+Dulanja, +Ayoma On Fri, Jun 10, 2016 at 6:36 PM, Geeth Munasinghe <ge...@wso2.com> wrote:
> > > On Fri, Jun 10, 2016 at 6:10 PM, KasunG Gajasinghe <kas...@wso2.com> > wrote: > >> Hi Geeth, >> >> On Fri, Jun 10, 2016 at 5:09 PM, Geeth Munasinghe <ge...@wso2.com> wrote: >> >>> Hi Kasun, >>> >>> >>> On Fri, Jun 10, 2016 at 4:10 PM, KasunG Gajasinghe <kas...@wso2.com> >>> wrote: >>> >>>> Hi Bhathiya, >>>> >>>> On Fri, Jun 10, 2016 at 3:19 PM, Bhathiya Jayasekara <bhath...@wso2.com >>>> > wrote: >>>> >>>>> Hi Kalpa, >>>>> >>>>> I tried to do a smoke test. But I can't login to any jaggery app, due >>>>> to the same error. So I think we have 2 options here. >>>>> >>>>> 1) Modify default jks to accept * (wildcard) hostname. >>>>> 2) Introduce some config or system variable to disable hostname >>>>> verification, read it from everywhere we use http client in our platform >>>>> and disable/enable it. >>>>> >>>>> >>>> Both these options introduce security vulnerabilities, so I don't think >>>> we should do either. >>>> >>>> Your jaggery apps are calling AuthenticationAdmin service endpoint >>>> which is in the same JVM. So, it is an in-jvm call. You should be using the >>>> local transport for that. For that, you can get the server url through the >>>> *ServerURL >>>> *attribute in the carbon.xml. Then, append the service name at the >>>> end. Now, you have the endpoint you need to call. >>>> >>> >>> In EMM, we have implemented CXF restful web services for all our admin >>> services and device communications. And also EMM has jaggery application >>> for doing all admin functionalities. So in our case we are not able to use >>> the local transport because it is only for axis2 services. All of those EMM >>> rest apis are protected by oauth and using HTTPS transport. Will there be >>> any concern for someone who is using the OOB EMM to as Bathiya had ? (FYI : >>> EMM is still in kernel version 4.4.3, so we do not have this now). If a >>> someone has to create a create keystore in order to use the OOB pack, they >>> would be a problem. >>> >>> >> >> For the default pack, can you use localhost as the hostname instead since >> local transport is not available for services other than axis2-based >> services? I agree, the default pack should work with the self-signed >> certificate. >> > > That would be problematic because even devices are connecting to the > server, they use ip to do so. > This is a client-side error where the client-side validates the server's common name. The clients can very well use IP addresses if the client does not need to validate the server. > AFAIK some machines may not have "localhost" pointed to 127.0.0.1 in DNS > settings. > As I've seen all major distributions have this mapping. But, using localhost is a suggestion. There might be other alternatives. > This will cause errors. And AFAIU this fix will cause us to create a > keystore when do a cluster of the product. Because default keystore's CN is > localhost, therefore it cannot be used in a cluster. (In a way, that is > ok). As a suggestion, can we have flag to off the host name verification > in OOB pack. > Adding security people to get feedback on this. We need to see possible vulnerabilities it could introduce and come to a compromise. > > >> >> >>> >>>> Further, I have tested after changing the ServerURL from local to https >>>> transport to see how it works. Then, I noticed the same issue when logging >>>> into the mgt console as well. But it is fine since if a customer need to >>>> use https transport, then they need to have their own keystore. >>>> >>>> In summary, you will need to fix your jaggery apps. I don't see this as >>>> a problem for this release. >>>> >>>> Thanks, >>>> KasunG >>>> >>>> >>>>> I think option 1 is the most feasible . WDYT? >>>>> >>>>> Thanks, >>>>> Bhathiya >>>>> >>>>> On Fri, Jun 10, 2016 at 2:37 PM, Bhathiya Jayasekara < >>>>> bhath...@wso2.com> wrote: >>>>> >>>>>> Hi Kalpa, >>>>>> >>>>>> Thanks. I'll try to fix that. >>>>>> >>>>>> Regards, >>>>>> Bhathiya >>>>>> >>>>>> On Fri, Jun 10, 2016 at 2:31 PM, Kalpa Welivitigoda <kal...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi Bhathiya, >>>>>>> >>>>>>> We are using a newer version of httpclient orbit >>>>>>> (commons-httpclient-3.1.0.wso2v3.jar) in kernel 4.4.6 and it verify the >>>>>>> host name. You will be able to get it fixed from your test module. >>>>>>> >>>>>>> On Fri, Jun 10, 2016 at 1:02 PM, Bhathiya Jayasekara < >>>>>>> bhath...