Merge pull request #6 from RegioneER/versamento-fascicolo-v3-1.5.1_381590

ScardigliA · web-flow · commit fff0e4a38a28 · 2025-09-22T10:25:25.000+02:00
Release 1.5.1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,9 @@
 
+## 1.5.1 (18-09-2025)
+
+### Bugfix: 1
+- [#35929](https://parermine.regione.emilia-romagna.it/issues/35929) Correzione errore imprevisto che si verifica nella gestione degli attributi dei dati specifici fascicoli
+
 ## 1.5.0 (11-06-2025)
 
 ### Novità: 1
diff --git a/CONTAINER-SCAN-REPORT.md b/CONTAINER-SCAN-REPORT.md
@@ -1,7 +1,12 @@
 ## Container scan evidence CVE
 <strong>Image name:</strong> registry.ente.regione.emr.it/parer/okd/versamento-fascicolo-v3:sast
-<br/><strong>Run date:</strong> Wed Jun 11 12:10:31 CEST 2025
-<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/versamento-fascicolo-v3/-/jobs/649852">Job</a>
-<br/><strong>CVE founded:</strong> 0
+<br/><strong>Run date:</strong> Thu Sep 18 11:28:26 CEST 2025
+<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/versamento-fascicolo-v3/-/jobs/753236">Job</a>
+<br/><strong>CVE founded:</strong> 5
 | CVE | Description | Severity | Solution | 
 |:---:|:---|:---:|:---|
+| [CVE-2025-58060](https://access.redhat.com/errata/RHSA-2025:15702)|OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.|High|Upgrade cups-libs to 1:2.2.6-63.el8_10|
+| [CVE-2025-59375](https://access.redhat.com/security/cve/CVE-2025-59375)|libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.|High|No solution provided|
+| [CVE-2025-5914](https://access.redhat.com/errata/RHSA-2025:14130)|A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.|High|Upgrade libarchive to 3.3.3-6.el8_10|
+| [CVE-2025-7425](https://access.redhat.com/errata/RHSA-2025:12447)|A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.|High|Upgrade libxml2 to 2.9.7-21.el8_10.2|
+| [CVE-2025-6965](https://access.redhat.com/errata/RHSA-2025:11992)|There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.|High|Upgrade sqlite-libs to 3.26.0-20.el8_10|
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ Di seguito verranno riportati sotto alcuni paragrafi, le modalità possibili con
 
 ## Rilascio su RedHat Openshift
 
-Per la creazione dell'applicazione con risorse necessarie correlate sotto Openshift (https://www.redhat.com/it/technologies/cloud-computing/openshift) viene fornito un apposito template (la solzuzione, modificabile, è basata su Oracle DB) [template](src/main/openshift/verifica-firma-crypto-template.yml).
+Per la creazione dell'applicazione con risorse necessarie correlate sotto Openshift (https://www.redhat.com/it/technologies/cloud-computing/openshift) viene fornito un apposito template (la solzuzione, modificabile, è basata su Oracle DB) [template](src/main/openshift/versamento-fascicolo-v3-template.yml).
 
 
 # Utilizzo
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,4 +1,4 @@
-## 1.5.0 (11-06-2025)
+## 1.5.1 (18-09-2025)
 
-### Novità: 1
-- [#37647](https://parermine.regione.emilia-romagna.it/issues/37647) Aggiornamento librerie obsolete primo quadrimestre 2025
+### Bugfix: 1
+- [#35929](https://parermine.regione.emilia-romagna.it/issues/35929) Correzione errore imprevisto che si verifica nella gestione degli attributi dei dati specifici fascicoli
diff --git a/pom.xml b/pom.xml
@@ -4,10 +4,10 @@
 	<parent>
 		<groupId>it.eng.parer</groupId>
 		<artifactId>parer-pom</artifactId>
-        <version>7.1.0</version>
+        <version>7.1.2</version>
 	</parent>
 	<artifactId>versamento-fascicolo-v3</artifactId>
-	<version>1.5.1-SNAPSHOT</version>
+	<version>1.5.2-SNAPSHOT</version>
 	<name>Versamento Fascicolo 3.0</name>
 	<description>Progetto versamento-fascicolo-v3</description>
 <scm>
diff --git a/src/main/java/it/eng/parer/fascicolo/beans/impl/ControlliProfiliFascicoloService.java b/src/main/java/it/eng/parer/fascicolo/beans/impl/ControlliProfiliFascicoloService.java
@@ -810,11 +810,11 @@ private RispostaControlliAttSpec recuperaDatiDaXmlPSpec(StrutturaVersFascicolo s
 		    return rispostaControlliAttSpec;
 		}
 	    } else {
-		rispostaControlliAttSpec.setCodErr(MessaggiWSBundle.ERR_666);
-		rispostaControlliAttSpec
-			.setDsErr(MessaggiWSBundle.getString(MessaggiWSBundle.ERR_666,
-				"GestioneDatiSpec.parseDatiSpec.i dati specifici attesi "
-					+ "non coincidono con l'XSD "));
+		rispostaControlliAttSpec.setCodErr(MessaggiWSBundle.FAS_PF_SPEC_003_001);
+		rispostaControlliAttSpec.setDsErr(MessaggiWSBundle.getString(
+			MessaggiWSBundle.FAS_PF_SPEC_003_001, svf.getUrnPartChiaveFascicolo(),
+			"GestioneDatiSpec.parseDatiSpec.i dati specifici attesi "
+				+ "non coincidono con l'XSD "));
 		return rispostaControlliAttSpec;
 	    }
 	}
diff --git a/src/main/java/it/eng/parer/fascicolo/beans/utils/messages/MessaggiWSBundle.java b/src/main/java/it/eng/parer/fascicolo/beans/utils/messages/MessaggiWSBundle.java
@@ -428,6 +428,11 @@ private static String getDefaultErrorMessage(String key, Object... params) {
      */
     public static final String FAS_PF_SPEC_002_001 = "FAS_PF_SPEC-002-001";
 
+    /**
+     * Fascicolo {0}: Il profilo specifico è inesistente. {1}
+     */
+    public static final String FAS_PF_SPEC_003_001 = "FAS_PF_SPEC-003-001";
+
     /**
      * Fascicolo {0}: Errore nella verifica dei dati di profilo normativo del fascicolo. {1}
      */

Original file line number	Diff line number	Diff line change
`@@ -810,11 +810,11 @@ private RispostaControlliAttSpec recuperaDatiDaXmlPSpec(StrutturaVersFascicolo s`
`810`	`810`	`return rispostaControlliAttSpec;`
`811`	`811`	`}`
`812`	`812`	`} else {`
`813`		`- rispostaControlliAttSpec.setCodErr(MessaggiWSBundle.ERR_666);`
`814`		`- rispostaControlliAttSpec`
`815`		`- .setDsErr(MessaggiWSBundle.getString(MessaggiWSBundle.ERR_666,`
`816`		`- "GestioneDatiSpec.parseDatiSpec.i dati specifici attesi "`
`817`		`- + "non coincidono con l'XSD "));`
	`813`	`+ rispostaControlliAttSpec.setCodErr(MessaggiWSBundle.FAS_PF_SPEC_003_001);`
	`814`	`+ rispostaControlliAttSpec.setDsErr(MessaggiWSBundle.getString(`
	`815`	`+ MessaggiWSBundle.FAS_PF_SPEC_003_001, svf.getUrnPartChiaveFascicolo(),`
	`816`	`+ "GestioneDatiSpec.parseDatiSpec.i dati specifici attesi "`
	`817`	`+ + "non coincidono con l'XSD "));`
`818`	`818`	`return rispostaControlliAttSpec;`
`819`	`819`	`}`
`820`	`820`	`}`