I had the same problem with the new security issue on exec binding. Creating and editing with nano on my raspberry pi didn’t helped, i tried all your suggestions. After some hours of sleep i just started Visual Studio Code on my windows system to edit some files. There i also opened the exec.whitelist and created all new with exact the same spelling. And now it works, magic!
Thanks for the updates on OH system security.
A nice touch in the Openhabian script that runs the update would be to notify the user on exit that he/she should go off and read the docs about exec.whitelist including a link.
Better than finding things don’t work and having to trawl through logs and forums for solutions. 
2 Likes
Sorry if its the wrong place. But still got big problems with exec-Binding since last update.
I read all threads. What I did:
- created /etc/openhab2/misc/exec.whitelist
- changed user and group of /etc/openhab2/misc to openhab:openhab (like all other Config-Directories)
- changed user and group of /etc/openhab2/misc/exec.whitelist
- edited file exec.whitelist and added commands exactly like in Things while openhab running
Result:
Still got errors command not in whitelist, In openhab2.log nowhere seen whitelist had been loaded.
Tried:
Touch exec.whitelist while openhab2 running ==> Same result
Tried to restart openhab2, touch file while openhab2 running => Same result
Restarted Server, touch file, restart openhab, touch again, Command touch in Startup-Rule ==> Same result.
Looks like the whitelist never got loaded. I checked Filenames and everything hundred of times, but its all exactly like in Threads here.
Anybody an idea what to do or how to find out where the failure is?
As there have been changes, please be specific about version of exec binding.
Version 2.5.2 with exec-Binding 2.5.2 ==> Normal Update of stable release
Use updated binding until 2.5.3 comes along
You still have to get the whitelist permissions right.
I allready tried to download at jfrog. But seems I’m to stupid for that. Find Jar in List, but no way to download with firefox or edge :-/
I’ll give up! Thanks for your assistance4.
That’s because you can download only the newest version. Click on the most current build number (today 17595) and filter for exec. Follow to the detail page and there you are.
Hello Björn, thanks a lot. Before reading your answer: Found a very strange solution:
Normaly I use the Midnight Commander with mc editor to write the configuration files.
I did the same with exec.whitelist.
After open exec.whitelist in nano and save it directly got loaded.
Read somewhere else about LF and CRLF: Don’t know if its the reason, I allways had my problems with the different charset types to understand. But that solved it too.
After read your reply now updated 2.5.3 too.
Thanks for your patience with me
3 Likes
Just to add to the confusion: I also had issues with the whitelist and started changing between CRLF and LF back and forth, restarting, etc. The thing that fixed it (for me) in the end was to add a LF to the last line of the whitelist. After this things started to work even without a restart.
2 Likes
I’ve had a couple other users mention the same, so we will start to suggest this as a trouble shooting step for the whitelist issue. So to be clear… you added a line at the end of the file with just a LF correct? On a line of it’s own? Also what text editor were you using?
Correct. Initially I had a whitelist like this:
Command1<LF>
Command2<LF>
Command3
I changed to <CR><LF> which brought no improvement. Things started to work only after I went back to <LF> and added a final <LF> after Command3:
Command1<LF>
Command2<LF>
Command3<LF>
I used Notepad++.
1 Like
Is there a final solution available???
I believe rossko57’s post #88 above is the final solution.
- Manually install the fixed 2.5.3 binding using the link in that post
- Make sure you have the file permissions right on the exec.whitelist
The final solution for me is to never use the version of the binding that uses a whitelist…
2 Likes
Oh. That’s why I couldn’t control some of my lights anymore.
This error isn’t catchable btw with catch(Throwable… ?
It would be nice if the updater could show a changelog. Especially changes like these.