dev  

Messages by Thread

• [PR] [SYNCOPE-1977] Avoid error after macro compose [syncope] via GitHub
• [jira] [Created] (SYNCOPE-1977) Error after Macro compose Samuel Garofalo (Jira)
• [jira] [Resolved] (SYNCOPE-1974) Harden password reset errors against user enumeration Massimiliano Perrone (Jira)
• [jira] [Updated] (SYNCOPE-1974) Harden password reset errors against user enumeration Jira
  • [jira] [Updated] (SYNCOPE-1974) Harden password reset errors against user enumeration Jira
• [jira] [Resolved] (SYNCOPE-1975) Throttle password reset requests Massimiliano Perrone (Jira)
• [PR] Bump com.icegreen:greenmail from 2.1.8 to 2.1.9 [syncope] via GitHub
  • Re: [PR] Bump com.icegreen:greenmail from 2.1.8 to 2.1.9 [syncope] via GitHub
• [jira] [Commented] (SYNCOPE-1975) Throttle password reset requests ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1975) Throttle password reset requests ASF subversion and git services (Jira)
• [jira] [Updated] (SYNCOPE-1975) Throttle password reset requests Massimiliano Perrone (Jira)
• [jira] [Resolved] (SYNCOPE-1976) Add configurable REST rate limiting Massimiliano Perrone (Jira)
• [jira] [Commented] (SYNCOPE-1976) Add configurable REST rate limiting ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1976) Add configurable REST rate limiting ASF subversion and git services (Jira)
• [jira] [Resolved] (SYNCOPE-1973) Security auth user enumeration hardening Massimiliano Perrone (Jira)
• [jira] [Updated] (SYNCOPE-1973) Security auth user enumeration hardening Massimiliano Perrone (Jira)
• [jira] [Commented] (SYNCOPE-1973) Security auth user enumeration hardening ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1973) Security auth user enumeration hardening ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1973) Security auth user enumeration hardening ASF subversion and git services (Jira)
• [PR] Bump spring-cloud-version from 5.0.1 to 5.0.2 [syncope] via GitHub
  • Re: [PR] Bump spring-cloud-version from 5.0.1 to 5.0.2 [syncope] via GitHub
  • Re: [PR] Bump spring-cloud-version from 5.0.1 to 5.0.2 [syncope] via GitHub
  • Re: [PR] Bump spring-cloud-version from 5.0.1 to 5.0.2 [syncope] via GitHub
• [PR] Bump cxf.version from 4.2.1 to 4.2.2 [syncope] via GitHub
  • Re: [PR] Bump cxf.version from 4.2.1 to 4.2.2 [syncope] via GitHub
  • Re: [PR] Bump cxf.version from 4.2.1 to 4.2.2 [syncope] via GitHub
  • Re: [PR] Bump cxf.version from 4.2.1 to 4.2.2 [syncope] via GitHub
• [PR] Bump spring-boot.version from 4.0.6 to 4.1.0 [syncope] via GitHub
  • Re: [PR] Bump spring-boot.version from 4.0.7 to 4.1.0 [syncope] via GitHub
• [jira] [Resolved] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts Jira
• [jira] [Updated] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts Jira
• [jira] [Commented] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts ASF subversion and git services (Jira)
• [PR] Bump org.opensearch.client:opensearch-java from 3.8.0 to 3.9.0 [syncope] via GitHub
  • Re: [PR] Bump org.opensearch.client:opensearch-java from 3.8.0 to 3.9.0 [syncope] via GitHub
  • Re: [PR] Bump org.opensearch.client:opensearch-java from 3.8.0 to 3.9.0 [syncope] via GitHub
• [PR] Bump hibernate.version from 7.4.0.Final to 7.4.1.Final [syncope] via GitHub
  • Re: [PR] Bump hibernate.version from 7.4.0.Final to 7.4.1.Final [syncope] via GitHub
  • Re: [PR] Bump hibernate.version from 7.4.0.Final to 7.4.1.Final [syncope] via GitHub
  • Re: [PR] Bump hibernate.version from 7.4.0.Final to 7.4.1.Final [syncope] via GitHub
• [PR] [SYNCOPE-1976] Add configurable REST rate limiting [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1976] Add configurable REST rate limiting [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1976] Add configurable REST rate limiting [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1976] Add configurable REST rate limiting [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1976] Add configurable REST rate limiting [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1976] Add configurable REST rate limiting [syncope] via GitHub
• [jira] [Created] (SYNCOPE-1976) Add configurable REST rate limiting Massimiliano Perrone (Jira)
• [PR] [SYNCOPE-1975] - Throttle password reset requests [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1975] - Throttle password reset requests [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1975] Throttle password reset requests [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1975] Throttle password reset requests [syncope] via GitHub
• [jira] [Created] (SYNCOPE-1975) Throttle password reset requests Massimiliano Perrone (Jira)
• [PR] Wrapping Flowable's Groovy scriptTasks with security sandbox [syncope] via GitHub
  • Re: [PR] Wrapping Flowable's Groovy scriptTasks with security sandbox [syncope] via GitHub
• [jira] [Commented] (SYNCOPE-1974) Harden password reset errors against user enumeration Jira
  • [jira] [Commented] (SYNCOPE-1974) Harden password reset errors against user enumeration ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1974) Harden password reset errors against user enumeration ASF subversion and git services (Jira)
• [jira] [Resolved] (SYNCOPE-1972) Can't set security question/answer on enduser Jira
• [jira] [Commented] (SYNCOPE-1972) Can't set security question/answer on enduser ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1972) Can't set security question/answer on enduser ASF subversion and git services (Jira)
• [PR] Bump org.openapitools:openapi-generator-maven-plugin from 7.22.0 to 7.23.0 [syncope] via GitHub
  • Re: [PR] Bump org.openapitools:openapi-generator-maven-plugin from 7.22.0 to 7.23.0 [syncope] via GitHub
• [PR] [SYNCOPE-1974] - Avoid password reset user enumeration [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1974] - Avoid password reset user enumeration [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1974] Avoid password reset user enumeration [syncope] via GitHub
• [jira] [Created] (SYNCOPE-1974) Harden password reset errors against user enumeration Massimiliano Perrone (Jira)
• [jira] [Created] (SYNCOPE-1973) Security auth user enumeration hardening Massimiliano Perrone (Jira)
• [PR] [SYNCOPE-1972] set security answer in enduser and fix for password reset [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1972] set security answer in enduser and fix for password reset [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1972] set security answer in enduser and fix for password reset [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1972] set security answer in enduser and fix for password reset [syncope] via GitHub
• [jira] [Assigned] (SYNCOPE-1972) Can't set security question/answer on enduser Samuel Garofalo (Jira)
• [PR] Avoid exposing authentication error details that enable user enumeration [syncope] via GitHub
  • Re: [PR] Avoid exposing authentication error details that enable user enumeration [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1973] Avoid exposing authentication error details that enable user enumeration [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1973] Avoid exposing authentication error details that enable user enumeration [syncope] via GitHub
• [jira] [Created] (SYNCOPE-1972) Can't set security question/answer on enduser Samuel Garofalo (Jira)
• [jira] [Created] (SYNCOPE-1971) Add throttling for repeated failed username/password authentication attempts Massimiliano Perrone (Jira)
• [PR] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1971] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1971] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1971] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1971] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1971] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1971] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1971] Add authentication failure throttling to avoid brute-force attack [syncope] via GitHub
• [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 [syncope] via GitHub
