[Bug 62692] New: after update Apache POI 4.0 - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 62692] New: after update Apache POI 4.0 - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

            Bug ID: 62692
           Summary: after update Apache POI 4.0 - Property
                    'http://www.oracle.com/xml/jaxp/properties/entityExpan
                    sionLimit' is not recognized
           Product: POI
           Version: 4.0.0-FINAL
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: SS Common
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

After updating Apache POI from 3.17 to 4.0.0 i'm getting on line:

`OPCPackage pck = OPCPackage.open(this.getTemplate());`

an exception:

    java.lang.IllegalArgumentException: Property
'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not
recognized.
         at
org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(DocumentBuilderFactoryImpl.java:144)
         at
__redirected.__DocumentBuilderFactory.setAttribute(__DocumentBuilderFactory.java:125)
         at
org.apache.poi.ooxml.util.DocumentHelper.trySetXercesSecurityManager(DocumentHelper.java:143)
         at
org.apache.poi.ooxml.util.DocumentHelper.<clinit>(DocumentHelper.java:108)
         at
org.apache.poi.openxml4j.opc.internal.ContentTypeManager.parseContentTypesFile(ContentTypeManager.java:392)
         at
org.apache.poi.openxml4j.opc.internal.ContentTypeManager.<init>(ContentTypeManager.java:104)
         at
org.apache.poi.openxml4j.opc.internal.ZipContentTypeManager.<init>(ZipContentTypeManager.java:54)
         at
org.apache.poi.openxml4j.opc.ZipPackage.getPartsImpl(ZipPackage.java:258)
         at
org.apache.poi.openxml4j.opc.OPCPackage.getParts(OPCPackage.java:725)
         at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:275)
         at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:181)

They say in
https://stackoverflow.com/questions/25453042/how-to-disable-accessexternaldtd-and-entityexpansionlimit-warnings-with-logback
that i should exclude xerces, but i had this already:

      <dependency>
         <groupId>org.apache.poi</groupId>
         <artifactId>poi</artifactId>
         <version>4.0.0</version>
      </dependency>
      <dependency>
         <groupId>org.apache.poi</groupId>
         <artifactId>poi-ooxml</artifactId>
         <version>4.0.0</version>
         <exclusions>
            <exclusion>
               <groupId>xml-apis</groupId>
               <artifactId>xml-apis</artifactId>
            </exclusion>
            <exclusion>
               <groupId>xerces</groupId>
               <artifactId>xercesImpl</artifactId>
            </exclusion>
         </exclusions>
      </dependency>

My setup:

 - JDK 8
 - WildFly 14

Going back to 3.17 fixes the issue.

Posted also on
https://stackoverflow.com/questions/52218278/after-update-apache-poi-4-0-property-http-www-oracle-com-xml-jaxp-propertie

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

PJ Fanning <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|after update Apache POI 4.0 |WildFly XML parser not
                   |- Property                  |properly supported -
                   |'http://www.oracle.com/xml/ |Property
                   |jaxp/properties/entityExpan |'http://www.oracle.com/xml/
                   |sionLimit' is not           |jaxp/properties/entityExpan
                   |recognized                  |sionLimit' is not
                   |                            |recognized
                 OS|                            |All

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

PJ Fanning <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from PJ Fanning <[hidden email]> ---
fix added using https://svn.apache.org/viewvc?view=revision&revision=1840304

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

Dominik Stadler <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |regression

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

Dominik Stadler <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #2 from Dominik Stadler <[hidden email]> ---

There are a few more isses, I just adjusted the CI build at
https://builds.apache.org/view/P/view/POI/job/POI-DSL-old-Xerces/96/console to
really run with Xerces and now a few more unit tests fail:

1) testXMLReader(org.apache.poi.ooxml.util.TestSAXHelper)
     [java] org.xml.sax.SAXNotRecognizedException:
http://javax.xml.XMLConstants/feature/secure-processing
     [java]     at
org.apache.xerces.parsers.AbstractSAXParser.getFeature(Unknown Source)
     [java]     at
org.apache.poi.ooxml.util.TestSAXHelper.testXMLReader(TestSAXHelper.java:34)

