Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Improve diagnostics in SpEL for large array creation #28257

Closed
jhoeller opened this issue Mar 31, 2022 · 2 comments
Closed

Improve diagnostics in SpEL for large array creation #28257

jhoeller opened this issue Mar 31, 2022 · 2 comments
Assignees
Labels
in: core Issues in core modules (aop, beans, core, context, expression) type: backport An issue that is a backport of another issue to a maintenance branch type: enhancement A general enhancement
Milestone

Comments

@jhoeller
Copy link
Contributor

Backport of gh-28145

@jhoeller jhoeller added in: core Issues in core modules (aop, beans, core, context, expression) type: enhancement A general enhancement labels Mar 31, 2022
@jhoeller jhoeller added this to the 5.2.20 milestone Mar 31, 2022
bclozel pushed a commit that referenced this issue Mar 31, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes gh-28257
@jhoeller jhoeller added the type: backport An issue that is a backport of another issue to a maintenance branch label Mar 31, 2022
jgallimore pushed a commit to tomitribe/spring-framework that referenced this issue Apr 1, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257
@Maarten-Damen
Copy link

Hi @jhoeller,

Am I correctly assuming that this is the fix for CVE-2022-22950? And if so, would it be possible to update the documentation that the fix is also applied to 5.2.20? Since the CVE reports now only mention 5.3.17 as fix version for this CVE.

Some of the documentation mentions:

@sbrannen
Copy link
Member

sbrannen commented Apr 5, 2022

@Maarten-Damen, we have updated the published documentation.

RangerRick pushed a commit to OpenNMS/spring-framework that referenced this issue Jul 26, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257
RangerRick pushed a commit to OpenNMS/spring-framework that referenced this issue Jul 26, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257
RangerRick pushed a commit to OpenNMS/spring-framework that referenced this issue Jul 26, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257
RangerRick pushed a commit to OpenNMS/spring-framework that referenced this issue Jul 26, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257
RangerRick pushed a commit to OpenNMS/spring-framework that referenced this issue Jul 26, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257
RangerRick pushed a commit to OpenNMS/spring-framework that referenced this issue Jul 28, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257
kkolman pushed a commit to Datameer-Inc/spring-framework that referenced this issue Nov 2, 2022
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28257

(cherry picked from commit 90cfde9)
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
in: core Issues in core modules (aop, beans, core, context, expression) type: backport An issue that is a backport of another issue to a maintenance branch type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

4 participants