Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32144

Upgrade or remove htmlunit from nuxeo-runtime-test to avoid vulnerability

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2021, 2023.x
    • Fix Version/s: 2021.47, 2023.5
    • Component/s: Tests
    • Tags:
    • Backlog priority:
      600
    • Upgrade notes:
      Hide

      Removed the following Maven dependencies from nuxeo-runtime-test:

      <dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-api</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-support</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-firefox-driver</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-ie-driver</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-chrome-driver</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>htmlunit-driver</artifactId>
</dependency>

      Added the following Maven dependencies to nuxeo-features-test:

      <dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-firefox-driver</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-ie-driver</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>selenium-chrome-driver</artifactId>
</dependency>
<dependency>
  <groupId>org.seleniumhq.selenium</groupId>
  <artifactId>htmlunit-driver</artifactId>
</dependency>
<dependency>
  <groupId>org.assertj</groupId>
  <artifactId>assertj-core</artifactId>
  <scope>compile</scope>
</dependency>

      Moved the following classes from nuxeo-runtime-test to nuxeo-features-test:

      Attachment.java
Browser.java
BrowserFamily.java
ConcordionFixture.java
Configuration.java
DriverFactory.java
HomePage.java
SkipBrowser.java
TakesAttachment.java
WebDriverFeature.java
WebPage.java
ExpectedCondition.java
TimeoutException.java
Wait.java
WebDriverWait.java
MyHomePage.java
SearchResultPage.java
WebTest.java

      The related package names haven't changed:

      org.nuxeo.runtime.test.runner.web
org.openqa.selenium.support.ui

      If you are explicitly depending on one of these classes, you need to replace the Maven dependency:

      <dependency>
  <groupId>org.nuxeo.runtime</groupId>
  <artifactId>nuxeo-runtime-test</artifactId>
  <scope>test</scope>
</dependency>

      by:

      <dependency>
  <groupId>org.nuxeo.ecm.platform</groupId>
  <artifactId>nuxeo-features-test</artifactId>
  <scope>test</scope>
</dependency>
      Show
      Removed the following Maven dependencies from nuxeo-runtime-test : <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-api</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-support</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-firefox-driver</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-ie-driver</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-chrome-driver</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>htmlunit-driver</artifactId> </dependency> Added the following Maven dependencies to nuxeo-features-test : <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-firefox-driver</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-ie-driver</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>selenium-chrome-driver</artifactId> </dependency> <dependency> <groupId>org.seleniumhq.selenium</groupId> <artifactId>htmlunit-driver</artifactId> </dependency> <dependency> <groupId>org.assertj</groupId> <artifactId>assertj-core</artifactId> <scope>compile</scope> </dependency> Moved the following classes from nuxeo-runtime-test to nuxeo-features-test : Attachment.java Browser.java BrowserFamily.java ConcordionFixture.java Configuration.java DriverFactory.java HomePage.java SkipBrowser.java TakesAttachment.java WebDriverFeature.java WebPage.java ExpectedCondition.java TimeoutException.java Wait.java WebDriverWait.java MyHomePage.java SearchResultPage.java WebTest.java The related package names haven't changed: org.nuxeo.runtime.test.runner.web org.openqa.selenium.support.ui If you are explicitly depending on one of these classes, you need to replace the Maven dependency: <dependency> <groupId>org.nuxeo.runtime</groupId> <artifactId>nuxeo-runtime-test</artifactId> <scope>test</scope> </dependency> by: <dependency> <groupId>org.nuxeo.ecm.platform</groupId> <artifactId>nuxeo-features-test</artifactId> <scope>test</scope> </dependency>
    • Sprint:
      nxplatform #102
    • Story Points:
      3

      Description

      See https://nvd.nist.gov/vuln/detail/CVE-2023-26119 and related client ticket

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-32447 Upgrade or remove htmlunit from nuxeo-features-test to avoid vulnerability

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: