OpenJPA Logo   ASF Logo

Found a Bug?

If you think you've found a problem with OpenJPA, there are several ways to proceed.

You can begin by raising the issue on the OpenJPA User or Developer mailing lists (see Mailing Lists ).

You can also search JIRA, our issue-tracking system, to see if the problem has already been noted (visit JIRA ). If the issue is not listed there, you can add a new JIRA issue describing it. Please include detailed steps to reproduce the problem.

If you have a fix for the issue, you can generate a patch file to send the fix to us. You need to check out the current source code from Subversion (see Source Code ), make the necessary changes (see Coding Standards ), and then do a full build with all tests enabled (see Building ) and make sure the unit tests runs as expected (try to run a full build),

 maven clean install

and of course, confirm that the problem is actually fixed. Then, go to the root directory of your OpenJPA checkout, and run a command like

 svn diff > OPENJPA-<JIRA_NUMBER>-<BRANCH_ID>.patch

to generate a patch file.

To submit a patch, create an issue in JIRA that describes the problem, add your patch file as an attachment (don't forget to select the "Grant license to ASF for inclusion in ASF works" option), and then edit the JIRA to select the Patch Available check box. Please include detailed steps to reproduce the problem in the issue description, and a test case in the patch where possible (see Testing).

For larger contributions, like new features or more complex bug fixes, you should also have an Individual Contributor License Agreement on file with the ASF.

Thanks for working with us to improve Apache OpenJPA!

Reporting Security Vulnerabilities

The Apache Software Foundation takes a very active stance in eliminating security problems and denial of service attacks against the code we provide.

We strongly encourage folks to report any such problems discovered in OpenJPA to our private PMC mailing list mailto:private@openjpa.apache.org first, before disclosing them in a public forum.

Please note that the private PMC mailing list should only be used for reporting undisclosed security vulnerabilities and managing the process of fixing such vulnerabilities until they are made public. We will not accept regular bug reports or other general user queries at this address.

If you need to report a bug that is already a disclosed security vulnerability, please use the regular bug reporting process above.

Questions about:

  • how to securely configure OpenJPA
  • if a vulnerability applies to your particular application or OpenJPA level
  • obtaining further information on a published vulnerability
  • availability of patches and/or new releases

should be address to the users mailing list. Please see the Mailing Lists page for details of how to subscribe.

Copyright © 2006,2013 The Apache Software Foundation. Licensed under Apache License 2.0.
Apache, the Apache feather logo and OpenJPA are trademarks of The Apache Software Foundation.
Other names may be trademarks of their respective owners.