  • Re: [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 [syncope] via GitHub
• Changing maxAuthenticationAttempts behavior Massimiliano Perrone
  • Re: Changing maxAuthenticationAttempts behavior Francesco Chicchiriccò
  • Re: Changing maxAuthenticationAttempts behavior Massimiliano Perrone
  • Re: Changing maxAuthenticationAttempts behavior Francesco Chicchiriccò
  • Re: Changing maxAuthenticationAttempts behavior Lorenzo Di Cola
  • Re: Changing maxAuthenticationAttempts behavior Samuel Garofalo
• [PR] Tighten auth failure lockout threshold [syncope] via GitHub
  • Re: [PR] Tighten auth failure lockout threshold [syncope] via GitHub
  • Re: [PR] Tighten auth failure lockout threshold [syncope] via GitHub
  • Re: [PR] Tighten auth failure lockout threshold [syncope] via GitHub
  • Re: [PR] Tighten auth failure lockout threshold [syncope] via GitHub
  • Re: [PR] Tighten auth failure lockout threshold [syncope] via GitHub
• [PR] Bump pac4j.version from 6.5.2 to 6.5.3 [syncope] via GitHub
  • Re: [PR] Bump pac4j.version from 6.5.2 to 6.5.3 [syncope] via GitHub
• [PR] Improve chartJS wrapper and remove keyword "final" from effectively f… [syncope] via GitHub
  • Re: [PR] Improve chartJS wrapper and remove keyword "final" from effectively f… [syncope] via GitHub
  • Re: [PR] Improve chartJS wrapper and remove keyword "final" from effectively f… [syncope] via GitHub
• [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [syncope] via GitHub
• [PR] Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.6.0.6792 to 5.7.0.6970 [syncope] via GitHub
  • Re: [PR] Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.6.0.6792 to 5.7.0.6970 [syncope] via GitHub
  • Re: [PR] Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.6.0.6792 to 5.7.0.6970 [syncope] via GitHub
  • Re: [PR] Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.6.0.6792 to 5.7.0.6970 [syncope] via GitHub
• [PR] Bump io.zonky.test.postgres:embedded-postgres-binaries-bom from 18.3.0 to 18.4.0 [syncope] via GitHub
  • Re: [PR] Bump io.zonky.test.postgres:embedded-postgres-binaries-bom from 18.3.0 to 18.4.0 [syncope] via GitHub
  • Re: [PR] Bump io.zonky.test.postgres:embedded-postgres-binaries-bom from 18.3.0 to 18.4.0 [syncope] via GitHub
  • Re: [PR] Bump io.zonky.test.postgres:embedded-postgres-binaries-bom from 18.3.0 to 18.4.0 [syncope] via GitHub
• [PR] Upgrading CAS, Pac4j, Elasticsearch and Swagger UI [syncope] via GitHub
  • Re: [PR] Upgrading CAS, Pac4j, Elasticsearch and Swagger UI [syncope] via GitHub
• [PR] Bump org.webjars:swagger-ui from 5.32.5 to 5.32.6 [syncope] via GitHub
  • Re: [PR] Bump org.webjars:swagger-ui from 5.32.5 to 5.32.6 [syncope] via GitHub
  • Re: [PR] Bump org.webjars:swagger-ui from 5.32.5 to 5.32.6 [syncope] via GitHub
  • Re: [PR] Bump org.webjars:swagger-ui from 5.32.5 to 5.32.6 [syncope] via GitHub
• [PR] Bump org.apache.maven.extensions:maven-build-cache-extension from 1.2.2 to 1.2.3 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.extensions:maven-build-cache-extension from 1.2.2 to 1.2.3 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.extensions:maven-build-cache-extension from 1.2.2 to 1.2.3 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.extensions:maven-build-cache-extension from 1.2.2 to 1.2.3 [syncope] via GitHub
• [PR] Bump co.elastic.clients:elasticsearch-java from 9.4.1 to 9.4.2 [syncope] via GitHub
  • Re: [PR] Bump co.elastic.clients:elasticsearch-java from 9.4.1 to 9.4.2 [syncope] via GitHub
  • Re: [PR] Bump co.elastic.clients:elasticsearch-java from 9.4.1 to 9.4.2 [syncope] via GitHub
  • Re: [PR] Bump co.elastic.clients:elasticsearch-java from 9.4.1 to 9.4.2 [syncope] via GitHub
• [jira] [Updated] (SYNCOPE-1970) Scheduled task Groovy implementation not updated when running in cluster Andrea Patricelli (Jira)
  • [jira] [Updated] (SYNCOPE-1970) Scheduled task Groovy implementation not updated when running in cluster Andrea Patricelli (Jira)
