Thanks, Richard!! On Mon, Nov 18, 2019 at 3:44 AM Zowalla, Richard < richard.zowa...@hs-heilbronn.de> wrote:
> Did not find anything with the owasp plugin profile. Should be fine (for > now). > > > Am Mittwoch, den 13.11.2019, 08:25 -0600 schrieb Richard Monson-Haefel: > > Excellent! Thanks, Richard! > > On Wed, Nov 13, 2019 at 8:18 AM Zowalla, Richard < > richard.zowa...@hs-heilbronn.de> wrote: > > Ok, John did comment in the JIRA, that the upgrades are already conducted > in previous commits. > I will run an OWASP scan on the code. If this reveals some more vulnerable > dependencies, I will report in the JIRA and provide a PR, if possible. > > Best, > Richard Z. > > Am Mittwoch, den 13.11.2019, 14:08 +0000 schrieb Zowalla, Richard: > > Alright, I will proceed :) > > Best, > Richard > > Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-Haefel: > > If you don't mind, Richard, can you do the upgrades and create a PR? We > can let it run overnight and see how it goes. > > I'm not sure as to what the best policy is for announcing the CVE so that > people know to upgrade. I think we should figure that out after the ci has > run. As an alternative you can run the full test suite on your own machine > (takes about an hour or something like that) and see if you pick up any > errors. I did this yesterday with a different PR but I don't have the > extra cycles to do it again today. > > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard < > richard.zowa...@hs-heilbronn.de> wrote: > > Sounds reasonable to me. If I can assist in upgrading, let me know. > > However, we should publish the link to the ASF CI somewhere, so we can > better monitor the current build status. > > Best, > Richard Z > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel: > > Is this a matter of upgrading and testing or is there more to it than > > that? If that's it we can create a PR with the updates and let the asf ci > > run the tests and look for problems. > > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois < > > francois.courta...@thalesgroup.com> wrote: > > > Hello, > > > Could you take this JIRA entry ( > > https://issues.apache.org/jira/browse/TOMEE-2737) into account please ? > > > Best Regard. > > > > > ________________________________ > > This message and any attachments are intended solely for the addressees > > and may contain confidential information. Any unauthorized use or > > disclosure, either whole or partial, is prohibited. > > E-mails are susceptible to alteration. Our company shall not be liable for > > the message if altered, changed or falsified. If you are not the intended > > recipient of this message, please delete it and notify the sender. > > Although all reasonable efforts have been made to keep this transmission > > free from viruses, the sender will not be liable for damages caused by a > > transmitted virus. > > > > > > -- > > > > > -- > > > > > -- > > > -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/