Merge branch 'xwiki:master' into XWIKI-16216

.mvn/extensions.xml

@@ -25,7 +25,7 @@ xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.1.0 https://maven.apach
   <extension>
     <groupId>com.gradle</groupId>
     <artifactId>develocity-maven-extension</artifactId>
-    <version>1.22.1</version>
+    <version>1.22.2</version>
   </extension>
   <extension>
     <groupId>com.gradle</groupId>

pom.xml

@@ -62,7 +62,7 @@
          by jetty is referenced in its mod files. When upgrading Jetty, check the version of SF4J used and set the
          version here. -->
     <jetty.server.slf4j.version>2.0.13</jetty.server.slf4j.version>
-    <netty.version>4.1.113.Final</netty.version>
+    <netty.version>4.1.114.Final</netty.version>
     <hibernate.version>5.6.15.Final</hibernate.version>
     <dockerJava.version>3.4.0</dockerJava.version>
     <cvssCalculator.version>1.4.3</cvssCalculator.version>

xwiki-platform-core/pom.xml

@@ -265,7 +265,7 @@
           <plugin>
             <groupId>org.codehaus.gmavenplus</groupId>
             <artifactId>gmavenplus-plugin</artifactId>
-            <version>3.0.2</version>
+            <version>4.0.1</version>
             <executions>
               <execution>
                 <id>set-system-properties-file</id>

xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-test/xwiki-platform-appwithinminutes-test-docker/src/test/it/org/xwiki/appwithinminutes/test/ui/DocumentFieldsIT.java

@@ -59,7 +59,7 @@
     "xwikiPropertiesAdditionalProperties=test.prchecker.excludePattern=.*:AppWithinMinutes\\.(ClassEditSheet|DynamicMessageTool|LiveTableEditSheet)"})
 class DocumentFieldsIT
 {
-    private String appName = RandomStringUtils.randomAlphabetic(6);
+    private String appName = RandomStringUtils.secure().nextAlphabetic(6);
 
     @BeforeAll
     static void beforeAll(TestUtils setup)

xwiki-platform-core/xwiki-platform-container/xwiki-platform-container-servlet/src/main/java/org/xwiki/container/servlet/filters/SavedRequestManager.java

@@ -68,7 +68,7 @@ public static class SavedRequest implements Serializable
         @SuppressWarnings("unchecked")
         public SavedRequest(HttpServletRequest request)
         {
-            this.parameters = new HashMap<String, String[]>(request.getParameterMap());
+            this.parameters = new HashMap<>(request.getParameterMap());
             this.requestUrl = request.getRequestURL().toString();
         }
 
@@ -166,15 +166,15 @@ public static String saveRequest(HttpServletRequest request)
         Map<String, SavedRequest> savedRequests =
             (Map<String, SavedRequest>) session.getAttribute(getSavedRequestKey());
         if (savedRequests == null) {
-            savedRequests = new HashMap<String, SavedRequest>();
+            savedRequests = new HashMap<>();
             session.setAttribute(getSavedRequestKey(), savedRequests);
         }
         // Save the request data
         SavedRequest savedRequest = new SavedRequest(request);
         // Generate a random key to identify this request
         String key;
         do {
-            key = RandomStringUtils.secure().randomAlphanumeric(8);
+            key = RandomStringUtils.secure().nextAlphanumeric(8);
         } while (savedRequests.containsKey(key));
         // Store the saved request
         savedRequests.put(key, savedRequest);

xwiki-platform-core/xwiki-platform-eventstream/xwiki-platform-eventstream-api/src/main/java/org/xwiki/eventstream/internal/DefaultEventStore.java

@@ -394,7 +394,7 @@ private String generateEventId(Event event, ExecutionContext context)
         }
 
         final String id =
-            String.format("%d-%d-%s", hash, event.getDate().getTime(), RandomStringUtils.randomAlphanumeric(8));
+            String.format("%d-%d-%s", hash, event.getDate().getTime(), RandomStringUtils.secure().nextAlphanumeric(8));
         if (context != null && context.getProperty(GROUP_ID_CONTEXT_KEY) == null) {
             context.setProperty(GROUP_ID_CONTEXT_KEY, id);
         }

