chore: migrate javax.* to Jakarta EE namespace (big bang) by yingbull · Pull Request #652 · carlos-emr/carlos

yingbull · 2026-03-15T23:23:12Z

User description

Bulk migration of the entire CARLOS EMR codebase from javax.* to
jakarta.* namespace, upgrading all frameworks to Jakarta EE 10
compatible versions.

Dependency upgrades (pom.xml):

Spring Framework 5.3.39 → 6.2.17
Hibernate ORM 5.6.15 → 6.6.40.Final (org.hibernate.orm groupId)
Apache Struts 6.8.0 → 7.1.1 GA
Apache CXF 3.6.9 → 4.1.5
Servlet API 4.0.1 → 6.0.0 (jakarta.servlet)
JSP API 2.3.3 → 3.1.0 (jakarta.servlet.jsp)
JSTL 1.2.5 → 3.0.1 (jakarta.servlet.jsp.jstl)
JAXB API 2.3.1 → 4.0.2, Runtime 2.3.9 → 4.0.5
Annotations API 1.3.2 → 2.1.1 (jakarta.annotation)
Inject API 1 → 2.0.1 (jakarta.inject)
Mail: com.sun.mail → org.eclipse.angus:angus-mail:2.0.3
jaxws-ri 2.3.7 → 4.0.3, saaj-impl 1.5.3 → 3.0.4
DisplayTag 2.9.0 → 3.7.0, JavaMelody 1.99.4 → 2.6.0
CSRFGuard 4.5.0 → 4.5.0-jakarta

Java imports (~1,629 files):

javax.servlet → jakarta.servlet
javax.persistence → jakarta.persistence
javax.xml.bind → jakarta.xml.bind
javax.xml.ws → jakarta.xml.ws, javax.xml.soap → jakarta.xml.soap
javax.ws.rs → jakarta.ws.rs, javax.jws → jakarta.jws
javax.annotation.{PostConstruct,PreDestroy,Resource,Nonnull} → jakarta.annotation.*
javax.inject → jakarta.inject
javax.mail → jakarta.mail, javax.activation → jakarta.activation

Struts 7 migration (~410 files):

com.opensymphony.xwork2.* → org.apache.struts2.*
struts.xml DTD: struts-6.0.dtd → struts-7.0.dtd

JSP JSTL taglib URIs (~681 files):

http://java.sun.com/jsp/jstl/core → jakarta.tags.core
http://java.sun.com/jsp/jstl/fmt → jakarta.tags.fmt
http://java.sun.com/jsp/jstl/functions → jakarta.tags.functions

Config files:

web.xml: Jakarta EE 6.0 namespace
persistence.xml: Jakarta Persistence 3.0 namespace
Dockerfile: Tomcat 9.0.97 → 10.1 (Jakarta Servlet 6.0)

JDK javax packages preserved (not migrated):
javax.crypto, javax.net.ssl, javax.security.auth, javax.imageio,
javax.naming, javax.sql, javax.xml.parsers, javax.xml.xpath,
javax.xml.transform, javax.swing, etc.

https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Description

This PR includes a bulk migration of the CARLOS EMR codebase from javax.* to jakarta.* namespace, upgrading all frameworks to Jakarta EE 10 compatible versions.

Refactored JasperReport templates to comply with the new XML structure and standards.
Updated import statements in Java files to reflect the migration to Jakarta EE.
Enhanced readability and maintainability of report templates.

Changes walkthrough 📝

Relevant files

Enhancement

billDaySheet.xml `Refactor JasperReport Template for Bill Day Sheet` src/main/resources/oscar/oscarReport/pageUtil/billDaySheet.xml Updated XML structure for JasperReports. Changed element attributes to align with new standards. Removed unnecessary comments and whitespace. Enhanced readability and maintainability of the report template.	+647/-1255
reflabel.xml `Refactor JasperReport Template for Referral Label` src/main/resources/org/oscarehr/common/web/reflabel.xml Streamlined XML structure for JasperReports. Updated element attributes for consistency. Removed deprecated elements and comments. Improved formatting for better clarity.	+37/-81
Textualizer.java `Update Import for Jakarta EE Compatibility` src/main/java/io/github/carlos_emr/carlos/util/Textualizer.java Updated import statement from `javax.persistence.Column` to `jakarta.persistence.Column`. Ensured compatibility with Jakarta EE standards.	+1/-1

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

Bulk migration of the entire CARLOS EMR codebase from javax.* to jakarta.* namespace, upgrading all frameworks to Jakarta EE 10 compatible versions. **Dependency upgrades (pom.xml):** - Spring Framework 5.3.39 → 6.2.17 - Hibernate ORM 5.6.15 → 6.6.40.Final (org.hibernate.orm groupId) - Apache Struts 6.8.0 → 7.1.1 GA - Apache CXF 3.6.9 → 4.1.5 - Servlet API 4.0.1 → 6.0.0 (jakarta.servlet) - JSP API 2.3.3 → 3.1.0 (jakarta.servlet.jsp) - JSTL 1.2.5 → 3.0.1 (jakarta.servlet.jsp.jstl) - JAXB API 2.3.1 → 4.0.2, Runtime 2.3.9 → 4.0.5 - Annotations API 1.3.2 → 2.1.1 (jakarta.annotation) - Inject API 1 → 2.0.1 (jakarta.inject) - Mail: com.sun.mail → org.eclipse.angus:angus-mail:2.0.3 - jaxws-ri 2.3.7 → 4.0.3, saaj-impl 1.5.3 → 3.0.4 - DisplayTag 2.9.0 → 3.7.0, JavaMelody 1.99.4 → 2.6.0 - CSRFGuard 4.5.0 → 4.5.0-jakarta **Java imports (~1,629 files):** - javax.servlet → jakarta.servlet - javax.persistence → jakarta.persistence - javax.xml.bind → jakarta.xml.bind - javax.xml.ws → jakarta.xml.ws, javax.xml.soap → jakarta.xml.soap - javax.ws.rs → jakarta.ws.rs, javax.jws → jakarta.jws - javax.annotation.{PostConstruct,PreDestroy,Resource,Nonnull} → jakarta.annotation.* - javax.inject → jakarta.inject - javax.mail → jakarta.mail, javax.activation → jakarta.activation **Struts 7 migration (~410 files):** - com.opensymphony.xwork2.* → org.apache.struts2.* - struts.xml DTD: struts-6.0.dtd → struts-7.0.dtd **JSP JSTL taglib URIs (~681 files):** - http://java.sun.com/jsp/jstl/core → jakarta.tags.core - http://java.sun.com/jsp/jstl/fmt → jakarta.tags.fmt - http://java.sun.com/jsp/jstl/functions → jakarta.tags.functions **Config files:** - web.xml: Jakarta EE 6.0 namespace - persistence.xml: Jakarta Persistence 3.0 namespace - Dockerfile: Tomcat 9.0.97 → 10.1 (Jakarta Servlet 6.0) **JDK javax packages preserved (not migrated):** javax.crypto, javax.net.ssl, javax.security.auth, javax.imageio, javax.naming, javax.sql, javax.xml.parsers, javax.xml.xpath, javax.xml.transform, javax.swing, etc. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

- Jackson: jackson-module-jaxb-annotations → jackson-module-jakarta-xmlbind-annotations - Jackson: jackson-jaxrs-json-provider → jackson-jakarta-rs-json-provider - applicationContextREST.xml: JaxbAnnotationIntrospector → JakartaXmlBindAnnotationIntrospector - applicationContextREST.xml: JacksonJaxbJsonProvider → JacksonJsonProvider (Jakarta variant) - JasperReports: 6.21.5 → 7.0.3 (Jakarta EE 10 compatible) - Fixed 19 JSPF files with old JSTL taglib URIs (sed missed .jspf extension) - Fixed 4 JSP files with remaining javax references in scriptlets: - renal/*.jsp: javax.xml.bind → jakarta.xml.bind - admin/providerAddRole.jsp: javax.persistence → jakarta.persistence - provider/providerupdatepreference.jsp: javax.persistence → jakarta.persistence https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Replace deprecated KieHelper (internal API) with standard KieServices/ KieFileSystem/KieBuilder pipeline. Replace 4 individual Drools deps (kie-api, drools-core, drools-compiler, drools-mvel) with single drools-engine aggregator. Remove mvel2 version override (managed by Drools 10). Use UUID-based ReleaseId for thread-safe concurrent DRL compilation. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Update KieHelper references in CLAUDE.md, DroolsHelperUnitTest JavaDoc, and RuleBaseCreator JavaDoc to reflect the Drools 10 standard KIE API. Fix ReleaseId group ID to use underscore (io.github.carlos_emr) matching the project package convention. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

…tale refs Dispose KieContainer and remove KieModule from global KieRepository after extracting KieBase in DroolsHelper.createKieBaseFromDrl(). Without this, each compilation permanently registers a KieModule in the singleton KieRepository, causing unbounded heap growth in long-running servers. Also update remaining Drools 7.74.1 version references across 11 files (DroolsNumerator 1/2/4/5, PreventionDS, PreventionDSImpl, WorkFlowDSFactory, RuleBaseCreator, and 3 test files) to reflect Drools 10.0.0. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

…ation Plain buildAll() defaults to DrlProject (non-executable model), which is deprecated in Drools 10. Explicitly pass ExecutableModelProject.class to opt into the executable model compiler provided by drools-engine. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

- OscarMySQL5Dialect: extend MySQLDialect (Hibernate 6) instead of removed MySQL5Dialect; remove registerHibernateType calls (handled natively by Hibernate 6) - DroolsHelper: wrap KIE pipeline in try/finally to prevent KieModule leak on exception; catch RuntimeException from executable model compiler and wrap as DroolsCompilationException for callers - CLAUDE.md: update all stale version references (Spring 6.2.17, Hibernate 6.6.40, Struts 7.1.1, Tomcat 10.1, CXF 4.1.5) - Drools docs: fix 3 stale KieHelper references, DRL count (38→39), broken ToC anchor - Fix stale comments in CarlosWebTestBase (Struts 6.x→7.x), DrlCompilationIntegrationTest (Drools 7.x→10.x), copilot-instructions.md, docs/README.md, pom.xml https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Plan for upgrading JasperReports usage to be fully JR7-compatible: - Add missing extension artifacts (jasperreports-pdf, jasperreports-jdt) - Fix 4 Java files with broken imports/removed APIs - Convert 40 JRXML templates from v6 to v7 format - Delete/recompile 3 stale .jasper binary files https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

…dencies Complete JasperReports 6.x → 7.x migration for Jakarta EE 10 compatibility: **pom.xml**: Add split extension artifacts required by JR7: - jasperreports-pdf (JRPdfExporter moved from core) - jasperreports-jdt (runtime JRXML compilation) - jasperreports-excel-poi (JRXlsxExporter moved from core) **Java API fixes** (4 files): - PdfRecordPrinter: Replace removed JRExporter/JRExporterParameter API with modern SimpleExporterInput/SimpleOutputStreamExporterOutput - FrmBCAR20202Action, FrmRourke2017Record, FrmRourke2020Record: Update JRPdfExporter import (engine.export → pdf package) **JRXML format conversion** (40 files): - Convert all templates from JR6 Digester XML to JR7 Jackson XML format - Element tags (staticText, textField, image, etc.) → <element kind="..."> - Flatten reportElement/textElement/font into element attributes - Rename expressions (textFieldExpression → expression, etc.) - Restructure band sections (remove wrapper for single-band sections) - Preserve CDATA sections in all expressions **Pre-compiled .jasper files** (3 files removed): - Delete JR6-binary .jasper files (incompatible with JR7) - Update subreport references to load .jrxml source at runtime **Converter tool**: Add scripts/convert_jrxml_v6_to_v7.py for future use https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

…ormat The initial JR7 migration only converted .jrxml files. 12 JasperReports templates with .xml extensions (labels, day sheets, demographic forms, BC billing) were still in JR6 Digester format and would fail at runtime. Also updates the converter script to accept .xml files when explicitly specified, and fixes label-appt.xml XML declaration ordering. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

…ibility The Spring modules had explicit version 5.3.39 (javax.* namespace) that overrode the spring-framework-bom 6.2.17 already declared in dependencyManagement. Spring 5.x is incompatible with the Jakarta EE 10 stack (Tomcat 10.1, Hibernate 6, Struts 7, CXF 4.1.5) already in use. All 9 Spring modules updated: spring-core, spring-tx, spring-orm, spring-webmvc, spring-web, spring-aspects, spring-test, spring-aop, spring-context-support. No code changes required — codebase already uses jakarta.* imports. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

- commons-io 2.18.0 → 2.22.0 - jsoup 1.17.2 → 1.22.1 - bcpkix-jdk18on 1.79 → 1.83 Minor version bumps, no API changes required. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

- JAXB namespace: java.sun.com/xml/ns/jaxb → jakarta.ee/xml/ns/jaxb - DatatypeConverter: javax.xml.bind → jakarta.xml.bind - Binding version: 1.0 → 3.0 Aligns the CXF client stub generation tooling with the Jakarta EE 10 stack already used by all production code. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Replace Apache Commons FileUpload 1.6.0 with the built-in Jakarta Servlet 6.0 Part API (HttpServletRequest.getParts()), eliminating the third-party dependency entirely. Files migrated: - CarlosCsrfGuardFilter: replace ServletFileUpload.isMultipartContent() with a simple content-type check - DocumentMgtUploadServlet: migrate from deprecated DiskFileUpload to Part API, add PathValidationUtils for path traversal prevention - DocumentUploadServlet: migrate from ServletFileUpload/DiskFileItemFactory to Part API (PathValidationUtils already present) - UploadImage: migrate from deprecated DiskFileUpload to Part API, add PathValidationUtils and OWASP encoding for XSS prevention - DocumentTeleplanReportUploadServlet (BC): migrate from deprecated DiskFileUpload to Part API, add PathValidationUtils Also adds multipart-config to web.xml for all 3 registered upload servlets (50 MB file/request limit, 1 MB memory threshold) and removes the commons-fileupload dependency from pom.xml. Removes ~270 lines of dead commented-out legacy multipart parsing code from DocumentMgtUploadServlet and DocumentTeleplanReportUploadServlet. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

@PersistenceContext

Spring 6 auto-detects @PersistenceContext and @PersistenceUnit annotations via CommonAnnotationBeanPostProcessor, making the explicit PersistenceAnnotationBeanPostProcessor bean definition unnecessary. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Covers five phases: JUnit 4 test migration (blocker), Jakarta EE 11 API version bumps, Spring Framework 7.0.6 upgrade, Tomcat 11 container switch, and full verification. Includes risk assessment and dependency compatibility matrix. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

The 362 legacy JUnit 4 tests should already have been migrated to JUnit 5. Restructured plan to list this as a prerequisite rather than a separate phase, reducing the upgrade to 4 phases: API bumps, Spring 7, Tomcat 11, and verification. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

The JUnit 4 to 5 migration was completed in PR #591 (commit e78a564): - 334 legacy tests migrated to JUnit 5 in src/test-modern/ (450 files) - src/test/java/ cleared of all Java files - 24 deferred tests tracked for future recreation - Plan now shows all prerequisites as met, 4 clean phases remain https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

sourcery-ai

Sorry, we are unable to review this pull request

The GitHub API does not allow us to fetch diffs exceeding 300 files, and this pull request has 2517

coderabbitai · 2026-03-15T23:23:19Z

Important

Review skipped

Too many files!