• [jira] [Created] (SYNCOPE-1970) Scheduled task Groovy implementation not updated when running in cluster Andrea Patricelli (Jira)
• [PR] Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6 [syncope] via GitHub
• [PR] Bump org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0 [syncope] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0 [syncope] via GitHub
• [PR] Add Path.of to Groovy sandbox blacklist [syncope] via GitHub
  • Re: [PR] Hardening on Groovy sandbox against filesystem and execution bypasses [syncope] via GitHub
• [PR] Bump hibernate.version from 7.3.6.Final to 7.4.0.Final [syncope] via GitHub
  • Re: [PR] Bump hibernate.version from 7.3.6.Final to 7.4.0.Final [syncope] via GitHub
• [PR] Bump co.elastic.clients:elasticsearch-java from 9.4.0 to 9.4.1 [syncope] via GitHub
  • Re: [PR] Bump co.elastic.clients:elasticsearch-java from 9.4.0 to 9.4.1 [syncope] via GitHub
• [jira] [Resolved] (SYNCOPE-1969) Improve setup SAML2 Client Service Provider Jira
• [jira] [Assigned] (SYNCOPE-1969) Improve setup SAML2 Client Service Provider Jira
• [jira] [Commented] (SYNCOPE-1969) Improve setup SAML2 Client Service Provider ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1969) Improve setup SAML2 Client Service Provider ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1969) Improve setup SAML2 Client Service Provider ASF subversion and git services (Jira)
• CVE-2026-42797: Apache Syncope: JexlContextBuilder Information Disclosure Francesco Chicchiriccò
• CVE-2026-42782: Apache Syncope: Post-auth RCE via Groovy static Francesco Chicchiriccò
• [ANN] Apache Syncope 4.0.6 Francesco Chicchiriccò
• [ANN] Apache Syncope 4.1.1 Francesco Chicchiriccò
• [jira] [Updated] (SYNCOPE-1969) Improve setup SAML2 Client Service Provider Jira
• [PR] Bump pac4j.version from 6.4.3 to 6.5.2 [syncope] via GitHub
  • Re: [PR] Bump pac4j.version from 6.4.3 to 6.5.2 [syncope] via GitHub
  • Re: [PR] Bump pac4j.version from 6.4.3 to 6.5.2 [syncope] via GitHub
  • Re: [PR] Bump pac4j.version from 6.4.3 to 6.5.2 [syncope] via GitHub
  • Re: [PR] Bump pac4j.version from 6.4.3 to 6.5.2 [syncope] via GitHub
  • Re: [PR] Bump pac4j.version from 6.4.3 to 6.5.2 [syncope] via GitHub
• [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1969] Adding missing SAMLRegisteredService configurations [syncope] via GitHub
• [jira] [Created] (SYNCOPE-1969) Improve setup SAML2 Client Service Provider Valerio Crescia (Jira)
• [VOTE] Apache Syncope 4.0.6 Francesco Chicchiriccò
  • Re: [VOTE] Apache Syncope 4.0.6 Samuel Garofalo
  • Re: [VOTE] Apache Syncope 4.0.6 Lorenzo Di Cola
  • Re: [VOTE] Apache Syncope 4.0.6 Marco Di Sabatino Di Diodoro
  • Re: [VOTE] Apache Syncope 4.0.6 Fabio Martelli
  • [RESULT] [VOTE] Apache Syncope 4.0.6 Francesco Chicchiriccò
• [VOTE] Apache Syncope 4.1.1 Francesco Chicchiriccò
  • Re: [VOTE] Apache Syncope 4.1.1 Lorenzo Di Cola
  • Re: [VOTE] Apache Syncope 4.1.1 Samuel Garofalo
  • Re: [VOTE] Apache Syncope 4.1.1 Marco Di Sabatino Di Diodoro
  • Re: [VOTE] Apache Syncope 4.1.1 Fabio Martelli
  • [RESULT] [VOTE] Apache Syncope 4.1.1 Francesco Chicchiriccò
• [jira] [Resolved] (SYNCOPE-1968) WA: support CAS multitenancy Jira
• [jira] [Commented] (SYNCOPE-1968) WA: support CAS multitenancy ASF subversion and git services (Jira)
  • [jira] [Commented] (SYNCOPE-1968) WA: support CAS multitenancy ASF subversion and git services (Jira)
• [PR] [SYNCOPE-1968] Initial support for CAS tenants [syncope] via GitHub
  • Re: [PR] [SYNCOPE-1968] Initial support for CAS tenants [syncope] via GitHub
• [jira] [Created] (SYNCOPE-1968) WA: support CAS multitenancy Jira
• JDK 27 Approaches Rampdown | Final Field Mutation Warnings Heads-up David Delabassee via dev
• [PR] Bump com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter from 4.1.1 to 5.0.0 [syncope] via GitHub
  • Re: [PR] Bump com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter from 4.1.1 to 5.0.0 [syncope] via GitHub
  • Re: [PR] Bump com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter from 4.1.1 to 5.0.0 [syncope] via GitHub

• Earlier messages