Merge branch 'TINKERPOP-2919' into 3.5-dev
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index ae52ccd..27d861f 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -34,6 +34,8 @@
* Bumped to Groovy 2.5.21.
* Refactored `FilterRankingStrategy` to improve performance for deeply nested traversals.
* Added `AuthInfoProvider` interface and `NewDynamicAuth()` to gremlin-go for dynamic authentication support.
+* Bumped to `snakeyaml` 2.0 to fix security vulnerability.
+* Bumped to Apache `commons-configuration` 2.9.0 to fix security vulnerability.
[[release-3-5-5]]
=== TinkerPop 3.5.5 (Release Date: January 16, 2023)
diff --git a/docs/src/reference/the-traversal.asciidoc b/docs/src/reference/the-traversal.asciidoc
index 4d4f240..fcb8805 100644
--- a/docs/src/reference/the-traversal.asciidoc
+++ b/docs/src/reference/the-traversal.asciidoc
@@ -357,7 +357,7 @@
=== WithStrategies Configuration
The `withStrategies()` configuration allows inclusion of additional `TraversalStrategy` instances to be applied to
-any traversals spawned from the configured source. Please see the <<traversal-strategy,Traversal Strategy Section>>
+any traversals spawned from the configured source. Please see the <<traversalstrategy,Traversal Strategy Section>>
for more details on how this configuration works.
[[configuration-steps-withoutstrategies]]
diff --git a/gremlin-dotnet/src/Gremlin.Net/Process/Utils.cs b/gremlin-dotnet/src/Gremlin.Net/Process/Utils.cs
index ed96830..81aa3e0 100644
--- a/gremlin-dotnet/src/Gremlin.Net/Process/Utils.cs
+++ b/gremlin-dotnet/src/Gremlin.Net/Process/Utils.cs
@@ -77,9 +77,9 @@
/// </summary>
private static string GenerateUserAgent()
{
- var applicationName = Assembly.GetExecutingAssembly().GetName().Name?
+ var applicationName = Assembly.GetEntryAssembly()?.GetName().Name?
.Replace(' ', '_') ?? "NotAvailable";
- var driverVersion = AssemblyName.GetAssemblyName("Gremlin.Net.dll").Version?.ToString()
+ var driverVersion = Assembly.GetExecutingAssembly().GetName().Version?.ToString()
.Replace(' ', '_') ?? "NotAvailable";
var languageVersion = Environment.Version.ToString().Replace(' ', '_');
var osName = Environment.OSVersion.Platform.ToString().Replace(' ', '_');
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
index bf70da7..130c878 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
@@ -21,6 +21,7 @@
import org.apache.commons.configuration2.Configuration;
import org.apache.tinkerpop.gremlin.driver.ser.GraphBinaryMessageSerializerV1;
import org.apache.tinkerpop.gremlin.util.iterator.IteratorUtils;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.TypeDescription;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
@@ -111,10 +112,11 @@
public static Settings read(final InputStream stream) {
Objects.requireNonNull(stream);
- final Constructor constructor = new Constructor(Settings.class);
+ final LoaderOptions options = new LoaderOptions();
+ final Constructor constructor = new Constructor(Settings.class, options);
final TypeDescription settingsDescription = new TypeDescription(Settings.class);
- settingsDescription.putListPropertyType("hosts", String.class);
- settingsDescription.putListPropertyType("serializers", SerializerSettings.class);
+ settingsDescription.addPropertyParameters("hosts", String.class);
+ settingsDescription.addPropertyParameters("serializers", SerializerSettings.class);
constructor.addTypeDescription(settingsDescription);
final Yaml yaml = new Yaml(constructor);
diff --git a/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/FileSandboxExtension.groovy b/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/FileSandboxExtension.groovy
index 1dea3a1..c504345 100644
--- a/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/FileSandboxExtension.groovy
+++ b/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/FileSandboxExtension.groovy
@@ -20,6 +20,7 @@
import org.slf4j.Logger
import org.slf4j.LoggerFactory
+import org.yaml.snakeyaml.LoaderOptions
import org.yaml.snakeyaml.TypeDescription
import org.yaml.snakeyaml.Yaml
import org.yaml.snakeyaml.constructor.Constructor
@@ -101,7 +102,8 @@
public Map<String,String> staticVariableTypes