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/XWiki.java

@@ -4102,7 +4102,7 @@ public void sendValidationEmail(String xwikiname, String password, String email,
 
     public String generateRandomString(int size)
     {
-        return RandomStringUtils.randomAlphanumeric(size);
+        return RandomStringUtils.secure().nextAlphanumeric(size);
     }
 
     public String generateValidationKey(int size)

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/export/html/HtmlPackager.java

@@ -360,7 +360,7 @@ public void export(XWikiContext context) throws IOException, XWikiException
         context.setFinished(true);
 
         File dir = this.environment.getTemporaryDirectory();
-        File tempdir = new File(dir, RandomStringUtils.randomAlphanumeric(8));
+        File tempdir = new File(dir, RandomStringUtils.secure().nextAlphanumeric(8));
         tempdir.mkdirs();
 
         try {

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/pdf/impl/PdfExportImpl.java

@@ -146,7 +146,7 @@ public void export(XWikiDocument doc, OutputStream out, ExportType type, XWikiCo
         // would also need to get the translations and set them too.
 
         File dir = this.environment.getTemporaryDirectory();
-        File tempdir = new File(dir, RandomStringUtils.randomAlphanumeric(8));
+        File tempdir = new File(dir, RandomStringUtils.secure().nextAlphanumeric(8));
         try {
             FileUtils.forceMkdir(tempdir);
         } catch (IOException e) {

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/stats/impl/StatsUtil.java

@@ -641,7 +641,7 @@ protected static VisitStats findVisitByIPUA(String uniqueID, XWikiContext contex
      */
     protected static Cookie addCookie(XWikiContext context)
     {
-        Cookie cookie = new Cookie(COOKPROP_VISITID, RandomStringUtils.randomAlphanumeric(32).toUpperCase());
+        Cookie cookie = new Cookie(COOKPROP_VISITID, RandomStringUtils.secure().nextAlphanumeric(32).toUpperCase());
         cookie.setPath("/");
 
         int time = (int) (getCookieExpirationDate().getTime() - (new Date()).getTime()) / 1000;

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/Utils.java

@@ -867,7 +867,7 @@ public static String createPlaceholder(String value, XWikiContext context)
         Map<String, String> renderingKeys = (Map<String, String>) context.get(PLACEHOLDERS_CONTEXT_KEY);
         String key;
         do {
-            key = "KEY" + RandomStringUtils.randomAlphanumeric(10) + "KEY";
+            key = "KEY" + RandomStringUtils.secure().nextAlphanumeric(10) + "KEY";
         } while (renderingKeys.containsKey(key));
         renderingKeys.put(key, value);
 

xwiki-platform-core/xwiki-platform-rendering/xwiki-platform-rendering-macros/xwiki-platform-rendering-macro-include/src/test/java/org/xwiki/rendering/internal/macro/include/IncludeMacroTest.java

@@ -103,9 +103,9 @@
 @AllComponents(excludes = {CurrentMacroEntityReferenceResolver.class, DefaultAuthorizationManager.class})
 class IncludeMacroTest
 {
-    private final static DocumentReference INCLUDER_AUHOR = new DocumentReference("wiki", "XWiki", "includer");
+    private final static DocumentReference INCLUDER_AUTHOR = new DocumentReference("wiki", "XWiki", "includer");
 
-    private final static DocumentReference INCLUDED_AUHOR = new DocumentReference("wiki", "XWiki", "included");
+    private final static DocumentReference INCLUDED_AUTHOR = new DocumentReference("wiki", "XWiki", "included");
 
     @InjectComponentManager
     private MockitoComponentManager componentManager;
@@ -151,7 +151,7 @@ public void setUp() throws Exception
         this.includeMacro = this.componentManager.getInstance(Macro.class, "include");
         this.rendererFactory = this.componentManager.getInstance(PrintRendererFactory.class, "event/1.0");
 
-        when(this.dab.getCurrentAuthorReference()).thenReturn(INCLUDER_AUHOR);
+        when(this.dab.getCurrentAuthorReference()).thenReturn(INCLUDER_AUTHOR);
 
         // Put a fake XWiki context on the execution context.
         Execution execution = this.componentManager.getInstance(Execution.class);
@@ -189,7 +189,7 @@ void executeWithPRAuthors() throws Exception
             + "endDocument";
         // @formatter:on
 
-        when(this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUHOR, null)).thenReturn(true);
+        when(this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUTHOR, null)).thenReturn(true);
 
         List<Block> blocks = runIncludeMacro(Context.CURRENT, "word", false);
 
@@ -329,7 +329,7 @@ void executeWithCurrentContextShowsVelocityMacrosAreShared() throws Exception
             + "endDocument";
         // @formatter:on
 
-        when(this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUHOR, null)).thenReturn(true);
+        when(this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUTHOR, null)).thenReturn(true);
 
         // We verify that a Velocity macro set in the including page is seen in the included page.
         List<Block> blocks = runIncludeMacroWithPreVelocity(Context.CURRENT, "#macro(testmacro)#end",
@@ -407,7 +407,8 @@ void adaptIdsOfIncludedHeadingsAndImages() throws Exception
     {
         // @formatter:off
         String expected = "beginDocument\n"
-            + "beginMetaData [[base]=[includedWiki:includedSpace.includedPage][source]=[includedWiki:includedSpace.includedPage][syntax]=[XWiki 2.0]]\n"
+            + "beginMetaData [[base]=[includedWiki:includedSpace.includedPage][source]="
+                + "[includedWiki:includedSpace.includedPage][syntax]=[XWiki 2.0]]\n"
             + "beginSection\n"
             + "beginHeader [1, HHeading-1]\n"
             + "onWord [Heading]\n"
@@ -416,7 +417,8 @@ void adaptIdsOfIncludedHeadingsAndImages() throws Exception
             + "onImage [Typed = [false] Type = [attach] Reference = [test.png]] [true] [Itest.png-1]\n"
             + "endParagraph\n"
             + "endSection\n"
-            + "endMetaData [[base]=[includedWiki:includedSpace.includedPage][source]=[includedWiki:includedSpace.includedPage][syntax]=[XWiki 2.0]]\n"
+            + "endMetaData [[base]=[includedWiki:includedSpace.includedPage][source]="
+                + "[includedWiki:includedSpace.includedPage][syntax]=[XWiki 2.0]]\n"
             + "endDocument";
         // @formatter:on
 
@@ -631,7 +633,7 @@ void executeWhenExcludeFirstHeadingTrueAndSectionSpecifiedAndHeadingIsFirstBlock
         when(this.dab.getCurrentDocumentReference())
             .thenReturn(new DocumentReference("wiki", "Space", "IncludingPage"));
 
-        when(this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUHOR, null)).thenReturn(true);
+        when(this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUTHOR, null)).thenReturn(true);
 
         List<Block> blocks = this.includeMacro.execute(parameters, null, macroContext);
 
@@ -740,7 +742,7 @@ private void setupDocumentMocks(String includedDocumentReferenceString, Document
         XDOM xdom = toXDOM(includedContent);
         when(this.includedDocument.getPreparedXDOM()).thenReturn(xdom);
         when(this.includedDocument.getRealLanguage()).thenReturn("");
-        when(this.includedDocument.getContentAuthorReference()).thenReturn(INCLUDED_AUHOR);
+        when(this.includedDocument.getContentAuthorReference()).thenReturn(INCLUDED_AUTHOR);
     }
 
     private XDOM toXDOM(String content) throws Exception
@@ -801,11 +803,11 @@ private List<Block> runIncludeMacro(final Context context, final Author author,
             verify(this.dab).popDocumentFromContext(any(Map.class));
         } else {
             if (parameters.getAuthor() == Author.CURRENT || (parameters.getAuthor() == Author.AUTO
-                && this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUHOR, null))) {
+                && this.authorizationManager.hasAccess(Right.PROGRAM, INCLUDED_AUTHOR, null))) {
                 verifyNoInteractions(this.authorExecutor);
             } else {
                 DocumentReference includedReference = this.includedDocument.getDocumentReference();
-                verify(this.authorExecutor).call(any(), eq(INCLUDED_AUHOR), eq(includedReference));
+                verify(this.authorExecutor).call(any(), eq(INCLUDED_AUTHOR), eq(includedReference));
             }
         }
 

xwiki-platform-core/xwiki-platform-rendering/xwiki-platform-rendering-macros/xwiki-platform-rendering-macro-include/src/test/java/org/xwiki/rendering/macro/include/IncludeMacroParametersTest.java

