Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-20305

Oracle schema validation check failure with ojdbc7.jar version


    • Bug Priority:
      Category 1
    • ACT Numbers:



      The following WARN log was reported in an Alfresco 5.2.4 bootstrap with a clean schema installation

      2018-11-28 10:00:48,285 INFO [domain.schema.SchemaBootstrap] All executed statements: /tmp/Alfresco/AlfrescoSchema-AlfrescoOracle9Dialect-All_Statements-2350127769449230540.sql. 
      2018-11-28 10:01:02,363 WARN [domain.schema.SchemaBootstrap] Schema validation found 41 potential problems, results written to: /tmp/Alfresco/Alfresco-AlfrescoOracle9Dialect-Validation-Post-Upgrade-alf_-4800688769193055750.txt 
      2018-11-28 10:01:02,607 WARN [domain.schema.SchemaBootstrap] Schema validation found 1 potential problems, results written to: /tmp/Alfresco/Alfresco-AlfrescoOracle9Dialect-Validation-Post-Upgrade-act_-7880680268048640379.txt 

      The WARN refers to 41 missing sequences in the target schema. In fact all the sequences are created in the schema. The problem is the validation check made by Alfresco has been blocked in the ojdbc7.jar driver when this driver is version Reverting the ojdbc7.jar to the previous version avoids the problem.

      The customer reports the problem could be related to security change CVE-2016-3506 which is applied to ojdbc7.jar v They downloaded ojdbc7.jar from this Oracle location:

      In their analysis the schema validation fails because of the way the sequences are requested by Alfresco.

      A similar case is reported when Jira uses ojdbc7.jar v - reference: https://jira.atlassian.com/browse/JRASERVER-61007

      Snipped from this JRASERVER-61007:

      "the existing implementation invokes DatabaseMetaData#getTables to retrieve the sequences in oracle with the types parameter being set as "SEQUENCE". However, due to a security patch - CVE-2016-3506, the "SEQUENCE" is not treated as legal input anymore."

      It looks like Alfresco is using the same getTables() method in the validation class
      org.alfresco.util.schemacomp.ExportDb to retrieve information about the schema sequences:

      private void extractSchema(DatabaseMetaData dbmd, String schemaName, String prefixFilter) 
      throws SQLException, IllegalArgumentException, IllegalAccessException 
      if (log.isDebugEnabled()) 
      log.debug("Retrieving tables: schemaName=[" + schemaName + "], prefixFilter=[" + prefixFilter + "]"); 
      final ResultSet tables = dbmd.getTables(null, schemaName, prefixFilter, new String[] 
      "TABLE", "VIEW", "SEQUENCE" 

      If the sequences are not returned here, because of a change in driver version, then Alfresco will log the missing sequences warning.


          Issue Links




                • Assignee:
                  closedbugs Closed Bugs
                  gcussen Gerald Cussen
                • Votes:
                  0 Vote for this issue
                  3 Start watching this issue


                  • Created:

                    Structure Helper Panel