public static Settings read(final File file) throws Exception {
- final Constructor constructor = new Constructor(Settings.class)
+ final LoaderOptions options = new LoaderOptions()
+ final Constructor constructor = new Constructor(Settings.class, options)
final TypeDescription settingsDescription = new TypeDescription(Settings.class)
settingsDescription.putListPropertyType("methodWhiteList", String.class)
settingsDescription.putMapPropertyType("staticVariableTypes", String.class, String.class)
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index 149372f..3ec50a5 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@ -37,6 +37,7 @@
import org.apache.tinkerpop.gremlin.structure.Graph;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.TypeDescription;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
@@ -336,7 +337,8 @@
* @return a {@link Constructor} to parse a Gremlin Server YAML
*/
protected static Constructor createDefaultYamlConstructor() {
- final Constructor constructor = new Constructor(Settings.class);
+ final LoaderOptions options = new LoaderOptions();
+ final Constructor constructor = new Constructor(Settings.class, options);
final TypeDescription settingsDescription = new TypeDescription(Settings.class);
settingsDescription.addPropertyParameters("graphs", String.class, String.class);
settingsDescription.addPropertyParameters("scriptEngines", String.class, ScriptEngineSettings.class);
@@ -346,7 +348,7 @@
constructor.addTypeDescription(settingsDescription);
final TypeDescription serializerSettingsDescription = new TypeDescription(SerializerSettings.class);
- serializerSettingsDescription.putMapPropertyType("config", String.class, Object.class);
+ serializerSettingsDescription.addPropertyParameters("config", String.class, Object.class);
constructor.addTypeDescription(serializerSettingsDescription);
final TypeDescription scriptEngineSettingsDescription = new TypeDescription(ScriptEngineSettings.class);
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/authz/AllowList.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/authz/AllowList.java
index 2d9d509..cb295f8 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/authz/AllowList.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/authz/AllowList.java
@@ -18,6 +18,7 @@
*/
package org.apache.tinkerpop.gremlin.server.authz;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.TypeDescription;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
@@ -58,10 +59,11 @@
public static AllowList read(final String file) throws Exception {
final InputStream stream = new FileInputStream(new File(file));
- final Constructor constructor = new Constructor(AllowList.class);
+ final LoaderOptions options = new LoaderOptions();
+ final Constructor constructor = new Constructor(AllowList.class, options);
final TypeDescription allowListDescription = new TypeDescription(AllowList.class);
- allowListDescription.putMapPropertyType("grants", String.class, Object.class);
- allowListDescription.putMapPropertyType("groups", String.class, Object.class);
+ allowListDescription.addPropertyParameters("grants", String.class, Object.class);
+ allowListDescription.addPropertyParameters("groups", String.class, Object.class);
constructor.addTypeDescription(allowListDescription);
final Yaml yaml = new Yaml(constructor);
diff --git a/pom.xml b/pom.xml
index e5edddb..89bb849 100644
--- a/pom.xml
+++ b/pom.xml
@@ -152,7 +152,7 @@
<antlr4.version>4.9.1</antlr4.version>
<caffeine.version>2.3.1</caffeine.version>
<commons.collections.version>3.2.2</commons.collections.version>
- <commons.configuration.version>2.8.0</commons.configuration.version>
+ <commons.configuration.version>2.9.0</commons.configuration.version>
<commons.lang.version>2.6</commons.lang.version>
<commons.io.version>2.8.0</commons.io.version>
<commons.lang3.version>3.11</commons.lang3.version>
@@ -173,7 +173,7 @@
<mockito.version>3.3.3</mockito.version>
<netty.version>4.1.86.Final</netty.version>
<slf4j.version>1.7.25</slf4j.version>
- <snakeyaml.version>1.32</snakeyaml.version>
+ <snakeyaml.version>2.0</snakeyaml.version>
<spark.version>3.0.0</spark.version>
<powermock.version>2.0.9</powermock.version>