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi Kalpa, >>>>>>>> >>>>>>>> I'm getting this error while running tests with new kernel. Any >>>>>>>> idea why? >>>>>>>> >>>>>>>> [2016-06-10 12:45:49,077] INFO - HTTPSender Unable to sendViaPost >>>>>>>> to url[https://10.100.0.189:9943//services/AuthenticationAdmin] >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - >>>>>>>> javax.net.ssl.SSLException: hostname in certificate didn't match: >>>>>>>> <10.100.0.189> != </localhost> >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:260) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:169) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.authenticator.stub.AuthenticationAdminStub.login(AuthenticationAdminStub.java:659) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_login(APIStoreHostObject.java:638) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> java.lang.reflect.Method.invoke(Method.java:498) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.modules.user.c1._c_anonymous_1(/store/modules/user/login.jag:19) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.modules.user.c1.call(/store/modules/user/login.jag) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.modules.user.c0._c_anonymous_5(/store/modules/user/module.jag:21) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.modules.user.c0.call(/store/modules/user/module.jag) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0._c_anonymous_1(/store/site/blocks/user/login/ajax/login.jag:93) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.call(/store/site/blocks/user/login/ajax/login.jag) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0._c_script_0(/store/site/blocks/user/login/ajax/login.jag:4) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.call(/store/site/blocks/user/login/ajax/login.jag) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.call(/store/site/blocks/user/login/ajax/login.jag) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.exec(/store/site/blocks/user/login/ajax/login.jag) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>>>>> INFO >>>>>>>> [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] >>>>>>>> - at >>>>>>>> java.lang.Thread.run(Thread.java:745) >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Bhathiya >>>>>>>> >>>>>>>> On Fri, Jun 10, 2016 at 11:43 AM, Viraj Senevirathne < >>>>>>>> vir...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Hi Kalpa, >>>>>>>>> >>>>>>>>> We ran all the integration tests in product-esb with kernel 4.4.6 >>>>>>>>> RC2 and found no test failures. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> On Fri, Jun 10, 2016 at 9:38 AM, Rajith Roshan <raji...@wso2.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi all, >>>>>>>>>> >>>>>>>>>> We were able to build the G-Reg pack and able to run all the >>>>>>>>>> integration tests without failures. We will send PRs for jasper >>>>>>>>>> report >>>>>>>>>> orbit bundle and carbon commons, once the kernel 4.4.6 is released. >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> Rajith >>>>>>>>>> >>>>>>>>>> On Thu, Jun 9, 2016 at 6:40 PM, Viraj Senevirathne < >>>>>>>>>> vir...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> We were able to build the ESB pack after including velocity >>>>>>>>>>> bundle to the mediator feature. Now we are running integration >>>>>>>>>>> tests with >>>>>>>>>>> the pack. Will update the thread with results. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> >>>>>>>>>>> On Thu, Jun 9, 2016 at 10:39 AM, Rajith Roshan <raji...@wso2.com >>>>>>>>>>> > wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi all, >>>>>>>>>>>> >>>>>>>>>>>> Since jasper reports orbit bundle requires org.apache.velocity >>>>>>>>>>>> and org.apache.poi.* packages, we need to upgrade the import >>>>>>>>>>>> package >>>>>>>>>>>> versions for those packages in jasper orbit bundle. Subsequently >>>>>>>>>>>> carbon-commons release would be required with updated jasper >>>>>>>>>>>> orbit bundle >>>>>>>>>>>> version. We will send the PRs with the relevant changes. >>>>>>>>>>>> Currently we are running integration tests for product-greg. >>>>>>>>>>>> >>>>>>>>>>>> Thanks! >>>>>>>>>>>> Rajith >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Jun 8, 2016 at 12:20 PM, Kalpa Welivitigoda < >>>>>>>>>>>> kal...@wso2.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> [+Ayoma, Dulanja] >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Jun 8, 2016 at 12:17 PM, Anupama Pathirage < >>>>>>>>>>>>> anup...