Hi Anupama, On Tue, Jun 7, 2016 at 8:45 PM, Anupama Pathirage <anup...@wso2.com> wrote:
> Hi Kalpa, > > Checked the suggested approaches and those two issues were resolved after > applying both changes. We will further test the service with the Carbon RC2. > > On Tue, Jun 7, 2016 at 6:15 PM, Kalpa Welivitigoda <kal...@wso2.com> > wrote: > >> Hi Anupama, >> >> On Tue, Jun 7, 2016 at 5:50 PM, Anupama Pathirage <anup...@wso2.com> >> wrote: >> >>> Hi, >>> >>> We got the following issues when testing WSO2 DSS with the Kernel RC2 >>> Release. >>> >>> *1) *Any action on management console gives the following error. It >>> seems to be related with the tomcat upgrade and appreciate your input on >>> this. >>> >>> [2016-06-07 17:21:16,905] ERROR >>> {org.apache.coyote.AbstractProtocol$AbstractConnectionHandler} - Error >>> reading request, ignored >>> java.lang.NoSuchMethodError: org.apache.coyote.Request.getBytesRead()I >>> at org.apache.coyote.RequestInfo.updateCounters(RequestInfo.java:143) >>> at org.apache.coyote.Request.updateCounters(Request.java:533) >>> at >>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1140) >>> at >>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>> at >>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>> at java.lang.Thread.run(Thread.java:745) >>> >> >> Yes, it is due to the tomcat upgrade in kernel, relevant fixes for >> carbon-deployment are already there in 4.6.2-SNAPSHOT. We have to do a >> deployment release once we release 4.4.6-SNAPSHOT. For the moment, for >> testing purpose, is it possible you try with 4.6.2-SNAPSHOT? >> > > Could you please do the needful to release the carbon-deployment 4.6.2 as > DSS 3.5.1 release will be on hold until it is done. > Yes, we will be doing component released once we are done with kernel 4.4.6. > > >> >> >>> >>> *2) *DBS file uploads gives the following error which returns Error 403 >>> - Forbidden >>> >>> [2016-06-07 17:21:16,904] WARN {org.owasp.csrfguard.log.JavaLogger} - >>> potential cross-site request forgery (CSRF) attack thwarted >>> (user:<anonymous>, ip:10.100.7.118, method:POST, >>> uri:/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp, error:required >>> token is missing from the request) >>> >>> >> For this would you please try with adding the following line to >> repository/conf/security/Owasp.CsrfGuard.Carbon.properties, >> >> org.owasp.csrfguard.unprotected.FileUpload=%servletContext%/fileupload/* >> > > Is excluding these patterns from CSRF protection recommended ? > > That we need to discuss with security experts and decide, I just wanted to verify that this is an option to solve the issue. > Regards, > Anupama > >> >> >> >>> Regards, >>> >>> On Tue, Jun 7, 2016 at 4:46 PM, KasunG Gajasinghe <kas...@wso2.com> >>> wrote: >>> >>>> >>>> Others, please continue to testing the pack and report all the issues >>>> so we can check and fix. >>>> >>>> On Tue, Jun 7, 2016 at 2:31 PM, Kasun Bandara <kas...@wso2.com> wrote: >>>> >>>>> Hi Niranjan, >>>>> >>>>> Created [1] to track the equivalent Carbon JIRA. >>>>> >>>>> [1] https://wso2.org/jira/browse/CARBON-15938 >>>>> >>>>> Thanks, >>>>> Kasun. >>>>> >>>>> On Tue, Jun 7, 2016 at 2:23 PM, Niranjan Karunanandham < >>>>> niran...@wso2.com> wrote: >>>>> >>>>>> Hi KasunB, >>>>>> >>>>>> Please create an equivalent JIRA in Kernel in-order to track this. >>>>>> >>>>>> Regards, >>>>>> Nira >>>>>> >>>>>> On Tue, Jun 7, 2016 at 2:11 PM, Kasun Bandara <kas...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> We are having L1 reported in [1] and will be a blocker for IS. >>>>>>> Please hold off the vote proceedings until we find out the root cause of >>>>>>> the issue. Most probably this issue must be originated from user core. >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> Kasun. >>>>>>> >>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4656 >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, Jun 7, 2016 at 11:45 AM, KasunG Gajasinghe <kas...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Viraj, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Jun 7, 2016 at 10:12 AM, Viraj Senevirathne < >>>>>>>> vir...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Hi Kalpa, >>>>>>>>> >>>>>>>>> I tried to build product-esb with kernel RC2 but it failed as >>>>>>>>> package org.apache.velocity 0.0.0 dependency could not be found. >>>>>>>>> >>>>>>>>> *Installation failed.* >>>>>>>>> *Cannot complete the install because one or more required items >>>>>>>>> could not be found.* >>>>>>>>> * Software being installed: WSO2 Carbon - Mediators Feature >>>>>>>>> 4.6.1.SNAPSHOT (org.wso2.carbon.mediators.feature.group >>>>>>>>> 4.6.1.SNAPSHOT)* >>>>>>>>> * Missing requirement: bsf-all 3.0.0.wso2v5 (bsf-all 3.0.0.wso2v5) >>>>>>>>> requires 'package org.apache.velocity 0.0.0' but it could not be >>>>>>>>> found* >>>>>>>>> * Cannot satisfy dependency:* >>>>>>>>> * From: WSO2 Carbon - Mediators Feature 4.6.1.SNAPSHOT >>>>>>>>> (org.wso2.carbon.mediators.feature.group 4.6.1.SNAPSHOT)* >>>>>>>>> * To: org.wso2.carbon.mediators.server.feature.group >>>>>>>>> [4.6.1.SNAPSHOT]* >>>>>>>>> * Cannot satisfy dependency:* >>>>>>>>> * From: WSO2 Carbon - All Mediators Server Feature 4.6.1.SNAPSHOT >>>>>>>>> (org.wso2.carbon.mediators.server.feature.group 4.6.1.SNAPSHOT)* >>>>>>>>> * To: bsf-all [3.0.0.wso2v5,3.1.0)* >>>>>>>>> *Application failed, log file location: >>>>>>>>> /home/virajrs/.m2/repository/org/eclipse/tycho/tycho-p2-runtime/0.13.0/eclipse/configuration/1465274241567.log* >>>>>>>>> >>>>>>>>> How can we overcome this? >>>>>>>>> >>>>>>>> >>>>>>>> To fix security vulnerabilities, we have upgraded the opensaml >>>>>>>> orbit bundle to the latest. In that process, IS folks have fixed >>>>>>>> issues in >>>>>>>> the old opensaml orbit to conform to the new orbit guidelines. In that >>>>>>>> process, the org.apache.velocity packages were removed from opensaml. >>>>>>>> If >>>>>>>> you need opensaml, then you should include this feature [1]. >>>>>>>> >>>>>>>> You shouldn't be using velocity packages directly that is coming >>>>>>>> from opensaml. If you only need velocity, then your feature need to >>>>>>>> include >>>>>>>> velocity orbit. >>>>>>>> >>>>>>>> [1] >>>>>>>> https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/master/features/org.wso2.carbon.identity.sso.saml.server.feature/pom.xml >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Thank You, >>>>>>>>> >>>>>>>>> On Tue, Jun 7, 2016 at 8:32 AM, Kalpa Welivitigoda < >>>>>>>>> kal...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> Hi Devs, >>>>>>>>>> >>>>>>>>>> This is the 2nd release candidate of WSO2 Carbon Kernel 4.4.6. >>>>>>>>>> >>>>>>>>>> This release fixes the following issues: >>>>>>>>>> https://wso2.org/jira/issues/?filter=13090 >>>>>>>>>> >>>>>>>>>> Please download and test your products with kernel 4.4.6 RC1 and >>>>>>>>>> vote. Vote will be open for 72 hours or as longer as needed. >>>>>>>>>> >>>>>>>>>> Source and binary distribution files: >>>>>>>>>> >>>>>>>>>> http://svn.wso2.org/repos/wso2/people/kalpaw/wso2carbon-4.4.6/wso2carbon-4.4.6-rc2.zip >>>>>>>>>> >>>>>>>>>> Maven staging repository: >>>>>>>>>> >>>>>>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-1023/ >>>>>>>>>> >>>>>>>>>> The tag to be voted upon: >>>>>>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.6-rc2 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> [ ] Broken - do not release (explain why) >>>>>>>>>> [ ] Stable - go ahead and release >>>>>>>>>> >>>>>>>>>> Thank you >>>>>>>>>> Carbon Team >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Best Regards, >>>>>>>>>> >>>>>>>>>> Kalpa Welivitigoda >>>>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>>>> Email: kal...@wso2.com >>>>>>>>>> Mobile: +94776509215 >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> Dev@wso2.org >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Viraj Senevirathne >>>>>>>>> Software Engineer; WSO2, Inc. >>>>>>>>> >>>>>>>>> Mobile : +94 71 958 0269 >>>>>>>>> Email : vir...@wso2.com >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> Dev@wso2.org >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >>>>>>>> email: kasung AT spamfree wso2.com >>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>>> blog: http://kasunbg.org >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> Dev@wso2.org >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Kasun Bandara >>>>>>> *Software Engineer* >>>>>>> Mobile : +94 (0) 718 338 360 >>>>>>> <%2B94%20%280%29%20773%20451194> >>>>>>> kas...@wso2.com <thili...@wso2.com> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> *Niranjan Karunanandham* >>>>>> Associate Technical Lead - WSO2 Inc. >>>>>> WSO2 Inc.: http://www.wso2.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Kasun Bandara >>>>> *Software Engineer* >>>>> Mobile : +94 (0) 718 338 360 >>>>> <%2B94%20%280%29%20773%20451194> >>>>> kas...@wso2.com <thili...@wso2.com> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >>>> email: kasung AT spamfree wso2.com >>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>> blog: http://kasunbg.org >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Anupama Pathirage >>> Associate Technical Lead >>> WSO2, Inc. http://wso2.com/ >>> Email: anup...@wso2.com >>> Mobile:+94 71 8273 979 >>> Blog:http://mycodeideas.blogspot.com/ >>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Best Regards, >> >> Kalpa Welivitigoda >> Software Engineer, WSO2 Inc. http://wso2.com >> Email: kal...@wso2.com >> Mobile: +94776509215 >> > > > > -- > Anupama Pathirage > Associate Technical Lead > WSO2, Inc. http://wso2.com/ > Email: anup...@wso2.com > Mobile:+94 71 8273 979 > Blog:http://mycodeideas.blogspot.com/ > > > -- Best Regards, Kalpa Welivitigoda Software Engineer, WSO2 Inc. http://wso2.com Email: kal...@wso2.com Mobile: +94776509215
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev