[x3d-public] Log4j and what it means for encodings

John Carlson yottzumm at gmail.com
Mon Dec 13 11:55:59 PST 2021 

My guess is skin would have that.

Have you checked out the makehuman community examples?

John

On Mon, Dec 13, 2021 at 1:37 PM Andreas Plesch <andreasplesch at gmail.com>
wrote:

> Just a note that it would be great to have an HAnim example with
> precomputed normals since I could not find any.
>
> Cheers, Andreas
>
> On Mon, Dec 13, 2021 at 1:12 PM Joseph D Williams <joedwil at earthlink.net>
> wrote:
> >
> > I know that some HAnim examples cause my X3DJSONLD system to “go out to
> lunch” for a while, or fail to sync up beginning and ending tags.
> >
> >
> >
> > For hanim, please work on the jin loa4. If we can be sure that is
> correct, then we can use it as the basis for updated part 1 annex a because
> I think it has the correct hanim2 names and hierarchy.
> >
> > Thank,
> >
> > Joe
> >
> >
> >
> > From: John Carlson
> > Sent: Saturday, December 11, 2021 2:42 PM
> > To: X3D-Public
> > Cc: Holger Seelig; Andreas Plesch; Joseph D Williams
> > Subject: Re: Log4j and what it means for encodings
> >
> >
> >
> > All,
> >
> >
> >
> > I’m afraid to introduce this subject, but since I am apparently the QA
> for the X3D JSON examples, I do feel fairly confident there no examples in
> the X3D Resources Examples that will break one’s standard JSON parser.  I
> guess the defensive tests may be in SavageDefense.   Should we do some
> examples that can break typical parsers and validators, so browser
> developers can get more comfortable with their systems?  Could this be
> added to the ConformanceNist examples?
> >
> >
> >
> > I know that some HAnim examples cause my X3DJSONLD system to “go out to
> lunch” for a while, or fail to sync up beginning and ending tags.
> >
> >
> >
> > I suggest we go through my online examples previously posted try to
> patch what we can.  Here’s my current list of examples, from a previous
> message starting with “Status”.
> https://coderextreme.net/X3DJSONLD/src/main/html/codex.html. The message
> made assignments as I saw fit, but I encourage you to go through your
> assigned list,  I believe I am pointed at development or recent releases of
> X_ITE and X3DOM.
> >
> >
> >
> > Apple Mail is making my life miserable.   Going back to gmail.   Why did
> I ever leave?
> >
> >
> >
> > John
> >
> >
> >
> > Sent from my iPad
> >
> >
> >
> > On Dec 11, 2021, at 3:37 PM, John Carlson <yottzumm at gmail.com> wrote:
> >
> > Apparently there is a denial of service attack happening on
> log4j/struts/soap.   Imagine your X3D xml/json/VRML having millions of
> nested Groups and transforms.   How can we defend ourselves, and what
> limits can we set in place?  I do know tail recursion can help, but I’m not
> sure what happens when there are too many stack frames to open.
> >
> > I know the standard talks about limits on these things, but is there a
> limit of depth of nested nodes in the standard?  I will do some googling.
> >
> > Sent from my iPad
> >
> >
>
>
>
> --
> Andreas Plesch
> Waltham, MA 02453
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20211213/c0ef24c7/attachment-0001.html>

More information about the x3d-public mailing list