cleanspeak / cleanspeak-issues Goto Github PK
View Code? Open in Web Editor NEWCleanSpeak issues, roadmap and feature requests
Home Page: https://cleanspeak.com
CleanSpeak issues, roadmap and feature requests
Home Page: https://cleanspeak.com
When loading a list from another machine which contains 10K+ entries of various types, the filter approvals page becomes extremely large and unmanageable.
Pagination on the filter approvals page would restrict the maximum size of the page and keep things reasonable for navigation.
Click the approve all button before the browser eats all of the ram.
N/A
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
It appears that in some cases, the latest content is not rendering the newest content for the user, but rather older content. This was reported in the User Alert queue, but it could be in other places as well.
It will be helpful to see the current queue size in the health check when it is failing.
Fix to prime-email to fix a potential thread leak. Unless you are sending a large volume of transactional emails from CleanSpeak, it is unlikely that anyone will be effected.
No known vulnerabilities, but just moving forward to pick up any small features or bug features.
Once a web hook is created, if you edit it in the admin UI, the current values are not populated in the forum.
To be able to correctly edit a web hook without copying in existing values.
Add any other context about the problem here.
When making changes to the filter in the UI, each approval is supposed to be audited.
Steps to reproduce the behavior:
The change to this phrase should be recorded in the audit log.
Customer reported. An audit should be performed of each create, update, delete for each filter entry type to ensure correct auditing is being performed.
Using our shipped docker images maintenance mode explodes if MySQL is not utf8mb4
but will then continue to normal operation anyways (somehow). This needs to be explored further.
Use docker image with RDS without utf8mb4
Maintenance mode should complain that the collation/encoding is wrong without errors and stop the user unless the cleanspeak.properties
is set to ignore the encoding.### Screenshots
The OIDC integration in CleanSpeak is broken because it generates invalid OAuth redirect URLs when starting the OAuth login process. The URLs have two ?
symbols, which make them invalid.
Additionally, CleanSpeak should handle the FusionAuth specific parameters when possible, including userState
.
A JavaScript bug causes the custom duration data fields not to show when you select a Custom date range.
Add any other context about the problem here.
If a webhook is configured and an event has never been configured for the webhook, the configuration may not contain a value indicating if the event is enabled or disabled.
When the event is sent, a java.lang.NullPointerException
may occur.
2021-10-21 5:50:05.942 PM ERROR c.i.cleanspeak.api.primeframework.mvc.error.ExceptionExceptionHandler - An unhandled exception was thrown
java.lang.NullPointerException: null
at com.inversoft.cleanspeak.api.service.DefaultEventService.lambda$sendToServers$1(DefaultEventService.java:94)
The fact that this event is not explicitly enabled or disabled should be equal to disabled. The event should not be sent to the webhook, and no exception should occur.
Add any other context about the problem here.
The logging framework used by CleanSpeak is logback. While this library does not have the same vulnerability found in Log4J, due to this post on the logback website, we are updating to the latest version out of an abundance of caution.
From: http://logback.qos.ch/news.html
You can receive logback-related announcements by subscribing to the QOS.ch announce mailing list.
16th of December, 2021, Release of version 1.2.9
We note that the vulnerability mentioned in CVE-2021-42550 requires write access to logback's configuration file as a prerequisite. Please understand that log4Shell and CVE-2021-42550 are of different severity levels.
In response to CVE-2021-42550 (aka LOGBACK-1591) we have decided to make the following steps.
1) Hardened logback's JNDI lookup mechanism to only honor requests in the java: namespace. All other types of requests are ignored. Many thanks to Michael Osipov for suggesting this change and providing the relvant PR.
2) SMTPAppender was hardened.
3) Temporarily removed DB support for security reasons.
4) Removed Groovy configuration support. As logging is so pevasive and configuration with Groovy is probably too powerful, this feature is unlikely to be reinstated for security reasons.
We note that the aforementioned vulnerability requires write access to logback's configuration file as a prerequisite. Please understand that log4Shell/CVE-2021-44228 and CVE-2021-42550 are of different severity levels. A successul RCE attack with CVE-2021-42550 requires all of the following conditions to be met:
write access to logback.xml
use of versions < 1.2.9
reloading of poisoned configuration data, which implies application restart or scan="true" set prior to attack
As an additional extra precaution, in addition to upgrading to logback version 1.2.9, we also recommend users to set their logback configuration files as read-only.
16th of December, 2021, Release of version 1.3.0-alpha11
Note that 1.3.0-alpha11 contains the same security related changes as 1.2.9.
The 1.3.x series is JPMS/Jigsaw/Java 9 modularized and requires slf4j-api version 2.0.x. However, the 1.3.x series requires Java 8 or later at runtime.
The 1.3.x series is Jigsaw/Java 9 modularized and requires slf4j-api version 2.0.x. Moreover, the 1.3.x series requires Java 8 or later at runtime whereas building logback from source requires Java 9.
Joran, logback's configuration system, has been rewritten to use an internal representation model which can be processed separately. As a side-effect, logback configuration scripts are now largely order-free. For example, appenders can now be defined after they are first referenced in a logger. Moreover, unreferenced appenders are no longer instantiated. Given the breadth of the changes in Joran codebase, support for SiftingAppender and Groovy configuration have been dropped temporarily.
• Migrated from javax.servlet to jakarta.servlet. This entails migration to Tomcat version 10.0.10 and Jetty version 11.0.6 in logback-access. This fixes LOGBACK-1575 reported by Daniel Svensson. Note that Jetty version 11 requires Java version 11 or later.
CleanSpeak is shipping Java 14 as of version 3.30.0
which was released in May 2021, and in the upcoming 3.32.0
we will be shipping Java 17 LTS.
Elasticsearch has stated that if you are running on Java 9+ - you are not vulnerable. The mitigation to an existing instance of Elasticsearch if you are not running on Java9+ is to add this arg to your VM options: -Dlog4j2.formatMsgNoLookups=true
.
As an extra measure of caution, let's add this to the VM args in our bundled Elasticsearch version 7.6.1 which is part of the cleanspeak-search-engine
bundle.
ł
don't decline properlyThe polish word "pedał" should decline in various forms (see wikitionary for a list), but when clicking on the "Show Combinations" button you only see "pedał" in the list. If you change that to "pedal" you get about 11 entries.
Steps to reproduce the behavior:
It looks like in the most recent releases of CleanSpeak, the approvals for filtering lists are broken. Here's the stack trace:
2021-08-04 3:22:03.190 PM ERROR c.i.cleanspeak.api.primeframework.mvc.error.ExceptionExceptionHandler - An unhandled exception was thrown
java.lang.NullPointerException: null
at com.inversoft.cleanspeak.api.service.DefaultEventService.lambda$sendToServers$1(DefaultEventService.java:94)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:176)
at java.base/java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1694)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
at com.inversoft.cleanspeak.api.service.DefaultEventService.sendToServers(DefaultEventService.java:95)
at com.inversoft.cleanspeak.api.service.DefaultEventService.notify(DefaultEventService.java:65)
at com.inversoft.cleanspeak.api.service.filter.DefaultApprovalService.notify(DefaultApprovalService.java:1369)
at com.inversoft.cleanspeak.api.service.filter.DefaultApprovalService.approveFilterEntry(DefaultApprovalService.java:555)
at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
at com.inversoft.cleanspeak.mi.action.admin.filter.ApproveAction.get(ApproveAction.java:59)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:414)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:79)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:62)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:47)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:81)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:57)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
This looks like it is an issue just with DemoSetup.
The moderation and filter endpoints are a frequent problem with new and old customers because they each use different approaches and require dev time to switch from one to the other.
Build a new endpoint that has the functionality of both and any convenience changes we see fit this new API. This will require some exploration and design work.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
If you want to change any large objects like system configuration or an application configuration you have to request the entire object, modify the fields you want, and send the whole thing back.
It would be nice to send in only the required fields to identify a configuration and the fields you want to change to minimize the possibility for racey updates, minimize bandwidth, and minimize complexity on the implementers side. The PATCH method on http would be able to do this, CleanSpeak just has to support it.
It doesn't functionally change anything, it just makes it easier to do some things.
This feature will be available through our MVC soon so some of the work is already done.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
Add an option to configure the system to use a proxy for all outbound network access to CleanSpeak licensing.
Currently, the default image filtering probably for Low matches is 0. This is not changeable unless you put CleanSpeak into Advanced configuration mode. This should default to 30 percent instead.
From the Dashboard if you click on a user in the "Top 10 Filtered Users" and then try to "Action User" you can't get the "Submit" button to be enabled.
Steps to reproduce the behavior:
Selecting an "Action" should open up other options and enable the "Submit" button.
When a moderator is reviewing the User queue, the current design requires the user to be dismissed or actioned before viewing the next user in the queue.
There are times when the moderator reviewing the current user is unable to make a decision on the current user due to insufficient information. In some cases it is possible to escalate the user in order to move to the next user in the queue. In other cases escalating the user is not helpful because additional information may be needed to be collected outside of CleanSpeak.
In these scenarios it would be helpful to be able to "ignore" a user in the queue, continue to the next user w/out dismissing the user from the queue. This would allow this user to be reviewed at a later time.
This type of workflow is supported in the Content Queue, a similar workflow would be desired.
Add an "Ignore" or "continue" option when working through the User queue similar to the Content Queue.
You can optionally use the escalation queue as a holding area for users you wish to review at a later time.
Internal reference : https://cleanspeak.zendesk.com/agent/tickets/2682
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
In FusionAuth we developed a templated client library builder. It would be nice to have the same in CleanSpeak since it only has a python client and is several years old. The client builder would also help keep our clients up to date as they do in FusionAuth.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
If the weekly report is generated and it contains Unicode characters that are outside of the latin plane, PDFBox fails with an exception.
2021-07-28 6:03:56.695 PM ERROR c.i.cleanspeak.api.primeframework.mvc.error.ExceptionExceptionHandler - An unhandled exception was thrown
java.lang.IllegalArgumentException: U+3067 ('dehiragana') is not available in this font Helvetica (generic: LiberationSans) encoding: WinAnsiEncoding
at org.apache.pdfbox.pdmodel.font.PDType1Font.encode(PDType1Font.java:401)
at org.apache.pdfbox.pdmodel.font.PDFont.encode(PDFont.java:316)
at org.apache.pdfbox.pdmodel.PDPageContentStream.showText(PDPageContentStream.java:414)
at com.inversoft.pdf.service.pdfbox.BaseRenderer.renderText(BaseRenderer.java:44)
at com.inversoft.pdf.service.pdfbox.TextListRenderer.render(TextListRenderer.java:21)
at com.inversoft.pdf.service.pdfbox.TextListRenderer.render(TextListRenderer.java:17)
at com.inversoft.pdf.service.PDFBoxGeneratorService.renderPage(PDFBoxGeneratorService.java:47)
at com.inversoft.pdf.service.PDFBoxGeneratorService.generate(PDFBoxGeneratorService.java:35)
at com.inversoft.cleanspeak.api.service.content.reporting.CleanSpeakReportPDFGenerationService.generate(CleanSpeakReportPDFGenerationService.java:87)
at com.inversoft.cleanspeak.mi.action.admin.report.WeeklyReportAction.post(WeeklyReportAction.java:69)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:414)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:79)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:62)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:47)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:81)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:57)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:44)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:126)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.workflow.StaticResourceWorkflow.perform(StaticResourceWorkflow.java:97)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.parameter.RequestBodyWorkflow.perform(RequestBodyWorkflow.java:91)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:64)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:91)
at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44)
at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50)
at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:78)
at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.inversoft.cleanspeak.mi.security.CleanSpeakLicenseFilter.doFilter(CleanSpeakLicenseFilter.java:74)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:353)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1629)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:832)
It appears that this is a font issue but we've tried installing a number of different fonts on various servers and it doesn't appear to work. This might require an upgrade of PDFBox and potentially shipping with specific fonts.
CleanSpeak should support vv
for w
in leet speak replacements. Currently, this is not possible because double characters in leet speak cannot be analyzed.
It is not currently easy/possible to integrate with Prometheus metrics.
Add a new endpoint for a prometheus instance to scrape.
See also: https://prometheus.io/, https://prometheus.io/docs/instrumenting/exposition_formats/
Requirements:
/prometheus/metrics
)
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The location
, receiver_display_name
, or sender_display_name
is longer than 255
, and then gets stuck in the queue.
Need to ensure we are validating these lengths prior to adding to the queue.
### Error updating database. Cause: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(255)
### The error may involve defaultParameterMap
### The error occurred while setting parameters
### SQL: INSERT INTO content_items (id, content, create_instant, generated_alert, insert_instant, last_update_user_id, location, persistent, receiver_display_name, receiver_id, required_approval, sender_display_name, sender_id, was_actioned, was_approved, was_dismissed, was_escalated, was_rejected, applications_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) , (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) , (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) , (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
### Cause: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(255)
at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200)
at org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:185)
at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.ibatis.session.SqlSessionManager$SqlSessionInterceptor.invoke(SqlSessionManager.java:350)
at com.sun.proxy.$Proxy75.insert(Unknown Source)
at org.apache.ibatis.session.SqlSessionManager.insert(SqlSessionManager.java:236)
at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:58)
at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59)
at com.sun.proxy.$Proxy83.createBulk(Unknown Source)
at com.inversoft.cleanspeak.api.service.content.DefaultContentItemService.createBulk(DefaultContentItemService.java:100)
at com.inversoft.cleanspeak.api.service.moderation.ContentQueueDrainer.flush(ContentQueueDrainer.java:148)
Steps to reproduce the behavior:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
(Please complete the following information)
Add any other context about the problem here.
There is a bug in the scheduler that may keep the queue drainer from writing out outstanding queue entries to disk when the queue is failing on shutdown.
Outstanding queue entries should be written to disk so they can be replayed later.
Add any other context about the problem here.
CleanSpeak Dirty Mind™ is an artificial intelligence model used to assist the CleanSpeak core filter capability.
Upgrade to latest 8.5.x patch release to pick up bug fixes and security updates.
Running a backup and restore via the API doesn't always work. It looks like there are some bugs with JSON parsing.
Here's the stack trace:
Feb 25, 2021 10:25:46.264 AM ERROR com.inversoft.cleanspeak.api.service.system.backup.DefaultBackupService - Failed to load backup file [/tmp/NjE3YmU1NT_cleanspeak.json]
com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of `com.inversoft.cleanspeak.domain.WhitelistedURL` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('.*\.example\.com.*')
at [Source: (File); line: 1, column: 4007468] (through reference chain: com.inversoft.cleanspeak.domain.system.backup.Backup["whitelist"]->com.inversoft.cleanspeak.domain.system.backup.Whitelist["whitelistedURLs"]->java.util.ArrayList[0])
at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63)
at com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1429)
at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1059)
at com.fasterxml.jackson.databind.deser.ValueInstantiator._createFromStringFallbacks(ValueInstantiator.java:371)
at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.createFromString(StdValueInstantiator.java:323)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromString(BeanDeserializerBase.java:1373)
at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:171)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:161)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:286)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:245)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:27)
at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeWithView(BeanDeserializer.java:587)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:359)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159)
at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeWithView(BeanDeserializer.java:587)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:359)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159)
at com.fasterxml.jackson.databind.ObjectReader._bindAndClose(ObjectReader.java:1719)
at com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:1310)
at com.inversoft.cleanspeak.api.service.filter.DefaultListService.loadFromSource(DefaultListService.java:218)
at com.inversoft.cleanspeak.api.service.system.backup.DefaultBackupService.restore(DefaultBackupService.java:210)
at com.inversoft.cleanspeak.api.service.system.backup.DefaultBackupService$$EnhancerByGuice$$bf00b1db.CGLIB$restore$0(<generated>)
at com.inversoft.cleanspeak.api.service.system.backup.DefaultBackupService$$EnhancerByGuice$$bf00b1db$$FastClassByGuice$$f6aa5735.invoke(<generated>)
at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:78)
at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:78)
at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:78)
at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:54)
at com.inversoft.cleanspeak.api.service.system.backup.DefaultBackupService$$EnhancerByGuice$$bf00b1db.restore(<generated>)
at com.inversoft.cleanspeak.webservice.action.system.RestoreAction.post(RestoreAction.java:40)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:414)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:79)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:62)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:47)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:81)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
null
value for the applicationId
means we do not return any content in the zip.We should review each report to see how they handle, or expect the applicationId
to ensure correctness.
Internal support reference https://cleanspeak.zendesk.com/agent/tickets/2910
The url filter currently has trouble detecting exampledotcom because there are no spaces or differences in capitalization. This needs to be explored to find a way to improve this behavior.
Go to demo and do these things:
This returns to the form without any error. The bug must be one of these things:
It is unclear how this state occurs, but the username filter rule becomes null
and then at runtime a NullPointerException
may occur when processing the filter rules.
Stack trace
Dec 14, 2020 12:32:41.334 PM ERROR c.i.cleanspeak.api.primeframework.mvc.error.ExceptionExceptionHandler - An unhandled exception was thrown
java.lang.NullPointerException: null
at com.inversoft.cleanspeak.api.service.moderation.DefaultModerationRulesService.runIterator(DefaultModerationRulesService.java:155)
at com.inversoft.cleanspeak.api.service.moderation.DefaultModerationRulesService.computeAction(DefaultModerationRulesService.java:140)
at com.inversoft.cleanspeak.api.service.moderation.DefaultModerationRulesService.executeRules(DefaultModerationRulesService.java:111)
at com.inversoft.cleanspeak.api.service.moderation.DefaultContentProcessingService.filterAndRunRules(DefaultContentProcessingService.java:414)
at com.inversoft.cleanspeak.api.service.moderation.DefaultContentProcessingService.create(DefaultContentProcessingService.java:142)
TBD, this has yet to be recreated but we have encountered a few customers that observed this exception.
This sequence of steps seems to temporarily resolve the issue. It is still possible for the system to get into the error state again which will produce the stack trace.
Add any other context about the problem here.
It is difficult to detect and monitor changes using the audit log alone.
Create a webhook that can notify an external endpoint any time something is approved.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
This was a request from Nishiki to be able to download a ZIP with:
The h3 in this tooltip is not white so you can't read the text. Fixing the style in fusionauth-style
and then bumping our dep here to pick it up.
The correct font color should be shown.
Add any other context about the problem here.
See how we do this in FusionAuth, copy over some of the same patterns.
It is currently not possible to have different URL whitelist behavior per application.
Pick one:
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
If you leave a comment when you escalate a user or content item, the comment is not visible in the escalation queue.
See the comment.
Internal support reference https://cleanspeak.zendesk.com/agent/tickets/2909
When viewing a user (admin page or in popup) and you click on the chain icon the user's link is not copied to the clipboard.
Steps to reproduce the behavior:
Expect clipboard to contain a link to the user.
Update the support library with new FTL changes as we have in FusionAuth. @robotdan will know what this means.
Clients that have content volumes in the billions per month cannot easily enable content storage which also prevents getting useful statistics from the reports. This is due to the fact that elastic search would require an enormous amount of ram to power such a large dataset. Even using a reaper to frequently scrub the data is challenging due to the rate that content needs to be deleted (mostly a mysql issue).
A good solution is to
These two companion features would allow the statistics to work using a sampled subset of the total data that would only require a comparable reduction in server resources.
Throw server resources at the problem and store everything. (expensive and only vertically scales)
In order to ensure that CleanSpeak keeps working as intended, anything that requires approval or enters the queue will always be recorded. The two new settings allow you to change how any additional content is treated.
Additional Notes:
Affected reports:
Unaffected reports:
alwaysKeepMatches
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The TLDs are currently baked into CleanSpeak and cannot be modified. TLDs are added all the time so it would be nice to be able to allow clients to add them as they like.
Expose the TLDs via a new menu and move the configuration to the database (simple tld to quality value table/map)
Expose the old configuration as it was written and store it in the database (power user alternative)
Currently the TLD configuration can be manually modified through some command line ninja skills.
https://cleanspeak.com/docs/3.x/tech/reference/url-filter-configuration
We may need to merge our default list into the existing one as we update CleanSpeak.
Note: There are no approvals for TLDs as only admins can change them.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
/admin/moderation/user
When viewing a user on /admin/moderation/user
(as opposed to a popup) when you click submit
to update a user's score you are told "This user is not currently checked out to you" and are unable to change the score. If you are viewing the user in a popup (e.g. from the dashboard) you are able to update the user score.
Search -> Users -> Manage
(this will forward you to /admin/moderation/user
for the user)Submit should succeed and close the "Edit User Score" dialog.
This appears to be a problem with the UserRelease.js
listening for clicks and releasing the user when the "Edit User Score" dialog opens on /admin/moderation/user
pages. This does not happen for /ajax/moderation/user
popups.
When a comment is added to an escalation that is longer than 255
, the escalation will fail.
We need to validate this length, and ask the moderator to shorten the comment.
255
A validation error.
### SQL: UPDATE queued_content_users SET comment = ?, previous_status = ?, status = ?, update_instant = ?, applications_id = ?, last_update_user_id = ? WHERE id = ?
### Cause: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(255)
...com.inversoft.cleanspeak.api.service.moderation.DefaultContentUserModerationService.escalate(DefaultContentUserModerationService.java:716)
Add any other context about the problem here.
approve
, create
, delete
, revert
, and update
. Currently there is also add
and edit
that should be changed to create
and update
respectively. Blacklist filter entry Id [1289] approved [test1:en] ... 01:09:41 PM
...
Blacklist filter entry Id [1289] deleted [test1:en] ... 01:09:21 PM
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
Update from JDK 14 to JDK 17. This is an internal change only, no functional behavior changes.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.