Fix 500 on request /api/openapi.yaml#193
Merged
jonbartels merged 1 commit intoOpenIntegrationEngine:mainfrom Dec 4, 2025
Merged
Fix 500 on request /api/openapi.yaml#193jonbartels merged 1 commit intoOpenIntegrationEngine:mainfrom
jonbartels merged 1 commit intoOpenIntegrationEngine:mainfrom
Conversation
jonbartels
previously approved these changes
Oct 22, 2025
kryskool
approved these changes
Oct 23, 2025
tonygermano
requested changes
Oct 23, 2025
Member
tonygermano
left a comment
tonygermano
left a comment
There was a problem hiding this comment.
sha1sum of the file matches that found at https://repo1.maven.org/maven2/org/yaml/snakeyaml/1.33/snakeyaml-1.33.jar.sha1
Is it possible to flesh out the commit message a bit and note that it is satisfying a dependency of jackson-dataformat-yaml-2.14.3.jar? I also find it helpful to add a trailer to the message referring to the issue along with the sign-off trailer, e.g., 5ff9715
I see that the pom file for jackson-dataformat-yaml-2.14.3.jar specifically requests version 1.33 of snakeyaml, but it has a "High" level CVE. Checking the changelog it appears there are minimal backward incompatible changes between 1.33 and the most recent version. Should we check to see if the most recent version of this library will work as a drop-in replacement to avoid introducing a library with a known vulnerability?
Contributor
|
I like @tonygermano's idea of trying to avoid introducing a dependency with a known vulnerability. |
Contributor
Author
|
Latest version fails with: <java.lang.NoSuchMethodError>
<detailMessage>'void com.fasterxml.jackson.core.base.GeneratorBase.<init>(int, com.fasterxml.jackson.core.ObjectCodec, com.fasterxml.jackson.core.io.IOContext)'</detailMessage>
<stackTrace>
<trace>com.fasterxml.jackson.dataformat.yaml.YAMLGenerator.<init>(YAMLGenerator.java:299)</trace>
<trace>com.fasterxml.jackson.dataformat.yaml.YAMLFactory._createGenerator(YAMLFactory.java:533)</trace>
<trace>com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createGenerator(YAMLFactory.java:482)</trace>
<trace>com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createGenerator(YAMLFactory.java:15)</trace>
<trace>com.fasterxml.jackson.databind.ObjectMapper.createGenerator(ObjectMapper.java:1215)</trace>
<trace>com.fasterxml.jackson.databind.ObjectMapper.writeValueAsString(ObjectMapper.java:3869)</trace>
<trace>io.swagger.v3.jaxrs2.integration.resources.BaseOpenApiResource.getOpenApi(BaseOpenApiResource.java:74)</trace>
<trace>io.swagger.v3.jaxrs2.integration.resources.OpenApiResource.getOpenApi(OpenApiResource.java:32)</trace>
<trace>java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</trace>
<trace>java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)</trace>
<trace>java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</trace>
<trace>java.base/java.lang.reflect.Method.invoke(Method.java:569)</trace>
<trace>com.mirth.connect.server.api.providers.MirthResourceInvocationHandlerProvider$1.invoke(MirthResourceInvocationHandlerProvider.java:219)</trace>
<trace>org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)</trace>
<trace>org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)</trace>
<trace>org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:160)</trace>
<trace>org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)</trace>
<trace>org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)</trace>
<trace>org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)</trace>
<trace>org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)</trace>
<trace>org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)</trace>
<trace>org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)</trace>
<trace>org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)</trace>
<trace>org.glassfish.jersey.internal.Errors.process(Errors.java:315)</trace>
<trace>org.glassfish.jersey.internal.Errors.process(Errors.java:297)</trace>
<trace>org.glassfish.jersey.internal.Errors.process(Errors.java:267)</trace>
<trace>org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)</trace>
<trace>org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)</trace>
<trace>org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)</trace>
<trace>org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471)</trace>
<trace>org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425)</trace>
<trace>org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383)</trace>
<trace>org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336)</trace>
<trace>org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223)</trace>
<trace>org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1656)</trace>
<trace>com.mirth.connect.server.api.providers.StrictTransportSecurityFilter.doFilter(StrictTransportSecurityFilter.java:33)</trace>
<trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
<trace>com.mirth.connect.server.MethodFilter.doFilter(MethodFilter.java:37)</trace>
<trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
<trace>com.mirth.connect.server.api.providers.RequestedWithFilter.doFilter(RequestedWithFilter.java:53)</trace>
<trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
<trace>com.mirth.connect.server.api.providers.ClickjackingFilter.doFilter(ClickjackingFilter.java:45)</trace>
<trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
<trace>com.mirth.connect.server.api.providers.ApiOriginFilter.doFilter(ApiOriginFilter.java:71)</trace>
<trace>org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552)</trace>
<trace>org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)</trace>
<trace>org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)</trace>
<trace>org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)</trace>
<trace>org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)</trace>
<trace>org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)</trace>
<trace>org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)</trace>
<trace>org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)</trace>
<trace>org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)</trace>
<trace>org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)</trace>
<trace>org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)</trace>
<trace>org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59)</trace>
<trace>org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)</trace>
<trace>org.eclipse.jetty.server.Server.handle(Server.java:516)</trace>
<trace>org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)</trace>
<trace>org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)</trace>
<trace>org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)</trace>
<trace>org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)</trace>
<trace>org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)</trace>
<trace>org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)</trace>
<trace>org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)</trace>
<trace>org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)</trace>
<trace>org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)</trace>
<trace>org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)</trace>
<trace>org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)</trace>
<trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)</trace>
<trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)</trace>
<trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)</trace>
<trace>org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)</trace>
<trace>org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)</trace>
<trace>org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)</trace>
<trace>org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)</trace>
<trace>java.base/java.lang.Thread.run(Thread.java:840)</trace>
</stackTrace>
<suppressedExceptions class="empty-list"/> |
Member
@mgaffigan How did you test? I just tried dropping snakeyaml-2.5.jar into the current main branch, and when I pulled https://localhost:8443/api/openapi.yaml it returned yaml with no java errors. |
Contributor
Author
The same as you describe, but it gave the above. Perhaps 146 updated a dependency. |
mgaffigan
force-pushed
the
bugfix/openapi-yaml
branch
from
43c62cb to
f1e6707
Compare
Contributor
Author
|
@tonygermano, after rebasing to main, I agree the error is not present with 2.5. Updated version and commit message. |
tonygermano
approved these changes
Nov 29, 2025
tonygermano
requested review from
a team,
gibson9583,
kayyagari,
kpalang and
pacmano1
and removed request for
a team
ssrowe
approved these changes
Dec 2, 2025
pacmano1
approved these changes
Dec 4, 2025
Adds missing dependency of jackson-dataformat-yaml-2.14.3.jar which is require to serialize the OpenAPI YAML file. Issue: OpenIntegrationEngine#189 Signed-off-by: Mitch Gaffigan <mitch.gaffigan@comcast.net>
jonbartels
force-pushed
the
bugfix/openapi-yaml
branch
from
f1e6707 to
8f103d6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #189 by adding missing dependency of a dependency.
Example after: