Allison, Timothy B. | 16 Dec 13:19 2015

[commons-io] TeeInputStream that ignores skip/reset?

  Over on Tika, we'd like a DigestingInputStream that ignores skip/reset (unlike Java's v <= 1.8 [0]). 
Before we reinvent the wheel, is there an InputStream similar to TeeInputStream that ignores
skip/reset, so that the Digester would only see the stream as if it were read sequentially without skip/reset?
  If we do reinvent the wheel, should we contribute this InputStream to commons-io as an alternate to TeeInputStream?
  Or, even more generally, are there other recommendations for handling this?  Thank you!



Derek Visch | 10 Dec 14:30 2015

VFS - JSCH - Preferred Authentication - gssapi-with-mic

We updated to jre8 from jre6 a while back, and had an issue with the
Kerberos Login and Kerberos Password prompt, basically we're providing the
password for an SFTP site, but we get a Kerberos Login prompt which causes
the program to wait for user input (Hitting enter manually twice allows the
program to run properly)

We are using commons-vfs2-2.0 and jsch .1.53

After some digging I found

But I didn't find anything that talked about VFS2 at all so I thought I'd
at least post this here to help the next poor person who runs into this
problem, and also ask if this has already been fixed, or if maybe I"m just
doing something wrong.

Note that the default preferred authentication options for JSCH are

local = VFS.getManager().toFileObject(new File(args.local_file))
FileSystemOptions opts = new FileSystemOptions();
"publickey,keyboard-interactive,password"); //Needed this in order to fix a
Kerberos Login / Password issue with the upgrade from jre6 to jre8
remote = VFS.getManager().resolveFile(buildFtpUrl(args), opts);

The code above works, what we had before was
local = VFS.getManager().toFileObject(new File(args.local_file))
(Continue reading)

Brian Pendell | 8 Dec 19:16 2015

[email] Use of digest-MD5 with MultiPartEmail

So I'm reviewing the example demonstrating how to use org.apache.commons.mail SimpleEmail and
MultiPartEmail variants
listed here:

It's fairly straightforward and I can get the example to work.

However, I do not want to store my password in cleartext.   Apache Tomcat allows the use of digested passwords
In web site authentication, so I assume there is a similar mechanism for SMTP as well.

What I do not see anywhere is a simple, easy tutorial describing how to implement this function. I want to
hash the password and store it, then at the proper time pass it on as part of the authentication. I also need
the SMTP server to understand that I am sending it a digested password; if it expects cleartext, it will of
course fail to authenticate.

A review of the Wiki discussion on SMTP authentication suggests there are no less than three ways to
accomplish this: To indicate that I want to use CRAM-MD5, MD5, or DIGEST-MD5  as an authentication method.

What I'm not seeing is how to modify the Apache example to use one of these forms of authentication.

Is there a simple , easy-to-use example which will help me get this done?


Brian P.
Spico Florin | 8 Dec 11:55 2015

[vfs] When will be the next release 2.1?

  I would like to know when will be the next release.

I would like to use the watching folders changes feature provided by vfs,
in an OSGI context. With the current version is hard to achieve this.

I look forward for your answers.
Roger Membreno | 7 Dec 22:26 2015

[vfs] New Properties for FtpFileSystemConfigBuilder

Hello Apache Community, how are you doing?

We use Commons VFS in our FTP connection projects, and for a recent project
we only able to connect to our FTP site when using Passive mode.  If we
used Active mode we could login to the FTP site but all files in the
directory did not exist and could not be accessed.

Since our server is behind a firewall with NAT translation we determined
that the data connection could not be established even if we opened up some
ports on the firewall.  We were able to connect to the FTP site using a
stanadalone FTPClient by setting the following properties to match our NAT
security settings:

With these properties set the PORT command issued by our client to the FTP
site will create a valid data connection.  What I'd like to do is submit a
change via GitHub that does the following:
1. Add "reportActiveExternalIPAddress" and "activePortRange" properties to
the class org.apache.commons.vfs2.provider.ftp.FtpFileSystemConfigBuilder
2. Ehance createConnection in
org.apache.commons.vfs2.provider.ftp.FtpClientFactory to read these new
FtpFileSystemConfigBuilder properties from the config instance and set them
on the FTPClient.

Let me know if you have any questions.  If you think this is a good change
I'll make a new issue in JIRA for this enhancement.  I also think that
these changes could help resolve VFS-201 (

(Continue reading)

Oliver Heger | 6 Dec 18:23 2015

[ANNOUNCEMENT] Commons Configuration 2.0-beta2 Released

The Apache Commons Team is pleased to announce the availability of
Apache Commons Configuration 2.0-beta2.

The Commons Configuration software library provides a generic
configuration interface which enables an application to read
configuration data from a variety of sources.

This is another beta release incorporating some minor API changes in
reaction to community feedback. Hopefully the API is stabilizing towards
the final 2.0 release.

Version 2 is a major redesign of the Configuration API.
It breaks compatibility in many areas and, therefore, is not a drop-in
replacement for Commons Configuration 1.x. The main purpose of this
series of alpha and beta releases is to gather feedback from the
community about the reworked API. IT IS NOT YET PRODUCTION READY. There
may still be some changes on the public API.

A full list of all changes can be found in the release notes at

There is also an upgrade guide available for users of version 1.x at

Source and binary distributions are available for download from the
Apache Commons download site:

When downloading, please verify signatures using the KEYS file available
(Continue reading)

Anthony Biacco | 5 Dec 10:07 2015

[dbcp] JMX mbean doesn't exist after upgrade to 2.1/2.1.1

I was running dbcp 2.0.1 with pool 2.4.2.
I updated dbcp to 2.1 and the mbean org.apache.commons.pool2 doesn't exist
anymore. 2.1.1 is a no-go as well
I'm running under Tomcat 8.0.28

Could this have to do with: ?

Example of one of my resources is:

                name="jdbc/NAME" auth="Container"
                validationQuery="/* ping */"
(Continue reading)

Kapil Raaj | 3 Dec 15:24 2015

Comment doesn't work as expected

Hi guys,

I have a row which starts with "#", when writing this I get extra quote
before and after the data if it starts with any character <= '#' as it is

I am using spark-csv. Even tried doing .option("comment", null) but didn't


Let me know if any work around by which I can just print any data starting
with '#' without quote. Else I believe it is bug.


-Kapil Rajak <>
Danny Leshem | 28 Nov 15:11 2015

[VALIDATOR] JavaScript port of commons-validator

commons-validator-js <> is a
partial JavaScript port of commons-validator (currently EmailValidator and

*Long version-*
commons-validator's EmailValidator is by far the best and most
comprehensive email validator out there.

Unfortunately, there's no equivalent JavaScript implementation.
Specifically, I couldn't find a JavaScript email validation library that A)
works offline, and B) validates top level domains (e.g. fails
"chuck.norris <at> gmail.con").

Introducing: commons-validator-js, a JavaScript version of EmailValidator
and DomainValidator, each accompanied by a complete test case.

The only challenge was working around some issues with JavaScript's regexp
implementation, e.g. no support for lookbehind or "\p{...}". Eventually I
commented-out 2-3 tests that still fail, but these were edge cases that
didn't really bother me.
Thomas Neidhart | 27 Nov 21:29 2015

[ANNOUNCEMENT] Apache Commons Collections 4.1 Released

The Apache Commons team is pleased to announce the release of Apache
Commons Collections 4.1. The release is available for download at

Apache Commons Collections is a project to develop and maintain
collection classes based on and inspired by the JDK collection framework.

This Collections 4.1 release is a security and minor release, adding new
features and fixing several bugs present in the previous release of the
4.X branch.

Additionally, this release provides a fix for a known remote code
exploitation via the standard java object serialization mechanism.
Serialization support for unsafe classes in the functor package
has been removed. For more details, please refer to COLLECTIONS-580.

All users are strongly encouraged to updated to this release.

See the release-notes at

for a full list of changes.

Please verify signatures using the KEYS file available at the above
location when downloading the release.

For complete information on collections, including instructions on how
(Continue reading)

Balázs Zsoldos | 27 Nov 08:45 2015

[jexl] 3.0 release date?


Do you have any plan when JEXL 3.0 could be released? There are 46 resolved
or closed issues in Jira and there is no unresolved one.

Thanks and regards,
*Balázs **Zsoldos*