@@ -30,10 +30,10 @@
  * 
  * @version $Id$
  */
-public class IncludeMacroParametersTest
+class IncludeMacroParametersTest
 {
     @Test
-    public void setPage()
+    void setPage()
     {
         IncludeMacroParameters parameters = new IncludeMacroParameters();
 
@@ -43,7 +43,7 @@ public void setPage()
     }
 
     @Test
-    public void setExcludeFirstHeading() 
+    void setExcludeFirstHeading()
     {
         IncludeMacroParameters parameters = new IncludeMacroParameters();
 

xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-server/xwiki-platform-search-solr-server-core-search/pom.xml

@@ -49,7 +49,7 @@
     <dependency>
       <groupId>ua.net.nlp</groupId>
       <artifactId>morfologik-ukrainian-lt</artifactId>
-      <version>6.5.2</version>
+      <version>6.5.3</version>
       <!-- This dependency is packaged so we don't want it to be seen as a transitive dependency by Maven -->
       <!-- We cannot use provided scope because it apparently hide the JAR from maven-assembly-plugin -->
       <optional>true</optional>

xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-api/src/main/java/org/xwiki/security/authentication/AuthenticationConfiguration.java

@@ -81,7 +81,7 @@ default List<String> getCookieDomains()
      */
     default String getValidationKey()
     {
-        return RandomStringUtils.random(32);
+        return RandomStringUtils.secure().next(32);
     }
 
     /**
@@ -95,6 +95,6 @@ default String getValidationKey()
      */
     default String getEncryptionKey()
     {
-        return RandomStringUtils.random(32);
+        return RandomStringUtils.secure().next(32);
     }
 }

xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-default/src/main/java/org/xwiki/security/authentication/internal/DefaultAuthenticationConfiguration.java

@@ -25,7 +25,7 @@
 import javax.inject.Named;
 import javax.inject.Singleton;
 
-import org.apache.commons.lang.RandomStringUtils;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.xwiki.component.annotation.Component;
@@ -141,7 +141,7 @@ private synchronized String getGeneratedKey(String name)
 
         // If still not found, generate one and store it in the permanent configuration
         if (generatedKey == null) {
-            generatedKey = RandomStringUtils.random(32);
+            generatedKey = RandomStringUtils.secure().next(32);
             try {
                 this.permanentConfiguration.setProperty(name, generatedKey);
             } catch (ConfigurationSaveException e) {

xwiki-platform-core/xwiki-platform-store/xwiki-platform-store-filesystem-oldcore/src/main/java/org/xwiki/store/filesystem/internal/FilesystemStoreTools.java

@@ -209,7 +209,8 @@ public File getBackupFile(final File storageFile)
         // We pad our file names with random alphanumeric characters so that multiple operations on the same
         // file in the same transaction do not collide, the set of all capital and lower case letters
         // and numbers has 62 possibilities and 62^8 = 218340105584896 between 2^47 and 2^48.
-        return new File(storageFile.getAbsolutePath() + BACKUP_FILE_SUFFIX + RandomStringUtils.randomAlphanumeric(8));
+        return new File(storageFile.getAbsolutePath() + BACKUP_FILE_SUFFIX
+            + RandomStringUtils.secure().nextAlphanumeric(8));
     }
 
     /**
@@ -221,7 +222,8 @@ public File getBackupFile(final File storageFile)
      */
     public File getTempFile(final File storageFile)
     {
-        return new File(storageFile.getAbsolutePath() + TEMP_FILE_SUFFIX + RandomStringUtils.randomAlphanumeric(8));
+        return new File(storageFile.getAbsolutePath() + TEMP_FILE_SUFFIX
+            + RandomStringUtils.secure().nextAlphanumeric(8));
     }
 
     /**