We have an application which use MyBatis version 3.4.0 and as as part of the security scan we need to upgrade it to 3.5.6
But after upgrade we see there are issues when the attributes in the SQL is not matching exactly with entity class. As this is an existing application with 1000's of SQL statements , it's cumbersome to identify and change in each SQL. Is there any workaround for this ? Please suggest. Example: <resultMap type="com.test.Org" id="orgResult"> <result property="orgId" column="org_Id" /> </resultMap> <select id="getResponse" resultType="orgResult"> select org_id as orgId from table1 where ref = #{ref} </select> Above is not mapping the orgID value as the result property column name is different with the alias name in SQL statement. This works fine in 3.4.0 Thanks!
-- You received this message because you are subscribed to the Google Groups "mybatis-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/8508134f-6905-478f-b57f-4c0250622156n%40googlegroups.com. |
Hello, It probably is related to this fix made in version 3.5.4 : https://github.com/mybatis/mybatis-3/issues/1551 Basically, there was a bug in one of the built-in type handlers that used 'column name' instead of 'column label' when getting the result. In your case, this bug hid the misconfiguration in your result map when the app was developed. And now that the bug is fixed, the hidden problem is exposed. As an easy/temporary workaround, you can try disabling `useColumnLabel`, however, this could cause other problems for obvious reasons. https://mybatis.org/mybatis-3/configuration.html#settings You seem to understand this, but the right solution would be to correct the `column` value of `<result />` or to modify the column alias in the SQL. p.s. If your security concern is about the JDK's deserialization vulnerability, you can (and should) use the JEP-290 serialization filter. It is effective against any version of MyBatis (and most other libraries/frameworks), so you may be able to use MyBatis 3.5.3 which does not include the bug fix. https://docs.oracle.com/pls/topic/lookup?ctx=javase15&id=GUID-8296D8E8-2B93-4B9A-856E-0A65AF9B8C66 Regards, Iwao On Wed, Jan 6, 2021 at 4:43 PM Durgapriya Babu <[hidden email]> wrote: We have an application which use MyBatis version 3.4.0 and as as part of the security scan we need to upgrade it to 3.5.6 You received this message because you are subscribed to the Google Groups "mybatis-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/CA%2Buep2SS%3DY7FPjdxsD9eBZ_3n5_aRzWY22H%2BPw-QCDAGCYJC6A%40mail.gmail.com. |
Thanks Iwao. We need to migrate it to 3.5.6. So we are planning to fix the issues that were previously ignored in the older versions.
Is there any list of issues/recommendations available to follow to migrate from 3.4.0 ? As we have many mapper files with lot of SQL statements in many modules, we need to know the known issues that can be checked instead of changing all. Regards! On Wednesday, 6 January 2021 at 17:48:02 UTC+8 Iwao AVE! wrote:
You received this message because you are subscribed to the Google Groups "mybatis-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/2c0120d0-bbec-408b-993e-874d2b778f9dn%40googlegroups.com. |
The release notes are here: https://github.com/mybatis/mybatis-3/releases For each version, there are lists of enhancements, fixed bugs and possibly backward incompatible changes. If you have any difficulties with the upgrade, please post the details and we may be able to help. Regards, Iwao On Mon, Feb 1, 2021 at 1:48 PM Durgapriya Babu <[hidden email]> wrote: Thanks Iwao. We need to migrate it to 3.5.6. So we are planning to fix the issues that were previously ignored in the older versions. You received this message because you are subscribed to the Google Groups "mybatis-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/CA%2Buep2TPe9J%3D8KacpzB46OS_To2zbqGDatXJ5MEn15CNxJfF%2BQ%40mail.gmail.com. |
Hi, For resultMap not using the same column name as in alias, we are not getting any exception. But the value is not mapped and returned as null. Is there any configuration to enable for throwing exceptions when there is a mismatch in the resultMap? Thanks! On Monday, 1 February 2021 at 16:18:46 UTC+8 Iwao AVE! wrote:
You received this message because you are subscribed to the Google Groups "mybatis-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/f2b23903-474f-4cde-b629-fdad32d33422n%40googlegroups.com. |
You can try setting `autoMappingUnknownColumnBehavior` to `FAILING` or `WARNING`. There could be false-positives when the result map contains `<collection />` or `<association />`, but it would be better than nothing. The best solution always is to have unit/integration tests to assert every mapping. :) Regards, Iwao On Tue, Feb 2, 2021 at 1:33 PM Durgapriya Babu <[hidden email]> wrote:
You received this message because you are subscribed to the Google Groups "mybatis-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/CA%2Buep2RjnHRW-Y%3DLTCCXx%3DMAD%2BA837wDmB%3D3yRwCX%3Di1iqjKkg%40mail.gmail.com. |
Free forum by Nabble | Edit this page |