This PR contains 300 files, which is 150 over the limit of 150.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 515243f2-257a-45b4-a6aa-5f63a18b56ed

📥 Commits

Reviewing files that changed from the base of the PR and between b6c3f00 and 7847192.

📒 Files selected for processing (300)

.devcontainer/development/Dockerfile
.github/copilot-instructions.md
.plan
CLAUDE.md
dependencies-lock-modern.json
dependencies-lock.json
docs/README.md
docs/archive/legacy-tests/mcedt/DeleteEDTTest.java
docs/archive/legacy-tests/mcedt/DownloadEDTTest.java
docs/archive/legacy-tests/mcedt/InfoEDTTest.java
docs/archive/legacy-tests/mcedt/SubmitEDTTest.java
docs/archive/legacy-tests/mcedt/UpdateEDTTest.java
docs/archive/legacy-tests/webserv/BaseRestServiceTest.java
docs/drools-decision-support-system.md
plan.md
pom.xml
scripts/convert_jrxml_v6_to_v7.py
src/main/java/ca/ontario/health/ebs/EbsFault.java
src/main/java/ca/ontario/health/ebs/EbsHeader.java
src/main/java/ca/ontario/health/ebs/ObjectFactory.java
src/main/java/ca/ontario/health/ebs/idp/IdpHeader.java
src/main/java/ca/ontario/health/ebs/idp/ObjectFactory.java
src/main/java/ca/ontario/health/ebs/idp/package-info.java
src/main/java/ca/ontario/health/ebs/msa/MsaHeader.java
src/main/java/ca/ontario/health/ebs/msa/ObjectFactory.java
src/main/java/ca/ontario/health/ebs/msa/package-info.java
src/main/java/ca/ontario/health/ebs/package-info.java
src/main/java/ca/ontario/health/edt/CommonResult.java
src/main/java/ca/ontario/health/edt/CsnData.java
src/main/java/ca/ontario/health/edt/Delete.java
src/main/java/ca/ontario/health/edt/DeleteResponse.java
src/main/java/ca/ontario/health/edt/Detail.java
src/main/java/ca/ontario/health/edt/DetailData.java
src/main/java/ca/ontario/health/edt/Download.java
src/main/java/ca/ontario/health/edt/DownloadData.java
src/main/java/ca/ontario/health/edt/DownloadResponse.java
src/main/java/ca/ontario/health/edt/DownloadResult.java
src/main/java/ca/ontario/health/edt/EDTDelegate.java
src/main/java/ca/ontario/health/edt/EDTService.java
src/main/java/ca/ontario/health/edt/Faultexception.java
src/main/java/ca/ontario/health/edt/GetTypeList.java
src/main/java/ca/ontario/health/edt/GetTypeListResponse.java
src/main/java/ca/ontario/health/edt/Info.java
src/main/java/ca/ontario/health/edt/InfoResponse.java
src/main/java/ca/ontario/health/edt/List.java
src/main/java/ca/ontario/health/edt/ListResponse.java
src/main/java/ca/ontario/health/edt/ObjectFactory.java
src/main/java/ca/ontario/health/edt/ResourceAccess.java
src/main/java/ca/ontario/health/edt/ResourceResult.java
src/main/java/ca/ontario/health/edt/ResourceStatus.java
src/main/java/ca/ontario/health/edt/ResponseResult.java
src/main/java/ca/ontario/health/edt/Submit.java
src/main/java/ca/ontario/health/edt/SubmitResponse.java
src/main/java/ca/ontario/health/edt/TypeListData.java
src/main/java/ca/ontario/health/edt/TypeListResult.java
src/main/java/ca/ontario/health/edt/Update.java
src/main/java/ca/ontario/health/edt/UpdateRequest.java
src/main/java/ca/ontario/health/edt/UpdateResponse.java
src/main/java/ca/ontario/health/edt/Upload.java
src/main/java/ca/ontario/health/edt/UploadData.java
src/main/java/ca/ontario/health/edt/UploadResponse.java
src/main/java/ca/ontario/health/edt/package-info.java
src/main/java/ca/ontario/health/hcv/Faultexception.java
src/main/java/ca/ontario/health/hcv/FeeServiceDetails.java
src/main/java/ca/ontario/health/hcv/HCValidation.java
src/main/java/ca/ontario/health/hcv/HCValidationImpl.java
src/main/java/ca/ontario/health/hcv/HCValidationService.java
src/main/java/ca/ontario/health/hcv/HcvRequest.java
src/main/java/ca/ontario/health/hcv/HcvResults.java
src/main/java/ca/ontario/health/hcv/ObjectFactory.java
src/main/java/ca/ontario/health/hcv/Person.java
src/main/java/ca/ontario/health/hcv/Requests.java
src/main/java/ca/ontario/health/hcv/ResponseID.java
src/main/java/ca/ontario/health/hcv/Validate.java
src/main/java/ca/ontario/health/hcv/ValidateResponse.java
src/main/java/ca/ontario/health/hcv/package-info.java
src/main/java/io/github/carlos_emr/AppointmentMainBean.java
src/main/java/io/github/carlos_emr/Dict.java
src/main/java/io/github/carlos_emr/DocumentMgtUploadServlet.java
src/main/java/io/github/carlos_emr/DocumentUploadServlet.java
src/main/java/io/github/carlos_emr/SxmlMisc.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/common/CaseManagementLinkTag.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/common/OscarDemographicLinkTag.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/common/OscarTag.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/AgencyDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ClientReferralDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaSelectionOptionDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaTypeDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaTypeOptionDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/DefaultRoleAccessDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/FormsDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramAccessDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramClientRestrictionDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramClientStatusDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramFunctionalUserDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramProviderDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramQueueDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramSignatureDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramTeamDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProviderDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/SecUserRoleDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/VacancyClientMatchDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/VacancyDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/VacancyTemplateDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/WaitlistDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/Criteria.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/CriteriaSelectionOption.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/CriteriaType.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/CriteriaTypeOption.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/Program.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramAccess.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramClientStatus.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramTeam.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/Vacancy.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/VacancyClientMatch.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/VacancyTemplate.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/service/AdmissionManagerImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/service/ClientManagerImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/service/ClientRestrictionManagerImpl.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/utility/Utility.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/AllWaitingList2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ClientManager2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ClientSearchAction22Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/Home2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/PMMFilter.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ProgramUtils.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ProviderInfo2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ProviderSearch2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/VacancyClientMatch2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/AdminHome2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/AgencyManager2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/DefaultRoleAccess2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/FacilityManager2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/ProgramManager2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/ProgramManagerView2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/StaffManager2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/reports/ActivityReport2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/reports/BasicReport2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/reports/ClientListsReport2Action.java
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/utils/UserRoleUtils.java
src/main/java/io/github/carlos_emr/carlos/admin/lookUpLists/LookupListManager2Action.java
src/main/java/io/github/carlos_emr/carlos/admin/reports/SaveOnCallClinic2Action.java
src/main/java/io/github/carlos_emr/carlos/admin/traceability/GenerateTrace2Action.java
src/main/java/io/github/carlos_emr/carlos/admin/traceability/GenerateTraceabilityReport2Action.java
src/main/java/io/github/carlos_emr/carlos/admin/traceability/GenerateTraceabilityUtil.java
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceDataConsumer.java
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceDataProcessor.java
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceabilityReportConsumer.java
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceabilityReportProcessor.java
src/main/java/io/github/carlos_emr/carlos/admin/web/AuditLogPurge2Action.java
src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java
src/main/java/io/github/carlos_emr/carlos/app/CsrfGuardScriptInjectionFilter.java
src/main/java/io/github/carlos_emr/carlos/app/HttpMethodGuardFilter.java
src/main/java/io/github/carlos_emr/carlos/app/LogoutBroadcastFilter.java
src/main/java/io/github/carlos_emr/carlos/app/MultiReadHttpServletRequest.java
src/main/java/io/github/carlos_emr/carlos/app/XforwardHeaderFilter.java
src/main/java/io/github/carlos_emr/carlos/appointment/search/Provider.java
src/main/java/io/github/carlos_emr/carlos/appt/AppointmentMailer.java
src/main/java/io/github/carlos_emr/carlos/appt/ApptUtil.java
src/main/java/io/github/carlos_emr/carlos/appt/status/web/AppointmentStatus2Action.java
src/main/java/io/github/carlos_emr/carlos/appt/tld/NextApptTag.java
src/main/java/io/github/carlos_emr/carlos/appt/web/AppointmentType2Action.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillRecipientsDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillingHistoryDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillingNoteDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillingStatusTypesDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/CtlServiceCodesDxCodesDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7LinkDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7MessageDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7MshDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7ObrDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7ObxDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7OrcDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7PidDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanAdjCodesDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanC12Dao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanRefusalCodeDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS00Dao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS21Dao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS22Dao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS23Dao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS25Dao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/WcbDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/WcbNoiCodeDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillRecipients.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingHistory.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingNotes.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingPrivateTransactions.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingStatusTypes.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingTrayFee.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/CtlServiceCodesDxCodes.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Link.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Message.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Msh.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Obr.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Obx.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Orc.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Pid.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/LogTeleplanTx.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanAdjCodes.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanC12.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanRefusalCode.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanResponseLog.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS00.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS21.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS22.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS23.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS25.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanSubmissionLink.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Wcb.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/WcbBpCode.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/WcbNoiCode.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONDiskNameDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONFavouriteDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONFilenameDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONHeaderDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingPercLimitDao.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/Billing3rdPartyAddress.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONDiskName.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONFavourite.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONFilename.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONHeader.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONProc.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingPercLimit.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/util/DisplayInvoiceLogo2Action.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/BatchBill2Action.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/BillingONPayments2Action.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/ManageCSS2Action.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/MoveMOHFiles2Action.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/BillActivityDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/BillingDetailDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/BillingInrDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/GstControlDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/WcbBpCodeDaoImpl.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/BillActivity.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/BillingDetail.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/BillingInr.java
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/GstControl.java
src/main/java/io/github/carlos_emr/carlos/billings/MSP/DocumentTeleplanReportUploadServlet.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/CreateBillingReport2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/DocumentTeleplanReportUploadServlet.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/GenTa2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/administration/TeleplanCorrectionActionWCB2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/BillingPreference.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/BillingPreferencesDAO.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/BillingmasterDAO.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/PrivateBillTransactionsDAO.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/SupServiceCodeAssocDAO.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/AddReferralDoc2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/AssociateCodes2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/Billing2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingAddCode2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingCreateBilling2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingEditCode2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingReProcessBill2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingSaveBilling2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingUpdateBilling2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingView2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/DeleteServiceCodeAssoc2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/EditServiceCodeAssoc2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/GenerateTeleplanFile2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ManageTeleplan2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ReceivePayment2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SaveAssoc2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SaveBillingPreferences2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ShowServiceCodeAssocs2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SimulateTeleplanFile2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SupServiceCodeAssoc2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ViewBillingPreferences2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ViewReceivePayment2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ViewWCB2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/WCBAction22Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/privateBilling/PrivateBillingController.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/quickbilling/QuickBillingBC2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/quickbilling/QuickBillingBCSave2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/OHIP/ScheduleOfBenefitsUpdate2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/OHIP/ScheduleOfBenefitsUpload2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingCorrection2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingCorrectionPrep.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingDocumentErrorReportUpload2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingReviewPrep.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingSavePrep.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingSpecPrep.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/PatientEndYearStatement2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/PaymentType2Action.java
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_report.jrxml
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jasper
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml
src/main/java/io/github/carlos_emr/carlos/caisi/IsModuleLoadTag.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/common/BasicTag.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementCPPDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementIssueDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAO.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteExtDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteLinkDAOImpl.java
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/ClientImageDAOImpl.java

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch claude/migrate-jakarta-ee-inGo8

📝 Coding Plan

Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Copilot

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

scripts/convert_jrxml_v6_to_v7.py

+import sys
+import os
+import re
+import glob


scripts/convert_jrxml_v6_to_v7.py

+import re
+import glob
+import argparse
+import copy


src/main/java/io/github/carlos_emr/carlos/eform/upload/UploadImage.java

+                MiscUtils.getLogger().debug(fileheader + " uploaded to " + foldername);
+
+                try (InputStream in = part.getInputStream()) {
+                    Files.copy(in, savedFile.toPath());


...java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/DocumentTeleplanReportUploadServlet.java


-                    item.write(savedFile);
+                try (InputStream in = part.getInputStream()) {
+                    Files.copy(in, savedFile.toPath());


In general, to fix uncontrolled path usage for uploads you must: (1) normalize and sanitize the user‑provided name to remove path components and reject suspicious patterns, and (2) ensure the final resolved path is strictly contained within a predefined directory that you control and that directory is itself validated.

