stdlib-common 1.4.10, logstash-logback-encoder logstash-logback-encoder-6.2, micrometer-core 1.6.1, micrometer-registry-prometheus 1.1.0, objenesis 3.1, org.apiguardian:apiguardian-api 1.1.0, org.jetbrains.kotlin:kotlin-stdlib-jdk7 1.4.10, org.jetbrains.kotlin:kotlin-stdlib-jdk8 1.4.10, org.opentest4j:opentest4j 1.2.0, software.amazon.ion:ion-java 1.0.2, spring-boot-actuator 2.4.0, spring-retry 1.3.0, thymeleaf-extras-java8time 3.0.4.RELEASE, thymeleaf-spring5 3.0.11.RELEASE, unbescape 1.1.6.RELEASE) +(ASM based accessors helper used by json-smart 1.2, AWS Event Stream 1.0.1, AWS Java SDK :: AWS Core 2.7.19, AWS Java SDK :: Annotations 2.7.19, AWS Java SDK :: Auth 2.7.19, AWS Java SDK :: Core :: Protocols :: AWS Query Protocol 2.7.19, AWS Java SDK :: Core :: Protocols :: AWS Xml Protocol 2.7.19, AWS Java SDK :: Core :: Protocols :: Protocol Core 2.7.19, AWS Java SDK :: HTTP Client Interface 2.7.19, AWS Java SDK :: HTTP Clients :: Apache 2.7.19, AWS Java SDK :: HTTP Clients :: Netty Non-Blocking I/O 2.7.19, AWS Java SDK :: HTTP Clients :: URL Connection 2.7.19, AWS Java SDK :: Profiles 2.7.19, AWS Java SDK :: Regions 2.7.19, AWS Java SDK :: SDK Core 2.7.19, AWS Java SDK :: Services :: Amazon S3 2.7.19, AWS Java SDK :: Utilities 2.7.19, AWS Java SDK for AWS KMS 1.11.666, AWS Java SDK for Amazon S3 1.11.666, AWS SDK for Java - Core 1.11.666, Apache Commons BeanUtils 1.9.2, Apache Commons CLI 1.4, Apache Commons Codec 1.11, Apache Commons Codec 1.15, Apache Commons Collections 3.2.2, Apache Commons Lang 3.11, Apache Commons Lang 3.12.0, Apache Commons Logging 1.2, Apache Commons Validator 1.6, Apache HttpClient 4.5.10, Apache HttpClient 4.5.13, Apache HttpComponents Core 4.4.12, Apache HttpComponents Core 4.4.13, Apache HttpComponents Core 4.4.9, Apache Log4j to SLF4J Adapter 2.13.3, Apache Tomcat Embed 9.0.39, AssertJ fluent assertions 3.18.1, Bean Validation API 2.0.2, Byte Buddy byte-buddy-1.10.15, Byte Buddy byte-buddy-1.10.18, Commons IO 2.6, Hibernate Validator 6.1.6.Final, HikariCP HikariCP-3.4.5, JBoss Logging 3 3.4.1.Final, JMES Path Query library 1.11.666, JSON library from Android SDK 0.0.20131108.vaadin1, JSONassert 1.5.0, Jackson-Datatype-JSR310 2.11.3, Jackson-dataformat-CBOR 2.11.3, Jackson-datatype-jdk8 2.10.3, Jackson-datatype-jdk8 2.11.3, Jackson-module-parameter-names 2.11.3, Java Annotation Indexer 2.1.3.Final, Javassist 3.24.0-GA, Jetbrains annotations 13.0, Jettison - Json Stax implementation 1.2, Jetty :: Servlet Handling 9.4.34.v20201102, Jetty :: Utility Servlets and Filters 9.4.34.v20201102, Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server jetty-9.4.34.v20201102, Joda Time 2.8.1, Kotlin Stdlib 1.4.10, Log4J API 2.13.3, Netty Project netty-4.1.54.Final, Netty Reactive Streams HTTP support 2.0.0, Netty Reactive Streams Implementation 2.0.0, Netty/Transport/Native/Unix/Common 4.1.54.Final, Prometheus Java Simpleclient 0.5.0, Prometheus Java Simpleclient Common 0.5.0, S3 Mock 2.1.16, S3Mock - Testsupport - Common 2.1.16, S3Mock - Testsupport - JUnit4 2.1.16, SnakeYAML 1.27, Spring Aspects 5.3.1, Spring Boot v2.4.0, Spring Boot Actuator AutoConfigure 2.4.0, Spring Boot Json Starter 2.4.0, Spring Boot Mail Starter 2.4.0, Spring Boot Test 2.4.0, Spring Boot Test Auto-Configure 2.4.0, Spring Boot Validation Starter 2.4.0, Spring Commons Logging Bridge 5.3.1, Spring Data Commons 2.4.1, Spring Data JPA 2.4.1, Spring Framework v5.3.1, Spring REST Docs Core 2.0.5.RELEASE, Spring REST Docs MockMvc 2.0.5.RELEASE, Spring Security 5.4.1, Spring TestContext Framework 5.3.1, Spring Transaction 5.3.1, Thymeleaf thymeleaf-3.0.11.RELEASE, WireMock 2.27.2, Woodstox 6.2.1, attoparser 2.0.5.RELEASE, byte-buddy-agent 1.10.15, byte-buddy-agent 1.10.18, flyway-core 6.0.8, gradle-plugins 5.6.1, jackson-annotations 2.10.3, jackson-annotations jackson-annotations-2.11.3, jackson-core 2.10.1, jackson-core 2.10.3, jackson-core 2.11.3, jackson-databind 2.10.1, jackson-databind 2.10.3, jackson-databind 2.11.3, jackson-dataformat-xml 2.11.3, jackson-jr-all 2.11.0, jackson-module-jaxb-annotations 2.11.3, jackson-module-kotlin 2.11.3, java-classmate classmate-1.5.1, javax.batch-api 1.0, json-path 2.4.0, json-smart 2.3, kotlin-reflect 1.4.10, kotlin-stdlib-common 1.4.10, logstash-logback-encoder logstash-logback-encoder-6.2, micrometer-core 1.6.1, micrometer-registry-prometheus 1.1.0, objenesis 3.1, org.apiguardian:apiguardian-api 1.1.0, org.jetbrains.kotlin:kotlin-stdlib-jdk7 1.4.10, org.jetbrains.kotlin:kotlin-stdlib-jdk8 1.4.10, org.opentest4j:opentest4j 1.2.0, software.amazon.ion:ion-java 1.0.2, spring-boot-actuator 2.4.0, spring-retry 1.3.0, thymeleaf-extras-java8time 3.0.4.RELEASE, thymeleaf-spring5 3.0.11.RELEASE, unbescape 1.1.6.RELEASE) Apache License Version 2.0, January 2004 @@ -1725,7 +1723,7 @@ GNU General Public License v2.0 w/Classpath exception GNU Classpath License ===================== - + The GNU General Public License (GPL) @@ -2737,7 +2735,7 @@ Version 1.1 Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous - Modifications. + Modifications. 1.10. ''Original Code'' means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and @@ -2781,7 +2779,7 @@ Version 1.1 Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). - + (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of @@ -2791,7 +2789,7 @@ Version 1.1 for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software - or devices. + or devices. 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive @@ -2803,7 +2801,7 @@ Version 1.1 portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and - (b) under Patent Claims infringed by the making, using, or selling of + (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) @@ -2815,7 +2813,7 @@ Version 1.1 date Contributor first makes Commercial Use of the Covered Code. (d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) - for any code that Contributor has deleted from the Contributor Version; 2) + for any code that Contributor has deleted from the Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part @@ -2875,7 +2873,7 @@ Version 1.1 (b) Contributor APIs. If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include - this information in the LEGAL file. + this information in the LEGAL file. (c) Representations. @@ -3144,12 +3142,12 @@ Version 2.0 means - a. + a. that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or - b. + b. that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary @@ -3178,12 +3176,12 @@ Version 2.0 means any of the following: - a. + a. any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or - b. + b. any new file in Source Code Form that contains any Covered Software. @@ -3225,7 +3223,7 @@ Version 2.0 Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: - a. + a. under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, @@ -3233,7 +3231,7 @@ Version 2.0 either on an unmodified basis, with Modifications, or as part of a Larger Work; and - b. + b. under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its @@ -3254,18 +3252,18 @@ Version 2.0 or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: - a. + a. for any code that a Contributor has removed from Covered Software; or - b. + b. for infringements caused by: (i) Your and any other third party's modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or - c. + c. under Patent Claims infringed by Covered Software in the absence of its Contributions. @@ -3320,7 +3318,7 @@ Version 2.0 If You distribute Covered Software in Executable Form then: - a. + a. such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable @@ -3328,7 +3326,7 @@ Version 2.0 means in a timely manner, at a charge no more than the cost of distribution to the recipient; and - b. + b. You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the diff --git a/sechub-doc/src/docs/asciidoc/documents/operations/01_sechub_server.adoc b/sechub-doc/src/docs/asciidoc/documents/operations/01_sechub_server.adoc index 7c4662404c..9c2076d409 100644 --- a/sechub-doc/src/docs/asciidoc/documents/operations/01_sechub_server.adoc +++ b/sechub-doc/src/docs/asciidoc/documents/operations/01_sechub_server.adoc @@ -8,8 +8,6 @@ include::../shared/sechub_options.adoc[] include::server/server_deployment.adoc[] -include::04_migration_steps.adoc[] - include::../shared/configuration/mapping.adoc[] include::../shared/configuration/execution_profiles.adoc[] diff --git a/sechub-doc/src/docs/asciidoc/documents/operations/04_migration_steps.adoc b/sechub-doc/src/docs/asciidoc/documents/operations/04_migration_steps.adoc deleted file mode 100644 index 232374be0d..0000000000 --- a/sechub-doc/src/docs/asciidoc/documents/operations/04_migration_steps.adoc +++ /dev/null @@ -1,81 +0,0 @@ -// SPDX-License-Identifier: MIT -=== Migration steps - -==== Database -[WARNING] -==== -Normally all updates in database are done by our flyway script automatically! - -It is very uncommon to do something manually here. Every manual changes will be described why no -automation was possible! -==== - -[options="header",cols="1,3,4,4"] -|=== -| Nr. | What | Why manual? | Apply to version -//------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -| {counter:migrationNr} | <> | Table to update does not exist on new started servers | Initial run < v0.19.0-server - -|=== - - -[[section-migration-spring-batch-477]] -===== Post handle CVE-2020-5411 - -====== Update job execution context to new format - -Script to prepare old jobs for Spring batch CVE-2020-5411 changes - -With Server v0.19.0 we upgraded our Spring Boot dependencies footnote:update_0_19_0[https://github.com/mercedes-benz/sechub/issues/472] but this led to cancellation problems on older jobs - -this led to problems when deleting older jobs still running.footnote:problem_499[https://github.com/mercedes-benz/sechub/issues/499] - -The solution is to execute following `SQL` script on all environments: -[source,sql] ----- -UPDATE batch_job_execution_context SET short_context='{"@class":"java.util.HashMap"}' WHERE short_context ='{}' <1> ----- -<1> Migrate old execution context JSON to correct format: an empty `HashMap` - - - -Unfortunately it is not possible to automatically migrate the data by `flyway` script, because this would fail any new started server, because -a flyway update script would lead to: - -``` java -Caused by: org.h2.jdbc.JdbcSQLSyntaxErrorException: Table "BATCH_JOB_EXECUTION_CONTEXT" not found; SQL statement: -``` - -====== Update step execution context to new format -Additionally we need to update the step context data as well - -[source,sql] ----- --- check for entries with old format -select sc.short_context, count(*) from batch_job_execution_params p -inner join batch_job_execution e on e.job_execution_id=p.job_execution_id -inner join batch_job_execution_context c on c.job_execution_id= e.job_execution_id -inner join batch_step_execution se on se.job_execution_id = e.job_execution_id -inner join batch_step_execution_context sc on sc.step_execution_id = se.step_execution_id -group by sc.short_context - ---- execute update when former query has old entries... -update batch_step_execution_context sc set short_context='{"@class":"java.util.HashMap","batch.taskletType":"com.mercedesbenz.sechub.domain.schedule.batch.ScanExecutionTasklet","batch.stepType":"org.springframework.batch.core.step.tasklet.TaskletStep"}' -where sc.short_context = '{"batch.taskletType":"com.mercedesbenz.sechub.domain.schedule.batch.ScanExecutionTasklet","batch.stepType":"org.springframework.batch.core.step.tasklet.TaskletStep"}' <1> - --- check again for entries in old format -select sc.short_context, count(*) from batch_job_execution_params p -inner join batch_job_execution e on e.job_execution_id=p.job_execution_id -inner join batch_job_execution_context c on c.job_execution_id= e.job_execution_id -inner join batch_step_execution se on se.job_execution_id = e.job_execution_id -inner join batch_step_execution_context sc on sc.step_execution_id = se.step_execution_id -group by sc.short_context - - ----- -<1> Migrate old execution context JSON to correct format: with `HashMap` as class - -====== Cancel your old running jobs - -When you have some still running jobs - for example because of a former database connection pool problem - -you can now cancel the old jobs without any problems. - diff --git a/sechub-server/src/main/resources/db/migration/V23__drop_spring_batch_tables.sql b/sechub-server/src/main/resources/db/migration/V23__drop_spring_batch_tables.sql index 7984471397..94b14f3e41 100644 --- a/sechub-server/src/main/resources/db/migration/V23__drop_spring_batch_tables.sql +++ b/sechub-server/src/main/resources/db/migration/V23__drop_spring_batch_tables.sql @@ -6,3 +6,7 @@ DROP TABLE IF EXISTS batch_job_execution_params; DROP TABLE IF EXISTS batch_job_execution_context; DROP TABLE IF EXISTS batch_job_execution; DROP TABLE IF EXISTS batch_job_instance; + +DROP SEQUENCE IF EXISTS batch_job_execution_seq; +DROP SEQUENCE IF EXISTS batch_job_seq; +DROP SEQUENCE IF EXISTS batch_step_execution_seq;