1
0
mirror of https://github.com/octoleo/plantuml-server.git synced 2024-12-21 16:29:03 +00:00

remove ALLOW_PLANTUML_INCLUDE + update to 1.2023.9

- update Plantuml to v1.2023.9
- PlantUML core removed `OptionFlags.ALLOW_INCLUDE` and uses now the `PLANTUML_SECURITY_PROFILE`
This commit is contained in:
HeinrichAD 2023-06-13 18:07:27 +02:00 committed by PlantUML
parent 09a7ce4973
commit 4202730c11
3 changed files with 22 additions and 21 deletions

View File

@ -18,11 +18,15 @@ PlantUML Server is a web application to generate UML diagrams on-the-fly.
> [PlantUML is **not** affected by the log4j vulnerability.](https://github.com/plantuml/plantuml/issues/826) > [PlantUML is **not** affected by the log4j vulnerability.](https://github.com/plantuml/plantuml/issues/826)
> **Breaking changes**: > **Breaking changes**:
> PlantUML Server sets `PLANTUML_SECURITY_PROFILE` to `INTERNET` by default starting with version `v1.2023.9`. > The PlantUML core removed the deprecated `ALLOW_PLANTUML_INCLUDE` environment property feature and switch to the
> You can change its behavior back to work like before if you set the environment variable `PLANTUML_SECURITY_PROFILE` to `LEGACY`. > `PLANTUML_SECURITY_PROFILE` concept with version `v1.2023.9`.
> But before you do that, please take a look to [PlantUMLs Security](https://plantuml.com/security) page. > All details about PlantUML's security can be found on <https://plantuml.com/security>.
>
> By default PlantUML server sets the `PLANTUML_SECURITY_PROFILE` to `INTERNET`.
> If you need more access to e.g. other ports than 80 (http) and 443 (https) or even access to local files, please
> consider using one of the allowlist features.
> It is strongly advised **not** to set the `PLANTUML_SECURITY_PROFILE` below `INTERNET`!
![PlantUML Server](https://raw.githubusercontent.com/plantuml/plantuml-server/master/docs/screenshot.png) ![PlantUML Server](https://raw.githubusercontent.com/plantuml/plantuml-server/master/docs/screenshot.png)
@ -122,6 +126,18 @@ You can set all the following variables:
* `BASE_URL` * `BASE_URL`
* PlantUML Base URL path * PlantUML Base URL path
* Default value: `ROOT` * Default value: `ROOT`
* `PLANTUML_SECURITY_PROFILE`
* Set PlantUML security profile. See [PlantUML security](https://plantuml.com/security).
* If you need more access to e.g. other ports than 80 (http) and 443 (https) or even access to local files, please consider using one of the allowlist features:
* `plantuml.allowlist.path`
* `plantuml.include.path`
* `plantuml.allowlist.url`
* It is strongly advised **not** to set the `PLANTUML_SECURITY_PROFILE` below `INTERNET`!
* Default value: `INTERNET`
* `PLANTUML_PROPERTY_FILE`
* Set PlantUML system properties (like over the Java command line using the `-Dpropertyname=value` syntax).
* To see what kind of file content is supported, see the documentation of [`java.util.Properties.load`](https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html#load-java.io.Reader-).
* Default value: `null`
* `PLANTUML_CONFIG_FILE` * `PLANTUML_CONFIG_FILE`
* Local path to a PlantUML configuration file (identical to the `-config` flag on the CLI) * Local path to a PlantUML configuration file (identical to the `-config` flag on the CLI)
* File content will be added before each PlantUML diagram code. * File content will be added before each PlantUML diagram code.
@ -138,16 +154,6 @@ You can set all the following variables:
* `HTTP_PROXY_READ_TIMEOUT` * `HTTP_PROXY_READ_TIMEOUT`
* when calling the `proxy` endpoint, the value of `HTTP_PROXY_READ_TIMEOUT` will be the connection read timeout in milliseconds * when calling the `proxy` endpoint, the value of `HTTP_PROXY_READ_TIMEOUT` will be the connection read timeout in milliseconds
* Default value: `10000` (10 seconds) * Default value: `10000` (10 seconds)
* `ALLOW_PLANTUML_INCLUDE`
* Enables `!include` processing which can read files from the server into diagrams. Files are read relative to the current working directory.
* Default value: `false`
* `PLANTUML_SECURITY_PROFILE`
* Set PlantUML security profile. See [PlantUML security](https://plantuml.com/security).
* Default value: `INTERNET`
* `PLANTUML_PROPERTY_FILE`
* Set PlantUML system properties (like over the Java command line using the `-Dpropertyname=value` syntax).
* To see what kind of file content is supported, see the documentation of [`java.util.Properties.load`](https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html#load-java.io.Reader-).
* Default value: `null`
## Alternate: How to build your docker image ## Alternate: How to build your docker image

View File

@ -61,7 +61,7 @@
<jetty.contextpath>/${wtp.contextName}</jetty.contextpath> <jetty.contextpath>/${wtp.contextName}</jetty.contextpath>
<!-- main versions --> <!-- main versions -->
<plantuml.version>1.2023.8</plantuml.version> <plantuml.version>1.2023.9</plantuml.version>
<!-- Please keep the jetty version identical with the docker image --> <!-- Please keep the jetty version identical with the docker image -->
<jetty.version>11.0.15</jetty.version> <jetty.version>11.0.15</jetty.version>
<!-- <!--

View File

@ -111,11 +111,6 @@ public class DiagramResponse {
return; return;
} }
initialized = true; initialized = true;
// set allow include to false by default
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
// set security profile to INTERNET by default // set security profile to INTERNET by default
// NOTE: this property is cached inside PlantUML and cannot be changed after the first call of PlantUML // NOTE: this property is cached inside PlantUML and cannot be changed after the first call of PlantUML
System.setProperty("PLANTUML_SECURITY_PROFILE", SecurityProfile.INTERNET.toString()); System.setProperty("PLANTUML_SECURITY_PROFILE", SecurityProfile.INTERNET.toString());