In this codebase, the best fix with minimal behavior change is to (a) harden PathValidationUtils.validatePath so it validates that allowedDir exists and is a directory, and so it explicitly ensures the constructed file is inside that directory via a canonical containment check, and (b) in DocumentTeleplanReportUploadServlet, ensure the configured DOCUMENT_DIR is validated before being used. The core behavior (accepting uploads into DOCUMENT_DIR under the submitted filename) remains unchanged from the caller’s perspective, but we add strong guards around the directory configuration and the final path.

Concretely:

In PathValidationUtils.validatePath(...):

Before building the File path, verify that allowedDir is non‑null, exists, and is a directory; otherwise throw SecurityException.

After constructing File path = new File(allowedDir, safeName);, call the already‑present containment logic (validateWithinDirectory(path, allowedDir)) to enforce that the canonical path lies within allowedDir. Although we don’t see validateWithinDirectory in the snippet, it is referenced and presumably uses isWithinDirectory(...). If it doesn’t currently do so, we adjust it in the shown region to call isWithinDirectory and throw a SecurityException upon failure.

This ensures that even if CodeQL does not model sanitizeFileName, the final sink is protected by a strong containment check.

In DocumentTeleplanReportUploadServlet.service(...):

After File documentDir = new File(foldername);, validate that documentDir exists and is a directory. If not, log an error and abort the request (for example, by returning before processing parts). This prevents misconfiguration (such as DOCUMENT_DIR pointing to / or to a non‑directory) from silently causing files to be stored in undesired places or causing errors.

These changes require no new external dependencies; they only use File checks and the existing helper methods.

src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

-            upload.setFileSizeMax(52428800); // 50 MB per file
-            upload.setSizeMax(52428800);     // 50 MB total request size
+                        try (InputStream in = part.getInputStream()) {
+                            Files.copy(in, savedFile.toPath());


General approach: ensure that any file path derived from user input is fully validated immediately before use, ideally by a function that (a) canonicalizes the path, (b) guarantees it is within a trusted directory, and (c) rejects anything invalid by throwing. We already have PathValidationUtils.validatePath for construction and validateExistingPath / isWithinDirectory logic for containment checks.

Best concrete fix here: after constructing savedFile with validatePath(submittedFilename, documentDir), perform a second explicit validation before calling Files.copy, using validateExistingPath(savedFile, documentDir). Even though validatePath already uses validateWithinDirectory, the extra check right before the sink (1) makes the taint chain more obviously broken to CodeQL and (2) defends against any future refactorings of validatePath. The write then targets the revalidated File, not an unchecked path.

Changes needed:

File: src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

In the upload loop (the else branch where Part objects are handled), directly before the try (InputStream in = part.getInputStream()) { ... } block, insert a call to PathValidationUtils.validateExistingPath(savedFile, documentDir); and assign its result to a new local (e.g. validatedSavedFile).

Use validatedSavedFile.toPath() instead of savedFile.toPath() in the Files.copy call.

Optionally, also use validatedSavedFile when copying to the inbox directory to keep all subsequent usage tied to a validated instance (even though the path is the same, this is clearer and slightly more robust).

No new imports are needed: PathValidationUtils is already imported, and the new code only calls an existing method in that class.

src/main/java/io/github/carlos_emr/DocumentMgtUploadServlet.java


-                    item.write(savedFile);
+                try (InputStream in = part.getInputStream()) {
+                    Files.copy(in, savedFile.toPath());


In general, to fix uncontrolled path usage for uploaded filenames, you should (1) treat the original filename as untrusted, (2) reduce it to a single safe name component (no directories), (3) enforce an explicit policy on allowed characters and length, and (4) ensure the final resolved path stays within a configured base directory using canonical-path checks. Any violation should cause the upload to be rejected before performing file I/O.

In this codebase, the best minimal fix is to harden PathValidationUtils so that it becomes a clear, strong sanitizer that CodeQL (and reviewers) can treat as a trust boundary. Concretely:

Keep using FilenameUtils.getName to strip directories.

Extend sanitizeFileName to (a) reject any filename containing path separators or ".." just in case (even after getName), and (b) enforce a conservative allow‑list regex (for example, letters, digits, spaces, dots, underscores, dashes, limited length).

Ensure that validatePath cannot silently succeed with an invalid directory: if allowedDir is null or not a directory, throw a SecurityException.

Ensure that validateWithinDirectory always throws via validateWithinDirectory(path, allowedDir) when the file is outside the allowed directory, and that isWithinDirectory handles I/O errors by failing closed.

The servlet DocumentMgtUploadServlet already calls PathValidationUtils.validatePath(timestampedName, documentDir) and catches SecurityException, so we do not need to change its behavior: we simply make validatePath stricter. All changes are confined to PathValidationUtils.java (in the code we’ve been shown), specifically around validatePath, sanitizeFileName, and isWithinDirectory. No new external libraries are required beyond the existing Apache Commons IO.

gemini-code-assist · 2026-03-15T23:29:05Z

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request represents a significant architectural overhaul, moving the CARLOS EMR system to the Jakarta EE 10 ecosystem. The primary goal was to modernize the application's underlying frameworks and APIs, ensuring compatibility with the latest Java enterprise standards. This extensive migration involved updating numerous third-party libraries, refactoring code to adopt the new jakarta.* namespace, and introducing tools to facilitate the transition of reporting templates. The changes lay the groundwork for future enhancements and maintain the application's long-term viability and security.

Highlights

Jakarta EE 10 Migration: The entire codebase has been migrated from the javax.* namespace to the jakarta.* namespace, aligning with Jakarta EE 10 standards. This involved updating numerous core frameworks and APIs.
Major Dependency Upgrades: Key dependencies such as Spring Framework (5.3.39 to 6.2.17), Hibernate ORM (5.6.15 to 6.6.40.Final), Apache Struts (6.8.0 to 7.1.1), Apache CXF (3.6.9 to 4.1.5), and JasperReports (6.21.5 to 7.0.3) have been upgraded to Jakarta EE 10 compatible versions.
Servlet and JSP API Updates: The Servlet API has been updated from 4.0.1 to 6.0.0 and the JSP API from 2.3.3 to 3.1.0, along with corresponding JSTL updates, to support the new Jakarta EE environment.
Drools Rule Engine Upgrade: The Drools rule engine has been upgraded from version 7.74.1.Final to 10.0.0, transitioning from KieHelper to the standard KIE API for DRL compilation and replacing individual dependencies with the drools-engine aggregator.
Automated JRXML Conversion Script: A new Python script (scripts/convert_jrxml_v6_to_v7.py) has been added to automate the conversion of JasperReports JRXML files from version 6.x to 7.x format, addressing breaking changes in XML serialization.
Multipart Content Handling Update: The DocumentMgtUploadServlet and DocumentUploadServlet now use the Jakarta Servlet Part API for multipart content processing, replacing the deprecated Apache Commons FileUpload library and enhancing security with PathValidationUtils.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