 [java] 2)
testDocumentBuilderFactory(org.apache.poi.ooxml.util.TestDocumentHelper)
     [java] java.lang.AbstractMethodError:
javax.xml.parsers.DocumentBuilderFactory.getFeature(Ljava/lang/String;)Z
     [java]     at
org.apache.poi.ooxml.util.TestDocumentHelper.testDocumentBuilderFactory(TestDocumentHelper.java:40)

[java] 3) testBuiltinStyleInit(org.apache.poi.xssf.usermodel.TestTableStyles)
     [java] java.lang.AbstractMethodError:
org.apache.xml.serialize.DOMSerializerImpl.getDomConfig()Lorg/w3c/dom/DOMConfiguration;
     [java]     at
org.apache.poi.xssf.usermodel.XSSFBuiltinTableStyle.styleXML(XSSFBuiltinTableStyle.java:424)
     [java]     at
org.apache.poi.xssf.usermodel.XSSFBuiltinTableStyle.init(XSSFBuiltinTableStyle.java:406)
     [java]     at
org.apache.poi.xssf.usermodel.XSSFBuiltinTableStyle.getStyle(XSSFBuiltinTableStyle.java:346)
     [java]     at
org.apache.poi.xssf.usermodel.TestTableStyles.testBuiltinStyleInit(TestTableStyles.java:45)


[java] 4)
zipBombCheckSizesWithinLimits(org.apache.poi.openxml4j.opc.TestPackage)
     [java] org.apache.poi.ooxml.POIXMLException: Zip bomb detected! The file
would exceed the max size of the expanded data in the zip-file.
     [java] This may indicates that the file is used to inflate memory usage
and thus could pose a security risk.
     [java] You can adjust this limit via ZipSecureFile.setMaxEntrySize() if
you need to work with files which are very large.
     [java] Uncompressed size: 1048807, Raw/compressed size: 57587
     [java] Limits: MAX_ENTRY_SIZE: 1048783, Entry: xl/sharedStrings.xml
     [java]     at
org.apache.poi.ooxml.POIXMLFactory.createDocumentPart(POIXMLFactory.java:66)
     [java]     at
org.apache.poi.ooxml.POIXMLDocumentPart.read(POIXMLDocumentPart.java:648)
     [java]     at
org.apache.poi.ooxml.POIXMLDocument.load(POIXMLDocument.java:180)
     [java]     at
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>(XSSFWorkbook.java:286)
     [java]     at
org.apache.poi.xssf.usermodel.XSSFWorkbookFactory.createWorkbook(XSSFWorkbookFactory.java:83)
     [java]     at
org.apache.poi.xssf.usermodel.XSSFWorkbookFactory.createWorkbook(XSSFWorkbookFactory.java:111)

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

--- Comment #3 from Dominik Stadler <[hidden email]> ---
[hidden email], I thing you might still include xerces or some other XML
Parser in your project, can you post the output of "mvn dependency:tree" here?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

--- Comment #4 from Dominik Stadler <[hidden email]> ---
ah, never mind, I just saw the title of the issue...

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

--- Comment #5 from [hidden email] ---
Adding xerces as a direct dependecy as suggested by PJ Fanning helped. Is this
a bug in POI or is my setup wrong?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

--- Comment #6 from PJ Fanning <[hidden email]> ---
Ideally users will use up to date XML parsers because there are numerous
security issues in the older versions of the parsers.
The POI team are still trying to support older parsers though.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

PJ Fanning <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |62805


Referenced Bugs:

https://bz.apache.org/bugzilla/show_bug.cgi?id=62805
[Bug 62805] Fix Old-Xerces build issues
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

PJ Fanning <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #7 from PJ Fanning <[hidden email]> ---
Opened https://bz.apache.org/bugzilla/show_bug.cgi?id=62805 for the remaining
old-xerces build issues

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

Andreas Beeker <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |62943


Referenced Bugs:

https://bz.apache.org/bugzilla/show_bug.cgi?id=62943
[Bug 62943] Runtime error trying to set entity expansion limit property
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

Andreas Beeker <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|SS Common                   |XSSF
           Hardware|PC                          |All

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62692] WildFly XML parser not properly supported - Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62692

Andreas Beeker <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|XSSF                        |OPC

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]