FYI I had to push an additional commit both on 2_0_X and 2_1_X to complete FOP upgrade, but now tests seem to be fine again.
Regards. On 23/04/20 12:40, Colm O hEigeartaigh wrote: > Awesome, thanks :-) > > Colm. > > On Thu, Apr 23, 2020 at 11:00 AM Francesco Chicchiriccò <ilgro...@apache.org> > wrote: > >> On 23/04/20 11:41, Francesco Chicchiriccò wrote: >>> On 23/04/20 11:27, Colm O hEigeartaigh wrote: >>>> Hi Francesco, >>>> >>>> +1, but could we look at updating a few more security vulnerabilities? >>>> >>>> - CVE-2018-8036 could be fixed by updating XML Graphics 2.3 -> 2.4 >>> This can be done both for 2_0_X and 2_1_X as FOP 2.4 retains Java 7 >>> compatibility, as 2_0_X does. >>>> - CVE-2018-10237 could be fixed by updating Guava >= 2.24.x >>> According to >>> >>> https://guava.dev/ >>> >>> we need to use the Android flavor on 2_0_X, because of Java 7 compatibility. >>> Under this condition, we can upgrade all branches to latest Guava 29.0 >>> (which should only required by Swagger UI if I am not mistaking). >>> >>> I'll do the checks and push upgrades. >> Upgrades committed: >> >> 2_0_X: >> https://github.com/apache/syncope/commit/2f4b898bb71383dcaa59481ebf1c90c46a54ae22 >> 2_1_X >> <https://github.com/apache/syncope/commit/2f4b898bb71383dcaa59481ebf1c90c46a54ae222_1_X>: >> >> https://github.com/apache/syncope/commit/d2f742d2ed23ab1f9f925a02d0d3be4308b2a102 >> master: >> https://github.com/apache/syncope/commit/ffffa48cbe79fb9babef64a4890ee3c55c3c5b81 >> >> Regards. >> >>>> On Thu, Apr 23, 2020 at 8:47 AM Francesco Chicchiriccò >>>> <ilgro...@apache.org> wrote: >>>> >>>> Hi all, >>>> resuming this thread after one week: shall we proceed with releases? >>>> >>>> Regards. >>>> >>>> On 16/04/20 14:17, Andrea Patricelli wrote: >>>> >>>> Hi all, >>>> >>>> we are going to develop last improvement that consists in a custom layout >>>> for linked account wizard. Thus we would like to wait for this last >>>> improvement before the release. >>>> >>>> Best regards, >>>> Andrea >>>> >>>> Il 14/04/20 11:58, Francesco Chicchiriccò ha scritto: >>>> >>>> Hi there, >>>> I think it's about time to start preparing Syncope 2.1.6 / 2.0.15 (several >>>> fixes and improvement, time passed since previous releases, ..). >>>> >>>> If you have any pending change or fix, please either finalize as soon as >>>> possible or let's postpone. >>>> WDYT? >>>> -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