.devcontainer/development/Dockerfile
- Updated the base Tomcat image from 9.0.97-jdk21-temurin to 10.1-jdk21-temurin to align with Jakarta EE 10.
.github/copilot-instructions.md
- Updated the listed technology stack to reflect new versions of Spring, Struts, Hibernate, Tomcat, FHIR, Drools, and CSRFGuard.
- Revised Struts compatibility notes to reflect the migration from com.opensymphony.xwork2.* to org.apache.struts2.* packages.
- Updated Drools version and API usage details.
- Updated FHIR HAPI version.
- Updated CSRFGuard version.
.plan
- Added a new document outlining the detailed plan for JasperReports Jakarta EE Migration, including breaking changes, implementation steps, and risk assessment.
CLAUDE.md
- Updated the core context stack details to reflect new versions of Spring, Struts, Hibernate, and Tomcat.
- Revised Struts notes to indicate the migration of com.opensymphony.xwork2.* packages to org.apache.struts2.*.
- Updated FHIR HAPI version from 5.4.0 to 6.10.5.
- Updated Drools version from 7.74.1.Final to 10.0.0 and revised details on KIE API usage and MVEL compatibility.
docs/README.md
- Updated the listed technology stack to reflect new versions of Spring, Struts, Hibernate, and Tomcat.
docs/drools-decision-support-system.md
- Updated the overview to reflect Drools version 10.0.0 and its use of the executable model.
- Revised API usage descriptions for DroolsHelper to reflect the transition from KieHelper to standard KIE API.
- Updated migration notes to include the upgrade from Drools 7.74.1 to 10.0.0, detailing key changes like replacing KieHelper and using drools-engine aggregator.
- Removed the MVEL compatibility fix section as it's no longer needed with Drools 10.
plan.md
- Added a new document outlining a future plan to migrate CARLOS EMR to Tomcat 11 and Spring 7, detailing current and target states for various components, prerequisites, migration steps, and risk assessment.
pom.xml
- Upgraded Apache CXF from 3.6.9 to 4.1.5.
- Upgraded Drools from 7.74.1.Final to 10.0.0, replacing individual dependencies with drools-engine and removing the mvel2 override.
- Updated Spring Framework BOM from 5.3.39 to 6.2.17.
- Updated JAXB API from javax.xml.bind to jakarta.xml.bind (2.3.1 to 4.0.2) and JAXB runtime from 2.3.9 to 4.0.5.
- Upgraded Hibernate core from org.hibernate:hibernate-core:5.6.15.Final to org.hibernate.orm:hibernate-core:6.6.40.Final and Jakarta Persistence API from 2.2.3 to 3.1.0.
- Upgraded JavaMelody from 1.99.4 to 2.6.0.
- Upgraded Commons IO from 2.18.0 to 2.22.0 and removed commons-fileupload dependency.
- Upgraded Jakarta Servlet API from 4.0.1 to 6.0.0.
- Upgraded Spring core, tx, orm, webmvc, web, aspects, test, and context-support dependencies from 5.3.39 to 6.2.17.
- Upgraded Glassfish JSTL from javax.servlet.jsp.jstl:1.2.5 to jakarta.servlet.jsp.jstl:3.0.1.
- Upgraded JasperReports from 6.21.5 to 7.0.3 and added jasperreports-pdf, jasperreports-jdt, and jasperreports-excel-poi dependencies.
- Updated Jackson JAXB annotations from jackson-module-jaxb-annotations to jackson-module-jakarta-xmlbind-annotations.
- Upgraded email library from com.sun.mail:jakarta.mail to org.eclipse.angus:angus-mail:2.0.3.
- Upgraded DisplayTag from 2.9.0 to 3.7.0.
- Upgraded Jsoup from 1.17.2 to 1.22.1.
- Upgraded Bouncycastle from 1.79 to 1.83.
- Upgraded SAAJ implementation from 1.5.3 to 3.0.4.
- Upgraded JAXWS-RI from 2.3.7 to 4.0.3.
- Upgraded Jakarta Annotation API from 1.3.2 to 2.1.1.
- Upgraded Jakarta Inject API from 1 to 2.0.1.
- Upgraded Jakarta JSP API from 2.3.3 to 3.1.0.
- Upgraded Apache Struts from 6.8.0 to 7.1.1.
- Upgraded OWASP CSRFGuard to 4.5.0-jakarta versions for all related artifacts.
scripts/convert_jrxml_v6_to_v7.py
- Added a new Python script to convert JasperReports JRXML files from version 6.x to 7.x format, handling namespace stripping, element tag conversions, attribute flattening, and renaming.
src/main/java/ca/ontario/health/ebs/EbsFault.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/EbsHeader.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/ObjectFactory.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/idp/IdpHeader.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/idp/ObjectFactory.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/idp/package-info.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/msa/MsaHeader.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/msa/ObjectFactory.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/msa/package-info.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/ebs/package-info.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/CommonResult.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/CsnData.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/Delete.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/DeleteResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/Detail.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/DetailData.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/Download.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/DownloadData.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/DownloadResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/DownloadResult.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/EDTDelegate.java
- Updated JAX-WS and JAXB annotation imports from javax.* to jakarta.*.
src/main/java/ca/ontario/health/edt/EDTService.java
- Updated JAX-WS imports from javax.xml.ws.* to jakarta.xml.ws.* and updated JAX-WS Service reference in Javadoc.
src/main/java/ca/ontario/health/edt/Faultexception.java
- Updated JAX-WS WebFault import from javax.xml.ws.WebFault to jakarta.xml.ws.WebFault.
src/main/java/ca/ontario/health/edt/GetTypeList.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/GetTypeListResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/Info.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/InfoResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/List.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/ListResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/ObjectFactory.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.* and updated JAXB XmlRegistry reference in Javadoc.
src/main/java/ca/ontario/health/edt/ResourceAccess.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/ResourceResult.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/ResourceStatus.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/ResponseResult.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/Submit.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/SubmitResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/TypeListData.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/TypeListResult.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/Update.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/UpdateRequest.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/UpdateResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/Upload.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/UploadData.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/UploadResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/edt/package-info.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/Faultexception.java
- Updated JAX-WS WebFault import from javax.xml.ws.WebFault to jakarta.xml.ws.WebFault.
src/main/java/ca/ontario/health/hcv/FeeServiceDetails.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/HCValidation.java
- Updated JAX-WS and JAXB annotation imports from javax.* to jakarta.*.
src/main/java/ca/ontario/health/hcv/HCValidationImpl.java
- Updated JAX-WS WebService import from javax.jws.WebService to jakarta.jws.WebService.
src/main/java/ca/ontario/health/hcv/HCValidationService.java
- Updated JAX-WS imports from javax.xml.ws.* to jakarta.xml.ws.*.
src/main/java/ca/ontario/health/hcv/HcvRequest.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/HcvResults.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/ObjectFactory.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/Person.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/Requests.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/ResponseID.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/Validate.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/ValidateResponse.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/ca/ontario/health/hcv/package-info.java
- Updated JAXB annotation imports from javax.xml.bind.annotation.* to jakarta.xml.bind.annotation.*.
src/main/java/io/github/carlos_emr/AppointmentMainBean.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/Dict.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/DocumentMgtUploadServlet.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Removed Apache Commons FileUpload dependencies and replaced file upload logic with Jakarta Servlet Part API.
- Added PathValidationUtils for enhanced security in file uploads.
src/main/java/io/github/carlos_emr/DocumentUploadServlet.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Replaced Apache Commons FileUpload dependencies with Jakarta Servlet Part API for multipart processing.
- Updated Javadoc to reflect the use of Jakarta Servlet Part API and PathValidationUtils for security.
src/main/java/io/github/carlos_emr/SxmlMisc.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/PMmodule/common/CaseManagementLinkTag.java
- Updated JSP and Servlet imports from javax.* to jakarta.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/common/OscarDemographicLinkTag.java
- Updated JSP and Servlet imports from javax.* to jakarta.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/common/OscarTag.java
- Updated JSP and Servlet imports from javax.* to jakarta.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaSelectionOptionDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaTypeDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/CriteriaTypeOptionDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/FormsDAOImpl.java
- Updated Persistence Criteria imports from javax.persistence.criteria.* to jakarta.persistence.criteria.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramAccessDAOImpl.java
- Updated Persistence TypedQuery import from javax.persistence.TypedQuery to jakarta.persistence.TypedQuery.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramDaoImpl.java
- Updated Persistence TypedQuery and Criteria imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/VacancyClientMatchDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/VacancyDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/VacancyTemplateDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/PMmodule/dao/WaitlistDaoImpl.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/Criteria.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/CriteriaSelectionOption.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/CriteriaType.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/CriteriaTypeOption.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/Program.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramAccess.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/Vacancy.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/VacancyClientMatch.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/VacancyTemplate.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/utility/Utility.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/AllWaitingList2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ClientManager2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ClientSearchAction22Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/Home2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/PMMFilter.java
- Updated Servlet Filter imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ProgramUtils.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ProviderInfo2Action.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/ProviderSearch2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/VacancyClientMatch2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/AdminHome2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/AgencyManager2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/DefaultRoleAccess2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/FacilityManager2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/ProgramManager2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/ProgramManagerView2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/admin/StaffManager2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/reports/ActivityReport2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/reports/BasicReport2Action.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/reports/ClientListsReport2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/PMmodule/web/utils/UserRoleUtils.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/admin/lookUpLists/LookupListManager2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/admin/reports/SaveOnCallClinic2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/admin/traceability/GenerateTrace2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/admin/traceability/GenerateTraceabilityReport2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/admin/traceability/GenerateTraceabilityUtil.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceDataConsumer.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceDataProcessor.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceabilityReportConsumer.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/admin/traceability/TraceabilityReportProcessor.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/admin/web/AuditLogPurge2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java
- Updated Servlet Filter imports from javax.servlet.* to jakarta.servlet.*.
- Replaced ServletFileUpload.isMultipartContent() with a custom isMultipartContent() method to remove the commons-fileupload dependency.
src/main/java/io/github/carlos_emr/carlos/app/CsrfGuardScriptInjectionFilter.java
- Updated Servlet Filter imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/app/LogoutBroadcastFilter.java
- Updated Servlet Filter imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/app/MultiReadHttpServletRequest.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/app/XforwardHeaderFilter.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/appointment/search/Provider.java
- Updated Persistence Transient import from javax.persistence.Transient to jakarta.persistence.Transient.
src/main/java/io/github/carlos_emr/carlos/appt/AppointmentMailer.java
- Updated Mail imports from javax.mail.internet.* to jakarta.mail.internet.*.
src/main/java/io/github/carlos_emr/carlos/appt/ApptUtil.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/appt/status/web/AppointmentStatus2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/appt/tld/NextApptTag.java
- Updated JSP imports from javax.servlet.jsp.* to jakarta.servlet.jsp.*.
src/main/java/io/github/carlos_emr/carlos/appt/web/AppointmentType2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillRecipientsDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillingHistoryDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillingNoteDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/BillingStatusTypesDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/CtlServiceCodesDxCodesDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7LinkDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7MessageDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7MshDao.java
- Updated Persistence Query imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7ObrDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7ObxDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7OrcDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/Hl7PidDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanAdjCodesDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanC12Dao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanRefusalCodeDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS00Dao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS21Dao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS22Dao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS23Dao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/TeleplanS25Dao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/WcbDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/dao/WcbNoiCodeDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillRecipients.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingHistory.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingNotes.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingPrivateTransactions.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingStatusTypes.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/BillingTrayFee.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/CtlServiceCodesDxCodes.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Link.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Message.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Msh.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Obr.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Obx.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Orc.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Hl7Pid.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/LogTeleplanTx.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanAdjCodes.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanC12.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanRefusalCode.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanResponseLog.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS00.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS21.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS22.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS23.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanS25.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/TeleplanSubmissionLink.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/Wcb.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/WcbBpCode.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/model/WcbNoiCode.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONDiskNameDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONFavouriteDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONFilenameDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingONHeaderDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/dao/BillingPercLimitDao.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/Billing3rdPartyAddress.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONDiskName.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONFavourite.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONFilename.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONHeader.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingONProc.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/model/BillingPercLimit.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/util/DisplayInvoiceLogo2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Activation and Servlet HTTP imports from javax.* to jakarta.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/BatchBill2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/BillingONPayments2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/ManageCSS2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/ON/web/MoveMOHFiles2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/BillActivityDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/BillingDetailDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/BillingInrDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/GstControlDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/dao/WcbBpCodeDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/BillActivity.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/BillingDetail.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/BillingInr.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billing/CA/model/GstControl.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billings/MSP/DocumentTeleplanReportUploadServlet.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/CreateBillingReport2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/DocumentTeleplanReportUploadServlet.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Replaced Apache Commons FileUpload dependencies with Jakarta Servlet Part API for multipart processing.
- Added PathValidationUtils for enhanced security in file uploads.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/GenTa2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/administration/TeleplanCorrectionActionWCB2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/BillingPreference.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/BillingPreferencesDAO.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/BillingmasterDAO.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/PrivateBillTransactionsDAO.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/data/SupServiceCodeAssocDAO.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/AddReferralDoc2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/AssociateCodes2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/Billing2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingAddCode2Action.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingCreateBilling2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingEditCode2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingReProcessBill2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingSaveBilling2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingUpdateBilling2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/BillingView2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/DeleteServiceCodeAssoc2Action.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/EditServiceCodeAssoc2Action.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/GenerateTeleplanFile2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ManageTeleplan2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ReceivePayment2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SaveAssoc2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SaveBillingPreferences2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ShowServiceCodeAssocs2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SimulateTeleplanFile2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/SupServiceCodeAssoc2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ViewBillingPreferences2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ViewReceivePayment2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/ViewWCB2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/pageUtil/WCBAction22Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/privateBilling/PrivateBillingController.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/quickbilling/QuickBillingBC2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/quickbilling/QuickBillingBCSave2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/OHIP/ScheduleOfBenefitsUpdate2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/OHIP/ScheduleOfBenefitsUpload2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingCorrection2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingCorrectionPrep.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingDocumentErrorReportUpload2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingReviewPrep.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingSavePrep.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/BillingSpecPrep.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/PatientEndYearStatement2Action.java
- Updated Servlet imports from javax.servlet.* to jakarta.servlet.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/pageUtil/PaymentType2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_report.jrxml
- Converted JasperReports JRXML file from version 6.x to 7.x format, updating XML structure and element attributes.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml
- Converted JasperReports JRXML file from version 6.x to 7.x format, updating XML structure and element attributes.
src/main/java/io/github/carlos_emr/carlos/caisi/IsModuleLoadTag.java
- Updated JSP TagSupport import from javax.servlet.jsp.tagext.TagSupport to jakarta.servlet.jsp.tagext.TagSupport.
src/main/java/io/github/carlos_emr/carlos/casemgmt/common/BasicTag.java
- Updated JSP TagSupport import from javax.servlet.jsp.tagext.TagSupport to jakarta.servlet.jsp.tagext.TagSupport.
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAO.java
- Updated Persistence Exception import from javax.persistence.PersistenceException to jakarta.persistence.PersistenceException.
src/main/java/io/github/carlos_emr/carlos/casemgmt/model/ProviderExt.java
- Updated Persistence imports from javax.persistence.* to jakarta.persistence.*.
src/main/java/io/github/carlos_emr/carlos/casemgmt/print/OscarChartPrinter.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/casemgmt/service/CaseManagementPrint.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/casemgmt/service/CaseManagementPrintPdf.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/casemgmt/service/MeasurementPrint.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/casemgmt/util/ExtPrint.java
- Updated Servlet HTTP request import from javax.servlet.http.HttpServletRequest to jakarta.servlet.http.HttpServletRequest.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/ArchiveView2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/CaseManagementEntry2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/CaseManagementView2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/ClientImage2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/EChartPrint2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/ExtPrintRegistry2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/OnCallQuestionnaire2Action.java
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/RegisterCppCode2Action.java
- Updated Servlet HTTP imports from javax.servlet.http.* to jakarta.servlet.http.*.
- Updated Struts ActionSupport import from com.opensymphony.xwork2.ActionSupport to org.apache.struts2.ActionSupport.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AbstractDao.java
- Updated Annotation Nonnull import from javax.annotation.Nonnull to jakarta.annotation.Nonnull.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AbstractDaoImpl.java
- Updated Annotation Nonnull and Persistence imports from javax.* to jakarta.*.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AdmissionDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AllergyDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AppDefinitionDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AppUserDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AppointmentArchiveDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AppointmentSearchDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AppointmentStatusDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/AppointmentTypeDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/BatchBillingDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/BillCenterDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/Billing3rdPartyAddressDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/BillingBCDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/BillingCdmServiceCodesDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/BillingDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/BillingONCHeader1DaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.
src/main/java/io/github/carlos_emr/carlos/commn/dao/BillingONEAReportDaoImpl.java
- Updated Persistence Query import from javax.persistence.Query to jakarta.persistence.Query.

Activity

No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

chatgpt-codex-connector

💡 Codex Review

carlos/src/main/java/io/github/carlos_emr/carlos/utility/SpringHibernateLocalSessionFactoryBean.java

Line 60 in 40698da

public static Session trackSession(Session session) {

Re-enable session tracking before request cleanup

This class still exposes trackSession()/releaseThreadSessions(), but after the migration the SessionFactory wrapper that called trackSession() was removed, leaving trackSession() with no call sites while DbConnectionFilter still invokes request-end cleanup. That effectively disables the leak-safety mechanism and means lingering sessions opened during request processing are no longer auto-closed by this path.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-03-15T23:31:27Z

src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

-            upload.setFileSizeMax(52428800); // 50 MB per file
-            upload.setSizeMax(52428800);     // 50 MB total request size
+                        try (InputStream in = part.getInputStream()) {
+                            Files.copy(in, savedFile.toPath());


Handle duplicate filenames when copying uploaded parts

Files.copy(in, savedFile.toPath()) throws FileAlreadyExistsException when a user uploads a file whose name already exists in the destination directory; this code catches IOException and continues, so the upload is silently skipped while the request still forwards normally. This breaks re-upload/update workflows for recurring filenames unless overwrite or explicit conflict handling is added.

Useful? React with 👍 / 👎.

gemini-code-assist

Code Review

This pull request performs a significant upgrade of the application's Java ecosystem to Jakarta EE 10 compatibility, including updating Tomcat to 10.1, Spring Framework to 6.2.17, Struts to 7.1.1, Hibernate to 6.6.40, Drools to 10.0.0, and JasperReports to 7.0.3. This involved migrating numerous javax.* imports to their jakarta.* equivalents across many Java files and updating various dependencies in pom.xml. The file upload servlets (DocumentMgtUploadServlet.java and DocumentUploadServlet.java) were modernized to use the standard Jakarta Servlet Part API, replacing the deprecated Apache Commons FileUpload library. Review comments highlight a security vulnerability in DocumentMgtUploadServlet.java due to missing file size limits for uploads, suggesting the addition of @MultipartConfig annotation. Additionally, a structural improvement opportunity was identified for end_year_statement_report.jrxml and its subreport, recommending moving these resource files from src/main/java to src/main/resources to adhere to Maven standards and improve build/packaging. A performance concern was also raised for the JasperReports subreport, which currently points to the .jrxml source file, leading to runtime compilation overhead; pre-compiling it to a .jasper file is recommended for better performance.

gemini-code-assist · 2026-03-15T23:32:57Z

src/main/java/io/github/carlos_emr/DocumentMgtUploadServlet.java

     * @throws IOException if an I/O error occurs
     * @throws ServletException if a servlet error occurs
     */
    public void service(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {


The update to use the standard Servlet Part API is a great modernization. However, the servlet does not enforce any file size limits for uploads. This could leave the application vulnerable to Denial of Service (DoS) attacks via large file uploads.

Consider adding the @MultipartConfig annotation to the servlet to enforce reasonable size limits.

Example:

import jakarta.servlet.annotation.MultipartConfig; @MultipartConfig( maxFileSize = 1024 * 1024 * 10, // 10 MB maxRequestSize = 1024 * 1024 * 10 // 10 MB ) public class DocumentMgtUploadServlet extends HttpServlet { /* ... */ }

This would enhance the security of the file upload functionality.

gemini-code-assist · 2026-03-15T23:32:57Z

...main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_report.jrxml

@@ -1,513 +1,245 @@
 <?xml version="1.0" encoding="UTF-8"?>


This JasperReports template file (.jrxml) and its associated subreport are located in the src/main/java source directory. According to Maven standard directory layout, resource files like this should be placed in src/main/resources. The .plan file for the JasperReports migration also indicates that .jasper files were previously in src/main/resources.

Keeping resources in the Java source tree can lead to build and packaging issues. Please consider moving these .jrxml files to src/main/resources/io/github/carlos_emr/carlos/billings/ca/on/reports/.

gemini-code-assist · 2026-03-15T23:32:57Z

...main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_report.jrxml

+					<expression><![CDATA[$F{id}]]></expression>
+				</parameter>
+				<connectionExpression><![CDATA[$P{REPORT_CONNECTION}]]></connectionExpression>
+				<expression><![CDATA[$P{SUBREPORT_DIR} + "end_year_statement_subreport.jrxml"]]></expression>


The subreport expression now points to the .jrxml source file instead of a pre-compiled .jasper file. This means the subreport will be compiled at runtime every time the main report is generated, which can negatively impact performance.

The plan.md file for JasperReports migration, also added in this PR, recommends build-time pre-compilation to avoid this runtime overhead. To improve performance, please consider pre-compiling the subreport to a .jasper file and referencing that here instead.

<expression><![CDATA[$P{SUBREPORT_DIR} + "end_year_statement_subreport.jasper"]]></expression>

Migrate CARLOS EMR from Spring 6.2/Hibernate 6.6/Tomcat 10.1 to Spring 7.0.6/Hibernate 7.2.6/Tomcat 11.0 (Jakarta EE 11 baseline). pom.xml version bumps: - Spring Framework: 6.2.17 → 7.0.6 - Spring Security: 6.3.9 → 7.0.3 - Hibernate ORM: 6.6.40.Final → 7.2.6.Final - JUnit Jupiter: 5.10.1 → 6.0.3 - Servlet API: 6.0.0 → 6.1.0 - JSP API: 3.1.0 → 4.0.0 - JPA API: 3.1.0 → 3.2.0 - Annotation API: 2.1.1 → 3.0.0 - Commons Logging: 1.2 → 1.3.5 - Removed JUnit 4 dependency entirely Spring 7 breaking changes addressed: - org.springframework.orm.hibernate5 → org.springframework.orm.jpa.hibernate (LocalSessionFactoryBean relocated in Spring 7) - HibernateTemplate removed from Spring 7; created test-only replacement at test.base.HibernateTemplate wrapping SessionFactory.getCurrentSession() Hibernate 7 Session API migration (27 DAO files, 65+ call sites): - Session.save() → Session.persist() - Session.update() → Session.merge() - Session.saveOrUpdate() → Session.merge() - Session.delete() → Session.remove() - Fixed persist() void return in CaseManagementNoteDAOImpl Dockerfile: Tomcat 10.1 → 11.0 (Servlet 6.1 support) Test infrastructure: Updated 12 integration tests and 6 XML configs to use relocated Spring packages and new HibernateTemplate. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

…bernate 7 Session.createSQLQuery() was removed in Hibernate 6. Migrate the 2 calls in ProviderDaoIntegrationTest to createNativeQuery() to prevent compile errors. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Copilot

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

# Conflicts: # src/main/webapp/library/bootstrap/3.0.0/data-tables.jsp # src/main/webapp/oscarReport/demographicSetEdit.jsp # src/test-modern/java/io/github/carlos_emr/carlos/PMmodule/dao/DefaultRoleAccessDAOIntegrationTest.java # src/test-modern/java/io/github/carlos_emr/carlos/PMmodule/dao/FormsDAOIntegrationTest.java # src/test-modern/java/io/github/carlos_emr/carlos/PMmodule/dao/ProgramProviderDAOIntegrationTest.java # src/test-modern/java/io/github/carlos_emr/carlos/PMmodule/dao/SecUserRoleDaoIntegrationTest.java # src/test-modern/java/io/github/carlos_emr/carlos/commn/dao/utils/EntityDataGenerator.java # src/test-modern/resources/META-INF/persistence.xml # src/test/java/io/github/carlos_emr/carlos/commn/dao/ProviderInboxRoutingDaoTest.java # src/test/java/io/github/carlos_emr/carlos/utility/TestClass.java

github-actions · 2026-03-16T01:22:18Z

Dependency Review

The following issues were found:

❌ 1 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 24 package(s) with unknown licenses.
⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 7847192.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Vulnerabilities

pom.xml

Name	Version	Vulnerability	Severity
net.sf.jasperreports:jasperreports	7.0.3	JasperReports has a Java deserialisation vulnerability	high

License Issues

pom.xml

Package	Version	License	Issue Type
com.github.hazendaz:displaytag	3.7.0	Null	Unknown License
com.sun.xml.ws:jaxws-ri	4.0.3	Null	Unknown License
jakarta.transaction:jakarta.transaction-api		Null	Unknown License
jakarta.xml.bind:jakarta.xml.bind-api		Null	Unknown License
net.sf.jasperreports:jasperreports-excel-poi	7.0.3	Null	Unknown License
org.apache.cxf:apache-cxf	4.1.5	Null	Unknown License
org.apache.cxf:cxf-core	4.1.5	Null	Unknown License
org.apache.cxf:cxf-rt-frontend-jaxws	4.1.5	Null	Unknown License
org.apache.cxf:cxf-rt-rs-client	4.1.5	Null	Unknown License
org.apache.cxf:cxf-rt-transports-http	4.1.5	Null	Unknown License
org.hibernate.orm:hibernate-core	7.2.6	Null	Unknown License
org.hibernate.orm:hibernate-core		Null	Unknown License
org.owasp.encoder:encoder-jakarta-jsp	1.4.0	Null	Unknown License
org.owasp:csrfguard-extension-session	4.5.0-jakarta	Null	Unknown License
org.springframework.security:spring-security-crypto	7.0.3	Null	Unknown License
org.springframework:spring-aop	7.0.6	Null	Unknown License
org.springframework:spring-aspects	7.0.6	Null	Unknown License
org.springframework:spring-context-support	7.0.6	Null	Unknown License
org.springframework:spring-core	7.0.6	Null	Unknown License
org.springframework:spring-framework-bom	7.0.6	Null	Unknown License
org.springframework:spring-orm	7.0.6	Null	Unknown License
org.springframework:spring-test	7.0.6	Null	Unknown License
org.springframework:spring-tx	7.0.6	Null	Unknown License
org.springframework:spring-web	7.0.6	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

maven/net.sf.jasperreports:jasperreports

7.0.3

Unknown

maven/com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider

2.19.2

Unknown

maven/com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations

2.19.2

Unknown

maven/com.github.hazendaz:displaytag

3.7.0

🟢 6.1

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/6 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits

maven/com.sun.xml.messaging.saaj:saaj-impl

3.0.4

🟢 5.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 3/11 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	🟢 7	SAST tool detected but not run on all commits

maven/com.sun.xml.ws:jaxws-ri

4.0.3

🟢 5.3

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 1/7 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

maven/commons-io:commons-io

2.21.0

Unknown

maven/commons-logging:commons-logging

1.3.5

Unknown

maven/jakarta.annotation:jakarta.annotation-api

3.0.0

Unknown

maven/jakarta.inject:jakarta.inject-api

2.0.1

🟢 3.1

Details

Check	Score	Reason
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 4/22 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/jakarta.persistence:jakarta.persistence-api

3.2.0

Unknown

maven/jakarta.servlet.jsp:jakarta.servlet.jsp-api

4.0.0

🟢 3.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Code-Review	⚠️ 0	Found 0/4 approved changesets -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/jakarta.servlet:jakarta.servlet-api

6.1.0

🟢 5.5

Details

Check	Score	Reason
Maintained	🟢 10	24 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 5	Found 3/6 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/jakarta.transaction:jakarta.transaction-api

2.0.1

🟢 5.8

Details

Check	Score	Reason
Pinned-Dependencies	⚠️ -1	no dependencies found
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	🟢 3	1 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 3
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/jakarta.transaction:jakarta.transaction-api

Unknown

maven/jakarta.xml.bind:jakarta.xml.bind-api

4.0.2

Unknown

maven/jakarta.xml.bind:jakarta.xml.bind-api

Unknown

maven/net.bull.javamelody:javamelody-core

2.6.0

⚠️ 2.8

Details

Check	Score	Reason
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	14 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 8	binaries present in source code
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/net.sf.jasperreports:jasperreports-excel-poi

7.0.3

Unknown

maven/net.sf.jasperreports:jasperreports-jdt

7.0.3

Unknown

maven/net.sf.jasperreports:jasperreports-pdf

7.0.3

Unknown

maven/org.apache.cxf:apache-cxf

4.1.5

Unknown

maven/org.apache.cxf:cxf-core

4.1.5

Unknown

maven/org.apache.cxf:cxf-rt-frontend-jaxws

4.1.5

Unknown

maven/org.apache.cxf:cxf-rt-rs-client

4.1.5

Unknown

maven/org.apache.cxf:cxf-rt-transports-http

4.1.5

Unknown

maven/org.apache.struts:struts2-core

7.1.1

🟢 8.6

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 3/11 approved changesets -- score normalized to 2
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool	🟢 10	update tool detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	🟢 5	badge detected: Passing
Signed-Releases	⚠️ -1	no releases found
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 10	SAST tool detected
CI-Tests	🟢 10	28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 19 contributing companies or organizations
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.apache.struts:struts2-spring-plugin

7.1.1

🟢 8.6

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 3/11 approved changesets -- score normalized to 2
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool	🟢 10	update tool detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	🟢 5	badge detected: Passing
Signed-Releases	⚠️ -1	no releases found
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 10	SAST tool detected
CI-Tests	🟢 10	28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 19 contributing companies or organizations
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.bouncycastle:bcpkix-jdk18on

1.83

🟢 6.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
SAST	🟢 10	SAST tool detected: CodeQL
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed

maven/org.drools:drools-engine

10.0.0

Unknown

maven/org.eclipse.angus:angus-mail

2.0.3

Unknown

maven/org.glassfish.jaxb:jaxb-core

4.0.5

🟢 6.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 10/19 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
SAST	🟢 9	SAST tool detected but not run on all commits

maven/org.glassfish.jaxb:jaxb-runtime

4.0.5

🟢 6.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 10/19 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
SAST	🟢 9	SAST tool detected but not run on all commits

maven/org.glassfish.web:jakarta.servlet.jsp.jstl

3.0.1

🟢 4.2

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 8	binaries present in source code
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.hibernate.orm:hibernate-core

7.2.6

Unknown

maven/org.hibernate.orm:hibernate-core

Unknown

maven/org.jsoup:jsoup

1.22.1

🟢 6.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/17 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits

maven/org.junit.jupiter:junit-jupiter

6.0.3

🟢 8.6

Details

Check	Score	Reason
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 3	Found 5/14 approved changesets -- score normalized to 3
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	🟢 5	badge detected: Passing
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
CI-Tests	🟢 10	23 out of 23 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 61 contributing companies or organizations

maven/org.junit.jupiter:junit-jupiter-params

6.0.3

🟢 8.6

Details

Check	Score	Reason
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 3	Found 5/14 approved changesets -- score normalized to 3
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	🟢 5	badge detected: Passing
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
CI-Tests	🟢 10	23 out of 23 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 61 contributing companies or organizations

maven/org.owasp.encoder:encoder-jakarta-jsp

1.4.0

🟢 6.3

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 0
Code-Review	🟢 6	GitHub code reviews found for 20 commits out of the last 30 -- score normalized to 6
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Token-Permissions	🟢 10	tokens are read-only in GitHub workflows
Packaging	⚠️ -1	no published package detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
Binary-Artifacts	🟢 10	no binaries found in the repo
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed

maven/org.owasp:csrfguard

4.5.0-jakarta

🟢 5.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 5	Found 1/2 approved changesets -- score normalized to 5
Maintained	🟢 10	11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	⚠️ 0	security policy file not detected
SAST	🟢 10	SAST tool detected

maven/org.owasp:csrfguard-extension-session

4.5.0-jakarta

Unknown

maven/org.owasp:csrfguard-jsp-tags

4.5.0-jakarta

🟢 5.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 5	Found 1/2 approved changesets -- score normalized to 5
Maintained	🟢 10	11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	⚠️ 0	security policy file not detected
SAST	🟢 10	SAST tool detected

maven/org.springframework.security:spring-security-crypto

7.0.3

🟢 6.9

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/24 approved changesets -- score normalized to 2
Maintained	🟢 10	30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
Fuzzing	🟢 10	project is fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
SAST	🟢 10	SAST tool is run on all commits

maven/org.springframework:spring-aop

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-aspects

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-context-support

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-core

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-framework-bom

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-orm

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-test

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-tx

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-web

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.springframework:spring-webmvc

7.0.6

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

pom.xml

socket-security · 2026-03-16T01:23:13Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	License
	maven/org.glassfish.web/jakarta.servlet.jsp.jstl@1.2.6 ⏵ 3.0.1	^-17
	maven/commons-io/commons-io@2.18.0 ⏵ 2.21.0	^-1			^-19
	maven/net.sf.jasperreports/jasperreports@6.21.5 ⏵ 7.0.3	^-26		^-10
	maven/org.hibernate.orm/hibernate-core@7.2.6.Final
	maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3 ⏵ 4.0.2				⁺³¹
	maven/org.glassfish.jaxb/jaxb-runtime@2.3.9 ⏵ 4.0.5
	maven/org.junit.jupiter/junit-jupiter-params@5.10.1 ⏵ 6.0.3
	maven/org.apache.cxf/cxf-core@3.6.9 ⏵ 4.1.5
	maven/org.apache.cxf/cxf-rt-frontend-jaxws@3.6.9 ⏵ 4.1.5				⁺²⁰
	maven/org.apache.cxf/cxf-rt-rs-client@3.6.9 ⏵ 4.1.5
	maven/com.github.hazendaz/displaytag@2.9.0 ⏵ 3.7.0
	maven/org.springframework/spring-test@5.3.39 ⏵ 7.0.6
	maven/org.springframework/spring-web@5.3.39 ⏵ 7.0.6		⁺⁷⁵
	maven/org.springframework/spring-context-support@5.3.39 ⏵ 7.0.6
	maven/org.springframework/spring-orm@5.3.39 ⏵ 7.0.6
	maven/org.springframework/spring-core@5.3.39 ⏵ 7.0.6		⁺¹⁶
	maven/org.springframework/spring-webmvc@5.3.39 ⏵ 7.0.6		⁺²⁴
	maven/org.springframework/spring-tx@5.3.39 ⏵ 7.0.6
	maven/org.springframework/spring-aop@5.3.39 ⏵ 7.0.6
	maven/commons-logging/commons-logging@1.2 ⏵ 1.3.5	^-9
	maven/org.apache.cxf/cxf-rt-transports-http@3.6.9 ⏵ 4.1.5
	maven/org.eclipse.angus/angus-mail@2.0.3
	maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3 ⏵ 3.0.4
	maven/org.owasp/csrfguard@4.5.0 ⏵ 4.5.0-jakarta	^-35		⁺¹²
	maven/org.apache.struts/struts2-core@6.8.0 ⏵ 7.1.1
	maven/org.bouncycastle/bcpkix-jdk18on@1.79 ⏵ 1.83	^-1
	maven/net.bull.javamelody/javamelody-core@1.99.4 ⏵ 2.6.0
	maven/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations@2.19.2
	maven/net.sf.jasperreports/jasperreports-excel-poi@7.0.3
	maven/org.apache.struts/struts2-spring-plugin@6.8.0 ⏵ 7.1.1
	maven/jakarta.servlet/jakarta.servlet-api@4.0.4 ⏵ 6.1.0
	maven/jakarta.servlet.jsp/jakarta.servlet.jsp-api@4.0.0
See 16 more rows in the dashboard

View full report

socket-security · 2026-03-16T01:23:15Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: maven `org.glassfish.web:jakarta.servlet.jsp.jstl` is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: pom.xml → `maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: maven `org.glassfish.web:jakarta.servlet.jsp.jstl` is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: pom.xml → `maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: maven `org.glassfish.web:jakarta.servlet.jsp.jstl` is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: pom.xml → `maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

Copilot

Pull request overview

Bulk migration of CARLOS EMR from javax.* to jakarta.* plus related framework upgrades/migrations (Struts 7, Hibernate 6) and a few targeted refactors (notably multipart upload handling and some DI annotations).

Changes:

Updated Java/JSP/JAXB/JAX-WS/JAX-RS imports to the Jakarta EE namespaces and moved Struts actions to org.apache.struts2.*.
Replaced a number of Hibernate Session CRUD calls (save, update, delete, saveOrUpdate) with persist, merge, and remove.
Refactored multipart upload servlets away from Apache Commons FileUpload toward the Jakarta Servlet Part API; devcontainer Tomcat image bumped.

Reviewed changes

Copilot reviewed 297 out of 2554 changed files in this pull request and generated 15 comments.

Show a summary per file

File	Description
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java	Changes persistence semantics (`save`→`persist`, `update`→`merge`) and alters `saveAndReturn` behavior.
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/IssueDAOImpl.java	Replaces `saveOrUpdate`/`delete` with `merge`/`remove`.
src/main/java/io/github/carlos_emr/DocumentUploadServlet.java	Migrates multipart upload handling to `Part` + `Files.copy` and path validation.
src/main/java/io/github/carlos_emr/carlos/billings/ca/bc/MSP/DocumentTeleplanReportUploadServlet.java	Migrates multipart upload handling to `Part` + `Files.copy` and path validation.
src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java	Removes commons-fileupload dependency; adds custom multipart detection.
src/main/java/io/github/carlos_emr/carlos/PMmodule/service/ClientManagerImpl.java	Replaces `@Required` with `@Autowired` on multiple setters, including a primitive boolean setter.
.devcontainer/development/Dockerfile	Updates devcontainer Tomcat base image (now Tomcat 11) and copy stage.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml	Refactors JasperReports jrxml structure.

You can also share your feedback on Copilot code review. Take the survey.

src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java

        }
-        return currentSession().save(note);
+        currentSession().persist(note);
+        return note;


src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/IssueDAOImpl.java

    @Override
    public void saveIssue(Issue issue) {
-        currentSession().saveOrUpdate(issue);
+        currentSession().merge(issue);


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                for (Part part : request.getParts()) {
+                    String submittedFilename = part.getSubmittedFileName();
+                    if (submittedFilename == null || submittedFilename.isEmpty()) {
+                        continue;
                    }


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                        try (InputStream in = part.getInputStream()) {
+                            Files.copy(in, savedFile.toPath());
+                        }


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

-            upload.setFileSizeMax(52428800); // 50 MB per file
-            upload.setSizeMax(52428800);     // 50 MB total request size
+                        try (InputStream in = part.getInputStream()) {
+                            Files.copy(in, savedFile.toPath());


.devcontainer/development/Dockerfile

@@ -1,4 +1,4 @@
-FROM tomcat:9.0.97-jdk21-temurin
+FROM tomcat:11.0-jdk21-temurin


.devcontainer/development/Dockerfile


 # Copy Tomcat installation from the official Tomcat image
-COPY --from=tomcat:9.0.97 /usr/local/tomcat $CATALINA_HOME
+COPY --from=tomcat:11.0-jdk21-temurin /usr/local/tomcat $CATALINA_HOME


.devcontainer/development/Dockerfile


 # Copy Tomcat installation from the official Tomcat image
-COPY --from=tomcat:9.0.97 /usr/local/tomcat $CATALINA_HOME
+COPY --from=tomcat:11.0-jdk21-temurin /usr/local/tomcat $CATALINA_HOME


...n/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml

-		</summary>
-</jasperReport>
+<?xml version="1.0" encoding="UTF-8"?>
+<jasperReport name="end_year_end_subreport" columnCount="1" printOrder="Vertical" orientation="Portrait" pageWidth="595" pageHeight="842" columnWidth="535" columnSpacing="0" leftMargin="30" rightMargin="30" topMargin="20" bottomMargin="20" whenNoDataType="NoPages" isTitleNewPage="false" isSummaryNewPage="false">


...n/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml

+			<element kind="textField" x="0" y="0" width="120" height="18" key="textField" blankWhenNull="false" evaluationTime="Now" hyperlinkType="None" hyperlinkTarget="Self">
+				<box />
+				<expression><![CDATA[$F{service_code}]]></expression>
+			</element>
+			<element kind="textField" x="120" y="0" width="100" height="18" key="textField" blankWhenNull="false" evaluationTime="Now" hyperlinkType="None" hyperlinkTarget="Self">
+				<box />
+				<expression><![CDATA[$F{fee}]]></expression>
+			</element>


Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

Copilot

Pull request overview

Bulk migration of CARLOS EMR from javax.* to jakarta.* with accompanying framework/runtime upgrades and a few behavioral refactors needed for Jakarta-compatible libraries.

Changes:

Updated Java/JSP/Servlet/JPA imports to the Jakarta EE namespaces and migrated Struts actions to org.apache.struts2.*.
Replaced several Hibernate Session persistence calls (save, update, saveOrUpdate, delete) with Hibernate 6/JPA-aligned APIs (persist, merge, remove).
Refactored multipart upload servlets away from Apache Commons FileUpload to the Jakarta Servlet Part API, and updated devcontainer Tomcat image.

Reviewed changes

Copilot reviewed 297 out of 2585 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/IssueDAOImpl.java	Hibernate 6 migration: replace `saveOrUpdate`/`delete` with `merge`/`remove`.
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/ClientImageDAOImpl.java	Hibernate 6 migration: replace `saveOrUpdate`/`delete` with `merge`/`remove`.
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteLinkDAOImpl.java	Hibernate 6 migration: replace `save`/`update` with `persist`/`merge`.
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteExtDAOImpl.java	Hibernate 6 migration: replace `save`/`update` with `persist`/`merge`.
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java	Hibernate 6 migration; changed `saveAndReturn` behavior to return entity instead of `save()` result.
src/main/java/io/github/carlos_emr/carlos/billing/CA/BC/MSP/DocumentTeleplanReportUploadServlet.java	Reworked upload handling to `request.getParts()` + `PathValidationUtils`.
src/main/java/io/github/carlos_emr/DocumentUploadServlet.java	Reworked upload handling to `request.getParts()` + `PathValidationUtils` (removed Commons FileUpload).
src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java	Dropped Commons FileUpload dependency by adding a local multipart content-type check.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml	JasperReports template refactor to newer element syntax.
.devcontainer/development/Dockerfile	Updated devcontainer base image from Tomcat 9 to Tomcat 11.
plan.md	Added follow-up migration plan (Tomcat 11 + Spring 7 + Jakarta EE 11).
docs/README.md	Updated documented runtime stack versions after Jakarta migration.
CLAUDE.md	Updated documented runtime stack + Struts migration notes after Jakarta migration.
.github/copilot-instructions.md	Updated documented runtime stack versions after Jakarta migration.

You can also share your feedback on Copilot code review. Take the survey.

src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java

+        currentSession().persist(note);
+        return note;


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                for (Part part : request.getParts()) {
+                    String submittedFilename = part.getSubmittedFileName();


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                        try (InputStream in = part.getInputStream()) {
+                            Files.copy(in, savedFile.toPath());
+                        }


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                        MiscUtils.getLogger().error("Invalid uploaded filename: " + submittedFilename);
+                        continue;
+                    } catch (IOException e) {
+                        MiscUtils.getLogger().error("Error processing file: " + submittedFilename, e);


src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java

+    private static boolean isMultipartContent(HttpServletRequest request) {
+        String contentType = request.getContentType();
+        return contentType != null && contentType.toLowerCase().startsWith("multipart/");
+    }


.devcontainer/development/Dockerfile

@@ -1,4 +1,4 @@
-FROM tomcat:9.0.97-jdk21-temurin
+FROM tomcat:11.0-jdk21-temurin


.devcontainer/development/Dockerfile


 # Copy Tomcat installation from the official Tomcat image
-COPY --from=tomcat:9.0.97 /usr/local/tomcat $CATALINA_HOME
+COPY --from=tomcat:11.0-jdk21-temurin /usr/local/tomcat $CATALINA_HOME


...n/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml

+	<background height="0">
+			</background>
+	<title height="0">
+			</title>
+	<pageHeader height="0">
+			</pageHeader>
+	<columnHeader height="0">
+			</columnHeader>


Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

@batchsize

Comprehensive fixes for runtime issues discovered during Jakarta EE migration testing. Build fixes: - Add jakarta.transaction-api 2.0.1 for Hibernate 7 - Fix Jackson JAX-RS/JAXB providers to Jakarta namespace (spring_ws.xml) - Add WebServiceContext bean for Spring 7 CXF integration - Fix Hibernate 7: remove @NotFound/@batchsize on @manytoone (Tickler) - Add @entity to HBM-only classes referenced by JPA associations - Configure JPA EMF with packagesToScan + mappingResources for Hibernate 7 - Fix Struts 7 DTD (6.5), fileUpload->actionFileUpload interceptor - Fix Struts 7 namespace: alwaysSelectFullNamespace=false, fallbackToEmptyNamespace=true Servlet 6.1 / Tomcat 11 fixes: - Replace session.getValue() with session.getAttribute() (107 occurrences, 102 JSPs) - Replace pageContext.forward() with RequestDispatcher.include() (20 JSPs) - Add out.clearBuffer() before include for Tomcat 11 buffer handling - Fix LoginFilter to treat context root "/" as index.jsp for exemptions - Fix CsrfGuardScriptInjectionFilter: skip .do wrapper, fix isCommitted/writeToResponse - Fix LogoutBroadcastFilter: remove response wrapper, add grace period - Remove dead Struts 1 TLD files and orphaned tag entries in caisi/oscar TLDs - Migrate encoder-jsp to encoder-jakarta-jsp (Jakarta JSP taglib) - Update OWASP encoder taglib URI to owasp.encoder.jakarta (21 JSPs) - Add csrfguard script to global-head.jspf and encounter layout Hibernate 7 HQL fixes: - Fix Integer vs String comparisons (OscarLogDaoImpl: demographicId != -1) - Fix Boolean vs Integer/String comparisons (AllergyDaoImpl, JointAdmissionDaoImpl, etc.) - Fix unqualified ORDER BY (OscarLogDaoImpl: dateTime -> l.created) - Add SELECT clause to multi-root HQL queries (~15 DAOs) - Fix ScheduleDateDaoImpl cross-join query Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Copilot

Pull request overview

Bulk migration of CARLOS EMR from javax.* to jakarta.*, plus framework/runtime upgrades to support Jakarta EE-based stacks (Struts 7, Hibernate 6, Servlet 6+) and related refactors (notably multipart upload handling and JasperReports templates).

Changes:

Migrated servlet/JSP/JPA/JAXB/JAX-WS/JAX-RS imports to jakarta.* across the codebase.
Updated Hibernate usage patterns (save/update/delete → persist/merge/remove) in multiple DAOs.
Refactored multipart upload handling to use the Jakarta Servlet Part API and updated devcontainer Tomcat image.

Reviewed changes

Copilot reviewed 297 out of 2653 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java	Replaced Hibernate `save/update` calls; adjusted `saveAndReturn` behavior.
src/main/java/io/github/carlos_emr/DocumentUploadServlet.java	Replaced Apache Commons FileUpload with Servlet `Part` upload flow and path validation.
src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java	Removed commons-fileupload dependency; added multipart detection helper.
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml	Refactored JasperReports template to a new XML structure.
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramTeam.java	Added JPA annotations (`@Entity`, `@Table`).
src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramClientStatus.java	Added JPA annotations (`@Entity`, `@Table`).
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java	Migrated Struts packages and Servlet aware interfaces to Struts 7 locations.
.devcontainer/development/Dockerfile	Updated devcontainer Tomcat base image to Tomcat 11.

You can also share your feedback on Copilot code review. Take the survey.

src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java

        }
-        return currentSession().save(note);
+        currentSession().persist(note);
+        return note;


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                for (Part part : request.getParts()) {
+                    String submittedFilename = part.getSubmittedFileName();
+                    if (submittedFilename == null || submittedFilename.isEmpty()) {
+                        continue;
                    }


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                        try (InputStream in = part.getInputStream()) {
+                            Files.copy(in, savedFile.toPath());
+                        }


...n/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml

+	<background height="0">
+			</background>
+	<title height="0">
+			</title>
+	<pageHeader height="0">
+			</pageHeader>
+	<columnHeader height="0">
+			</columnHeader>


src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java

+    private static boolean isMultipartContent(HttpServletRequest request) {
+        String contentType = request.getContentType();
+        return contentType != null && contentType.toLowerCase().startsWith("multipart/");
+    }


src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramTeam.java

+@Entity
+@Table(name = "program_team")
 public class ProgramTeam implements Serializable {


src/main/java/io/github/carlos_emr/carlos/PMmodule/model/ProgramClientStatus.java

+@Entity
+@Table(name = "program_clientstatus")
 public class ProgramClientStatus implements Serializable {


.devcontainer/development/Dockerfile

@@ -1,4 +1,4 @@
-FROM tomcat:9.0.97-jdk21-temurin
+FROM tomcat:11.0-jdk21-temurin


.devcontainer/development/Dockerfile


 # Copy Tomcat installation from the official Tomcat image
-COPY --from=tomcat:9.0.97 /usr/local/tomcat $CATALINA_HOME
+COPY --from=tomcat:11.0-jdk21-temurin /usr/local/tomcat $CATALINA_HOME


ConsultationRequest.status is String but was compared to Integer 4 in HQL query. Hibernate 7 strictly validates types. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Comprehensive sweep for remaining migration issues found by exhaustive codebase scanning. Fixes applied proactively before they cause runtime errors. Multi-root HQL without SELECT (5 queries): - BillingDaoImpl: 3 queries (Billing+Billingmaster, Billing+BillingDetail) - BillingmasterDAO: 1 query (Billing+Billingmaster) - DiagnosticCodeDaoImpl: 1 query (DiagnosticCode+CtlDiagCode) Boolean/String type mismatches (13 queries): - ConsentDaoImpl: deleted=0 → deleted=false (3 locations) - DrugDaoImpl: archived=0/1 → archived=false/true - HRMDocumentCommentDao: deleted=0 → deleted=false - ConsentTypeDaoImpl: active=1 → active=true (2 locations) - DemographicPharmacyDaoImpl: status=1 → status='1' (String field) - ConsultResponseDaoImpl: status!=4/5 → status!='4'/'5' (String field) - ConsultRequestDaoImpl: status!=4/5/7 → status!='4'/'5'/'7' (line 254) GROUP BY with full entity SELECT (2 queries): - CtlBillingServiceDaoImpl: replaced invalid GROUP BY with subquery - QuickListDaoImpl: replaced invalid GROUP BY with subquery Servlet 6.1: - TemplateFlowSheetPage.jspf: session.getValue() → session.getAttribute() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Copilot

Pull request overview

Bulk migration of CARLOS EMR from javax.* to jakarta.*, including upgrades/migrations for Struts 7 and Hibernate 6 APIs, plus a few behavioral changes to request/response filtering and file upload handling.

Changes:

Updated Java/JSP/JAXB/JAX-WS imports to Jakarta EE namespaces and adjusted Struts action imports for Struts 7.
Replaced deprecated Hibernate Session operations (save, update, saveOrUpdate, delete) with persist, merge, and remove.
Refactored selected infrastructure pieces (logout broadcast injection, CSRF multipart detection, servlet upload) and updated the devcontainer Tomcat image.

Reviewed changes

Copilot reviewed 297 out of 2653 changed files in this pull request and generated 16 comments.

Show a summary per file

File	Description
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java	Struts 7 interface/import migration; request/response injection method changes
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java	Hibernate 6 API updates and HQL boolean literal changes; altered `saveAndReturn` behavior
src/main/java/io/github/carlos_emr/DocumentUploadServlet.java	Replaced Commons FileUpload with Jakarta `Part` API and changed upload I/O behavior
src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java	Removed Commons FileUpload dependency; added multipart content detection helper
src/main/resources/*/.jrxml	JasperReports template refactors to new XML structure
.devcontainer/development/Dockerfile	Devcontainer Tomcat image bump and related Docker layering changes
docs/README.md, CLAUDE.md, .github/copilot-instructions.md	Documentation updates reflecting the new Jakarta/Spring/Struts/Tomcat baseline
(numerous other Java files)	Mechanical `javax.` → `jakarta.` import migration and Struts package updates

Comments suppressed due to low confidence (1)

src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java:1

saveAndReturn previously returned the value from Session.save(note) (typically the generated identifier). After this change it returns the entity instance instead, which is a behavioral/contract change and is likely to break callers expecting an id. If the intent is to return the generated id under Hibernate 6, persist the entity and return note.getId() (optionally after flush() if required by your identifier strategy), or keep using an API that returns the identifier.

/**

You can also share your feedback on Copilot code review. Take the survey.

src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java

+import org.apache.struts2.action.ServletResponseAware;
 import org.apache.struts2.interceptor.parameter.StrutsParameter;

 public class GstControl2Action extends ActionSupport implements ServletRequestAware, ServletResponseAware  {


src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java

    private HttpServletResponse response;
    @Override
-    public void setServletRequest(HttpServletRequest request) {
+    public void withServletRequest(HttpServletRequest request) {


src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java


    @Override
-    public void setServletResponse(HttpServletResponse response) {
+    public void withServletResponse(HttpServletResponse response) {


src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java

        if (issues.length > 1) {
            List<Long> issueIdList = parseIssueIds(issues);
-            String hql = "select cmn from CaseManagementNote cmn join cmn.issues i where i.issue_id in (:issueIds) and cmn.demographic_no = :demoNo and cmn.archived = 0 and cmn.id = (select max(cmn2.id) from CaseManagementNote cmn2 where cmn.uuid = cmn2.uuid) ORDER BY cmn.position, cmn.observation_date desc";
+            String hql = "select cmn from CaseManagementNote cmn join cmn.issues i where i.issue_id in (:issueIds) and cmn.demographic_no = :demoNo and cmn.archived = false and cmn.id = (select max(cmn2.id) from CaseManagementNote cmn2 where cmn.uuid = cmn2.uuid) ORDER BY cmn.position, cmn.observation_date desc";


src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java

            long id = Long.parseLong(issues[0]);

-            String hql = "select cmn from CaseManagementNote cmn join cmn.issues i where i.issue_id = :issueId and cmn.demographic_no = :demoNo and cmn.archived=0 order by cmn.position, cmn.observation_date desc";
+            String hql = "select cmn from CaseManagementNote cmn join cmn.issues i where i.issue_id = :issueId and cmn.demographic_no = :demoNo and cmn.archived=false order by cmn.position, cmn.observation_date desc";


.devcontainer/development/Dockerfile


 # Copy Tomcat installation from the official Tomcat image
-COPY --from=tomcat:9.0.97 /usr/local/tomcat $CATALINA_HOME
+COPY --from=tomcat:11.0-jdk21-temurin /usr/local/tomcat $CATALINA_HOME


.devcontainer/development/Dockerfile


 # Copy Tomcat installation from the official Tomcat image
-COPY --from=tomcat:9.0.97 /usr/local/tomcat $CATALINA_HOME
+COPY --from=tomcat:11.0-jdk21-temurin /usr/local/tomcat $CATALINA_HOME


src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java

+    private static boolean isMultipartContent(HttpServletRequest request) {
+        String contentType = request.getContentType();
+        return contentType != null && contentType.toLowerCase().startsWith("multipart/");
+    }


...n/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml

+	<queryString><![CDATA[SELECT bi.`service_code`, bi.`fee` FROM `billing_on_item` bi WHERE ch1_id = $P{invoiceId} ORDER BY bi.service_code ASC]]></queryString>
+	<field name="service_code" class="java.lang.String" />
+	<field name="fee" class="java.lang.String" />
+	<background height="0">


...n/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml

+			</columnHeader>
+	<detail>
+		<band height="18">
+			<element kind="textField" x="0" y="0" width="120" height="18" key="textField" blankWhenNull="false" evaluationTime="Now" hyperlinkType="None" hyperlinkTarget="Self">


Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

- global-head.jspf: keep both csrfguard script and new transitions.css/carlos-ajax.js - SearchDrug3.jsp: use CarlosAjax.updater (handles CSRF automatically) instead of manual CSRF token injection Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Copilot

Pull request overview

Bulk migration of CARLOS EMR from javax.* to jakarta.*, alongside major framework/container upgrades to Jakarta-compatible versions (Spring 6, Hibernate 6, Struts 7, Tomcat 10+/11).

Changes:

Updated Java/JSP/JAX-* imports and Struts package locations to Jakarta/Struts 7 namespaces.
Migrated Hibernate Session persistence calls away from removed APIs (saveOrUpdate, update, delete) to persist/merge/remove.
Refactored specific runtime components (multipart upload handling, logout broadcast script injection, report templates, devcontainer Tomcat baseline).

Reviewed changes

Copilot reviewed 297 out of 2655 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/ClientImageDAOImpl.java	Hibernate Session API migration (`saveOrUpdate`→`merge`, `delete`→`remove`)
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteLinkDAOImpl.java	Replace `save`/`update` with `persist`/`merge`
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteExtDAOImpl.java	Replace `save`/`update` with `persist`/`merge`
src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java	HQL boolean literal changes + Session API migration + return-value change in `saveAndReturn`
src/main/java/io/github/carlos_emr/carlos/app/LogoutBroadcastFilter.java	Change response handling/injection strategy for Tomcat 11 compatibility
src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java	Remove commons-fileupload dependency; add local multipart detection
src/main/java/io/github/carlos_emr/DocumentUploadServlet.java	Switch from Commons FileUpload to Jakarta Servlet `Part` upload handling
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml	JasperReports template refactor/new XML structure
src/main/java/io/github/carlos_emr/carlos/billings/ca/on/administration/GstControl2Action.java	Struts 7 package migration + request/response aware method changes
.devcontainer/development/Dockerfile	Devcontainer Tomcat baseline bump to 11
plan.md	Forward-looking plan for Tomcat 11 / Spring 7 follow-up work
docs/README.md	Docs updated to reflect upgraded stack versions
CLAUDE.md	Docs updated to reflect upgraded stack versions + Struts 7 notes
.github/copilot-instructions.md	Docs updated to reflect upgraded stack versions + Struts 7 import example

Comments suppressed due to low confidence (1)

src/main/java/io/github/carlos_emr/carlos/casemgmt/dao/CaseManagementNoteDAOImpl.java:1

saveAndReturn previously returned the value from Session.save(...) (typically the generated identifier). It now returns the entity instance, which is a behavioral change likely to break callers expecting an ID/Serializable. Prefer returning the identifier (e.g., note.getId() after a flush if needed) or rename/change the method contract to reflect returning the entity.

/**

You can also share your feedback on Copilot code review. Take the survey.

...n/java/io/github/carlos_emr/carlos/billings/ca/on/reports/end_year_statement_subreport.jrxml

+	<background height="0">
+			</background>
+	<title height="0">
+			</title>
+	<pageHeader height="0">
+			</pageHeader>
+	<columnHeader height="0">
+			</columnHeader>
+	<detail>
+		<band height="18">
+			<element kind="textField" x="0" y="0" width="120" height="18" key="textField" blankWhenNull="false" evaluationTime="Now" hyperlinkType="None" hyperlinkTarget="Self">
+				<box />
+				<expression><![CDATA[$F{service_code}]]></expression>
+			</element>
+			<element kind="textField" x="120" y="0" width="100" height="18" key="textField" blankWhenNull="false" evaluationTime="Now" hyperlinkType="None" hyperlinkTarget="Self">
+				<box />
+				<expression><![CDATA[$F{fee}]]></expression>
+			</element>


.devcontainer/development/Dockerfile

@@ -1,4 +1,4 @@
-FROM tomcat:9.0.97-jdk21-temurin
+FROM tomcat:11.0-jdk21-temurin


.devcontainer/development/Dockerfile


 # Copy Tomcat installation from the official Tomcat image
-COPY --from=tomcat:9.0.97 /usr/local/tomcat $CATALINA_HOME
+COPY --from=tomcat:11.0-jdk21-temurin /usr/local/tomcat $CATALINA_HOME


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                for (Part part : request.getParts()) {
+                    String submittedFilename = part.getSubmittedFileName();
+                    if (submittedFilename == null || submittedFilename.isEmpty()) {
+                        continue;
                    }
-                }

-                // Validate the temp directory is within allowed system temp path
-                PathValidationUtils.validateExistingPath(uploadTempDir, new File(systemTempDir));
-                factory.setRepository(uploadTempDir);
+                    try {
+                        // Use PathValidationUtils to sanitize and validate the destination path
+                        File documentDir = new File(foldername);
+                        File savedFile = PathValidationUtils.validatePath(submittedFilename, documentDir);

-            } catch (SecurityException e) {
-                MiscUtils.getLogger().error("Security validation failed for upload temp directory", e);
-                throw new ServletException("Upload configuration error: invalid temp directory path", e);
-            }
+                        fileheader = savedFile.getName();

-            // Create a new file upload handler
-            ServletFileUpload upload = new ServletFileUpload(factory);
-            upload.setHeaderEncoding("UTF-8");
-
-            // Set file size limits to prevent DoS attacks (50 MB limit for MOH billing files)
-            upload.setFileSizeMax(52428800); // 50 MB per file
-            upload.setSizeMax(52428800);     // 50 MB total request size
+                        try (InputStream in = part.getInputStream()) {
+                            Files.copy(in, savedFile.toPath());
+                        }


src/main/java/io/github/carlos_emr/DocumentUploadServlet.java

+                        MiscUtils.getLogger().error("Invalid uploaded filename: " + submittedFilename);
+                        continue;
+                    } catch (IOException e) {
+                        MiscUtils.getLogger().error("Error processing file: " + submittedFilename, e);


src/main/java/io/github/carlos_emr/carlos/app/CarlosCsrfGuardFilter.java

+    private static boolean isMultipartContent(HttpServletRequest request) {
+        String contentType = request.getContentType();
+        return contentType != null && contentType.toLowerCase().startsWith("multipart/");
+    }


src/main/java/io/github/carlos_emr/carlos/app/LogoutBroadcastFilter.java

+        // Pass through without wrapping - Tomcat 11's RequestDispatcher.forward()
+        // is incompatible with response wrappers that suppress flush/close.
+        // The script is injected by CsrfGuardScriptInjectionFilter instead,
+        // or appended directly after the chain completes.
+        chain.doFilter(request, response);


src/main/java/io/github/carlos_emr/carlos/app/LogoutBroadcastFilter.java

+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+
        // Only inject for HTML responses
-        String contentType = delegatingResponse.getContentType();
+        String contentType = httpResponse.getContentType();


src/main/java/io/github/carlos_emr/carlos/app/LogoutBroadcastFilter.java

+        // Don't inject if response is already committed (forward/redirect already sent)
+        if (httpResponse.isCommitted()) {
+            return;
+        }
+
+        try {
+            String script = buildScript(httpRequest.getContextPath(), httpRequest.getLocale());
+            httpResponse.getWriter().print(script);
+        } catch (IllegalStateException e) {
+            // getWriter() fails if getOutputStream() was already called - skip injection
+            logger.debug("Cannot inject logout script - output stream already obtained", e);
+        }


claude added 18 commits March 15, 2026 18:11

chore: bump commons-io, jsoup, and bouncy castle to latest versions

4e1ce7e

- commons-io 2.18.0 → 2.22.0 - jsoup 1.17.2 → 1.22.1 - bcpkix-jdk18on 1.79 → 1.83 Minor version bumps, no API changes required. https://claude.ai/code/session_01RTbR8gPjRdLaxZpMeJtqdn

Copilot AI review requested due to automatic review settings March 15, 2026 23:23

sourcery-ai bot reviewed Mar 15, 2026

View reviewed changes

Copilot AI reviewed Mar 15, 2026

View reviewed changes

github-code-quality bot found potential problems Mar 15, 2026

View reviewed changes

scripts/convert_jrxml_v6_to_v7.py

import sys

import os

import re

import glob

scripts/convert_jrxml_v6_to_v7.py

import re

import glob

import argparse

import copy

github-advanced-security bot found potential problems Mar 15, 2026

View reviewed changes

chatgpt-codex-connector bot reviewed Mar 15, 2026

View reviewed changes

gemini-code-assist bot reviewed Mar 15, 2026

View reviewed changes

penify-dev bot added the Enhancement label Mar 16, 2026

claude added 2 commits March 16, 2026 00:15

Copilot AI review requested due to automatic review settings March 16, 2026 00:30

Copilot AI reviewed Mar 16, 2026

View reviewed changes

chore: fixes

25aaf88

Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

Copilot AI review requested due to automatic review settings March 16, 2026 01:31

Copilot AI reviewed Mar 16, 2026

View reviewed changes

yingbull added 2 commits March 15, 2026 21:47

chore: fixes

f9d3939

Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

chore: fixes

11da260

Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

Copilot AI review requested due to automatic review settings March 16, 2026 03:22

Copilot AI reviewed Mar 16, 2026

View reviewed changes

yingbull and others added 2 commits March 16, 2026 09:02

chore: fixes

a33c3ff

Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

Copilot AI review requested due to automatic review settings March 16, 2026 16:48

Copilot AI reviewed Mar 16, 2026

View reviewed changes

yingbull and others added 2 commits March 17, 2026 10:52

fix: Hibernate 7 type mismatch in ConsultationRequestDaoImpl

6146e4d

ConsultationRequest.status is String but was compared to Integer 4 in HQL query. Hibernate 7 strictly validates types. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Copilot AI review requested due to automatic review settings March 17, 2026 15:19

Copilot AI reviewed Mar 17, 2026

View reviewed changes

yingbull and others added 2 commits March 17, 2026 11:58

chore: fixes

199296e

Signed-off-by: Michael Yingbull <michael@maplecreekmedical.ca>

Copilot AI review requested due to automatic review settings March 18, 2026 13:15

Copilot AI reviewed Mar 18, 2026

View reviewed changes

yingbull closed this Mar 18, 2026

@@ -64,7 +64,8 @@
                  * <p>Performs the following validations:</p>
                  * <ol>
                  *   <li>Sanitizes the user-provided filename (strips path components, rejects hidden files)</li>
-                 *   <li>Validates the resulting path is within the allowed directory</li>
+                 *   <li>Ensures that the allowed directory exists and is a directory</li>
+                 *   <li>Validates the resulting path is within the allowed directory (canonical containment check)</li>
                  * </ol>
                  *
                  * @param userProvidedFileName the filename provided by the user
@@ -73,14 +74,22 @@
                  * @throws SecurityException if validation fails
                  */
                 public static File validatePath(String userProvidedFileName, File allowedDir) {
-            		// 1. Sanitize filename
-            		String safeName = sanitizeFileName(userProvidedFileName);
+                    if (allowedDir == null) {
+                        throw new SecurityException("Allowed directory must not be null");
+                    }
+                    if (!allowedDir.exists() || !allowedDir.isDirectory()) {
+                        logger.error("Allowed directory is invalid: {}", allowedDir);
+                        throw new SecurityException("Allowed directory is invalid");
+                    }
-            		// 2. Build and validate path
-            		File path = new File(allowedDir, safeName);
-            		validateWithinDirectory(path, allowedDir);
+                    // 1. Sanitize filename
+                    String safeName = sanitizeFileName(userProvidedFileName);
-            		return path;
+                    // 2. Build and validate path
+                    File path = new File(allowedDir, safeName);
+                    validateWithinDirectory(path, allowedDir);
+                    return path;
                 }
                 /**

@@ -154,13 +154,16 @@
                                     fileheader = savedFile.getName();
+                                    // Re-validate the resolved path just before use to ensure it is within documentDir
+                                    File validatedSavedFile = PathValidationUtils.validateExistingPath(savedFile, documentDir);
                                     try (InputStream in = part.getInputStream()) {
-                                        Files.copy(in, savedFile.toPath());
+                                        Files.copy(in, validatedSavedFile.toPath());
                                     }
                                     if (OscarProperties.getInstance().isPropertyActive("moh_file_management_enabled")) {
                                         File inboxDir = new File(inboxFolder);
-                                        FileUtils.copyFileToDirectory(savedFile, inboxDir);
+                                        FileUtils.copyFileToDirectory(validatedSavedFile, inboxDir);
                                     }
                                 } catch (SecurityException e) {
                                     MiscUtils.getLogger().error("Invalid uploaded filename: " + submittedFilename);

@@ -73,14 +73,21 @@
                  * @throws SecurityException if validation fails
                  */
                 public static File validatePath(String userProvidedFileName, File allowedDir) {
-            		// 1. Sanitize filename
-            		String safeName = sanitizeFileName(userProvidedFileName);
+                    if (allowedDir == null) {
+                        throw new SecurityException("Allowed directory is not configured");
+                    }
+                    if (!allowedDir.isDirectory()) {
+                        throw new SecurityException("Allowed directory is not a directory: " + allowedDir);
+                    }
-            		// 2. Build and validate path
-            		File path = new File(allowedDir, safeName);
-            		validateWithinDirectory(path, allowedDir);
+                    // 1. Sanitize filename
+                    String safeName = sanitizeFileName(userProvidedFileName);
-            		return path;
+                    // 2. Build and validate path
+                    File path = new File(allowedDir, safeName);
+                    validateWithinDirectory(path, allowedDir);
+                    return path;
                 }
                 /**
@@ -261,7 +266,7 @@
                         throw new SecurityException("Filename is null or empty");
                     }
-                    // Use Apache Commons IO to extract just the filename
+                    // Use Apache Commons IO to extract just the filename (strip any path components)
                     String baseName = FilenameUtils.getName(fileName);
                     // Reject hidden files (starting with .)
@@ -276,6 +281,23 @@
                         throw new SecurityException("Invalid filename");
                     }
+                    // Reject any remaining path traversal indicators or separators
+                    if (baseName.contains("..") || baseName.contains("/") || baseName.contains("\\\\")) {
+                        logger.warn("Path traversal or separator detected in filename after sanitization: {}", baseName);
+                        throw new SecurityException("Invalid filename");
+                    }
+                    // Enforce a conservative allow-list: letters, digits, space, dot, underscore, dash
+                    // and a reasonable length limit to avoid resource abuse.
+                    if (baseName.length() > 255) {
+                        logger.warn("Filename too long: {} ({} characters)", baseName, baseName.length());
+                        throw new SecurityException("Invalid filename: too long");
+                    }
+                    if (!baseName.matches("[A-Za-z0-9._\\- ]+")) {
+                        logger.warn("Filename contains disallowed characters: {}", baseName);
+                        throw new SecurityException("Invalid filename");
+                    }
                     return baseName;
                 }
@@ -294,6 +316,7 @@
                         return canonicalPath.equals(dirCanonical) || canonicalPath.startsWith(dirCanonical + File.separator);
                     } catch (IOException e) {
                         logger.error("Error checking if file is within directory", e);
+                        // Fail closed on I/O errors: treat as not within directory
                         return false;
                     }
                 }

@@ -63,6 +63,10 @@
                     if (forwardTo == null || forwardTo.length() < 1) return;
                     File documentDir = new File(foldername);
+                    if (!documentDir.exists() || !documentDir.isDirectory()) {
+                        MiscUtils.getLogger().error("Invalid DOCUMENT_DIR configuration for Teleplan upload: {}", foldername);
+                        return;
+                    }
                     try {
                         for (Part part : request.getParts()) {

		@@ -1,4 +1,4 @@
		FROM tomcat:9.0.97-jdk21-temurin
		FROM tomcat:11.0-jdk21-temurin

		for (Part part : request.getParts()) {
		String submittedFilename = part.getSubmittedFileName();

Conversation

yingbull commented Mar 15, 2026 • edited by penify-dev bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

User description

Description

Changes walkthrough 📝

Uh oh!

sourcery-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot commented Mar 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Uh oh!

Check failure

Uh oh!

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

gemini-code-assist bot commented Mar 15, 2026

Summary of Changes

Highlights

Footnotes

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector bot Mar 15, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist bot Mar 15, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Mar 15, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Mar 15, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

Snapshot Warnings

Vulnerabilities

pom.xml

License Issues

pom.xml

OpenSSF Scorecard

Scanned Files

Uh oh!

socket-security bot commented Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI left a comment

yingbull commented Mar 15, 2026 •

edited by penify-dev bot

Loading

coderabbitai bot commented Mar 15, 2026 •

edited

Loading

github-actions bot commented Mar 16, 2026 •

edited

Loading

socket-security bot commented Mar 16, 2026 •

edited

Loading

socket-security bot commented Mar 16, 2026 •

edited

Loading