@wso2.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Kalpa, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks for the update. Please update us with the solution >>>>>>>>>>>>>> for CSRF security issue. We get the same issue for the DSS try >>>>>>>>>>>>>> it as well. >>>>>>>>>>>>>> >>>>>>>>>>>>>> [2016-06-08 11:55:28,396] WARN >>>>>>>>>>>>>> {org.owasp.csrfguard.log.JavaLogger} - potential cross-site >>>>>>>>>>>>>> request >>>>>>>>>>>>>> forgery (CSRF) attack thwarted (user:<anonymous>, >>>>>>>>>>>>>> ip:10.100.7.118, >>>>>>>>>>>>>> method:POST, >>>>>>>>>>>>>> uri:/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp, >>>>>>>>>>>>>> error:required token is missing from the request) >>>>>>>>>>>>>> >>>>>>>>>>>>>> Private proxy protocol will be attempted as cross-domain >>>>>>>>>>>>>> browser restrictions might be enforced for this endpoint. >>>>>>>>>>>>>> >>>>>>>>>>>>>> <TryitClient xmlns="http://tryit.carbon.wso2.org"> >>>>>>>>>>>>>> <Reason>Error connecting to the Tryit ajax proxy</Reason> >>>>>>>>>>>>>> </TryitClient> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Jun 8, 2016 at 8:45 AM, Kasun Bandara < >>>>>>>>>>>>>> kas...@wso2.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> We have done the fix for L1 reported in [1] yesterday. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>> Kasun. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4656 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Jun 8, 2016 at 7:00 AM, Kalpa Welivitigoda < >>>>>>>>>>>>>>> kal...@wso2.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Anupama, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 8:45 PM, Anupama Pathirage < >>>>>>>>>>>>>>>> anup...@wso2.com> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Kalpa, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Checked the suggested approaches and those two issues were >>>>>>>>>>>>>>>>> resolved after applying both changes. We will further test >>>>>>>>>>>>>>>>> the service with >>>>>>>>>>>>>>>>> the Carbon RC2. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 6:15 PM, Kalpa Welivitigoda < >>>>>>>>>>>>>>>>> kal...@wso2.com> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Anupama, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 5:50 PM, Anupama Pathirage < >>>>>>>>>>>>>>>>>> anup...@wso2.com> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> We got the following issues when testing WSO2 DSS with >>>>>>>>>>>>>>>>>>> the Kernel RC2 Release. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> *1) *Any action on management console gives the >>>>>>>>>>>>>>>>>>> following error. It seems to be related with the tomcat >>>>>>>>>>>>>>>>>>> upgrade and >>>>>>>>>>>>>>>>>>> appreciate your input on this. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [2016-06-07 17:21:16,905] ERROR >>>>>>>>>>>>>>>>>>> {org.apache.coyote.AbstractProtocol$AbstractConnectionHandler} >>>>>>>>>>>>>>>>>>> - Error >>>>>>>>>>>>>>>>>>> reading request, ignored >>>>>>>>>>>>>>>>>>> java.lang.NoSuchMethodError: >>>>>>>>>>>>>>>>>>> org.apache.coyote.Request.getBytesRead()I >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.apache.coyote.RequestInfo.updateCounters(RequestInfo.java:143) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.apache.coyote.Request.updateCounters(Request.java:533) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1140) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>>>>>>>>>>>>>>>> at >>>>>>>>>>>>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>>>>>>>>>>>>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Yes, it is due to the tomcat upgrade in kernel, relevant >>>>>>>>>>>>>>>>>> fixes for carbon-deployment are already there in >>>>>>>>>>>>>>>>>> 4.6.2-SNAPSHOT. We have to >>>>>>>>>>>>>>>>>> do a deployment release once we release 4.4.6-SNAPSHOT. For >>>>>>>>>>>>>>>>>> the moment, for >>>>>>>>>>>>>>>>>> testing purpose, is it possible you try with 4.6.2-SNAPSHOT? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Could you please do the needful to release the >>>>>>>>>>>>>>>>> carbon-deployment 4.6.2 as DSS 3.5.1 release will be on hold >>>>>>>>>>>>>>>>> until it is >>>>>>>>>>>>>>>>> done. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Yes, we will be doing component released once we are done >>>>>>>>>>>>>>>> with kernel 4.4.6. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> *2) *DBS file uploads gives the following error which >>>>>>>>>>>>>>>>>>> returns Error 403 - Forbidden >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [2016-06-07 17:21:16,904] WARN >>>>>>>>>>>>>>>>>>> {org.owasp.csrfguard.log.JavaLogger} - potential >>>>>>>>>>>>>>>>>>> cross-site request >>>>>>>>>>>>>>>>>>> forgery (CSRF) attack thwarted (user:<anonymous>, >>>>>>>>>>>>>>>>>>> ip:10.100.7.118, >>>>>>>>>>>>>>>>>>> method:POST, >>>>>>>>>>>>>>>>>>> uri:/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp, >>>>>>>>>>>>>>>>>>> error:required token is missing from the request) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> For this would you please try with adding the following >>>>>>>>>>>>>>>>>> line to >>>>>>>>>>>>>>>>>> repository/conf/security/Owasp.CsrfGuard.Carbon.properties, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> org.owasp.csrfguard.unprotected.FileUpload=%servletContext%/fileupload/* >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Is excluding these patterns from CSRF protection >>>>>>>>>>>>>>>>> recommended ? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> That we need to discuss with security experts and decide, I >>>>>>>>>>>>>>>> just wanted to verify that this is an option to solve the >>>>>>>>>>>>>>>> issue. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>> Anupama >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 4:46 PM, KasunG Gajasinghe < >>>>>>>>>>>>>>>>>>> kas...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Others, please continue to testing the pack and report >>>>>>>>>>>>>>>>>>>> all the issues so we can check and fix. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 2:31 PM, Kasun Bandara < >>>>>>>>>>>>>>>>>>>> kas...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi Niranjan, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Created [1] to track the equivalent Carbon JIRA. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> [1] https://wso2.org/jira/browse/CARBON-15938 >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>> Kasun. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 2:23 PM, Niranjan Karunanandham >>>>>>>>>>>>>>>>>>>>> <niran...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hi KasunB, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Please create an equivalent JIRA in Kernel in-order >>>>>>>>>>>>>>>>>>>>>> to track this. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>> Nira >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 2:11 PM, Kasun Bandara < >>>>>>>>>>>>>>>>>>>>>> kas...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> We are having L1 reported in [1] and will be a blocker >>>>>>>>>>>>>>>>>>>>>>> for IS. Please hold off the vote proceedings until we >>>>>>>>>>>>>>>>>>>>>>> find out the root >>>>>>>>>>>>>>>>>>>>>>> cause of the issue. Most probably this issue must be >>>>>>>>>>>>>>>>>>>>>>> originated from user >>>>>>>>>>>>>>>>>>>>>>> core. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>>>> Kasun. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4656 >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 11:45 AM, KasunG Gajasinghe < >>>>>>>>>>>>>>>>>>>>>>> kas...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Hi Viraj, >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 10:12 AM, Viraj Senevirathne >>>>>>>>>>>>>>>>>>>>>>>> <vir...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Hi Kalpa, >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> I tried to build product-esb with kernel RC2 but >>>>>>>>>>>>>>>>>>>>>>>>> it failed as package org.apache.velocity 0.0.0 >>>>>>>>>>>>>>>>>>>>>>>>> dependency could not be >>>>>>>>>>>>>>>>>>>>>>>>> found. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> *Installation failed.* >>>>>>>>>>>>>>>>>>>>>>>>> *Cannot complete the install because one or more >>>>>>>>>>>>>>>>>>>>>>>>> required items could not be found.* >>>>>>>>>>>>>>>>>>>>>>>>> * Software being installed: WSO2 Carbon - >>>>>>>>>>>>>>>>>>>>>>>>> Mediators Feature 4.6.1.SNAPSHOT >>>>>>>>>>>>>>>>>>>>>>>>> (org.wso2.carbon.mediators.feature.group >>>>>>>>>>>>>>>>>>>>>>>>> 4.6.1.SNAPSHOT)* >>>>>>>>>>>>>>>>>>>>>>>>> * Missing requirement: bsf-all 3.0.0.wso2v5 >>>>>>>>>>>>>>>>>>>>>>>>> (bsf-all 3.0.0.wso2v5) requires 'package >>>>>>>>>>>>>>>>>>>>>>>>> org.apache.velocity 0.0.0' but it >>>>>>>>>>>>>>>>>>>>>>>>> could not be found* >>>>>>>>>>>>>>>>>>>>>>>>> * Cannot satisfy dependency:* >>>>>>>>>>>>>>>>>>>>>>>>> * From: WSO2 Carbon - Mediators Feature >>>>>>>>>>>>>>>>>>>>>>>>> 4.6.1.SNAPSHOT >>>>>>>>>>>>>>>>>>>>>>>>> (org.wso2.carbon.mediators.feature.group >>>>>>>>>>>>>>>>>>>>>>>>> 4.6.1.SNAPSHOT)* >>>>>>>>>>>>>>>>>>>>>>>>> * To: >>>>>>>>>>>>>>>>>>>>>>>>> org.wso2.carbon.mediators.server.feature.group >>>>>>>>>>>>>>>>>>>>>>>>> [4.6.1.SNAPSHOT]* >>>>>>>>>>>>>>>>>>>>>>>>> * Cannot satisfy dependency:* >>>>>>>>>>>>>>>>>>>>>>>>> * From: WSO2 Carbon - All Mediators Server >>>>>>>>>>>>>>>>>>>>>>>>> Feature 4.6.1.SNAPSHOT >>>>>>>>>>>>>>>>>>>>>>>>> (org.wso2.carbon.mediators.server.feature.group >>>>>>>>>>>>>>>>>>>>>>>>> 4.6.1.SNAPSHOT)* >>>>>>>>>>>>>>>>>>>>>>>>> * To: bsf-all [3.0.0.wso2v5,3.1.0)* >>>>>>>>>>>>>>>>>>>>>>>>> *Application failed, log file location: >>>>>>>>>>>>>>>>>>>>>>>>> /home/virajrs/.m2/repository/org/eclipse/tycho/tycho-p2-runtime/0.13.0/eclipse/configuration/1465274241567.log* >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> How can we overcome this? >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> To fix security vulnerabilities, we have upgraded >>>>>>>>>>>>>>>>>>>>>>>> the opensaml orbit bundle to the latest. In that >>>>>>>>>>>>>>>>>>>>>>>> process, IS folks have >>>>>>>>>>>>>>>>>>>>>>>> fixed issues in the old opensaml orbit to conform to >>>>>>>>>>>>>>>>>>>>>>>> the new orbit >>>>>>>>>>>>>>>>>>>>>>>> guidelines. In that process, the org.apache.velocity >>>>>>>>>>>>>>>>>>>>>>>> packages were removed >>>>>>>>>>>>>>>>>>>>>>>> from opensaml. If you need opensaml, then you should >>>>>>>>>>>>>>>>>>>>>>>> include this feature >>>>>>>>>>>>>>>>>>>>>>>> [1]. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> You shouldn't be using velocity packages directly >>>>>>>>>>>>>>>>>>>>>>>> that is coming from opensaml. If you only need >>>>>>>>>>>>>>>>>>>>>>>> velocity, then your feature >>>>>>>>>>>>>>>>>>>>>>>> need to include velocity orbit. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [1] >>>>>>>>>>>>>>>>>>>>>>>> https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/master/features/org.wso2.carbon.identity.sso.saml.server.feature/pom.xml >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Thank You, >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 8:32 AM, Kalpa Welivitigoda >>>>>>>>>>>>>>>>>>>>>>>>> <kal...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Hi Devs, >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> This is the 2nd release candidate of WSO2 Carbon >>>>>>>>>>>>>>>>>>>>>>>>>> Kernel 4.4.6. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> This release fixes the following issues: >>>>>>>>>>>>>>>>>>>>>>>>>> https://wso2.org/jira/issues/?filter=13090 >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Please download and test your products with >>>>>>>>>>>>>>>>>>>>>>>>>> kernel 4.4.6 RC1 and vote. Vote will be open for 72 >>>>>>>>>>>>>>>>>>>>>>>>>> hours or as longer as >>>>>>>>>>>>>>>>>>>>>>>>>> needed. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Source and binary distribution files: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> http://svn.wso2.org/repos/wso2/people/kalpaw/wso2carbon-4.4.6/wso2carbon-4.4.6-rc2.zip >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Maven staging repository: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-1023/ >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> The tag to be voted upon: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.6-rc2 >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [ ] Broken - do not release (explain why) >>>>>>>>>>>>>>>>>>>>>>>>>> [ ] Stable - go ahead and release >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Thank you >>>>>>>>>>>>>>>>>>>>>>>>>> Carbon Team >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Kalpa Welivitigoda >>>>>>>>>>>>>>>>>>>>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>>>>>>>>>>>>>>>>>>>> Email: kal...@wso2.com >>>>>>>>>>>>>>>>>>>>>>>>>> Mobile: +94776509215 >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>> Viraj Senevirathne >>>>>>>>>>>>>>>>>>>>>>>>> Software Engineer; WSO2, Inc. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Mobile : +94 71 958 0269 >>>>>>>>>>>>>>>>>>>>>>>>> Email : vir...@wso2.com >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 >>>>>>>>>>>>>>>>>>>>>>>> Inc. >>>>>>>>>>>>>>>>>>>>>>>> email: kasung AT spamfree wso2.com >>>>>>>>>>>>>>>>>>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>>>>>>>>>>>>>>>>>>> blog: http://kasunbg.org >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>> Kasun Bandara >>>>>>>>>>>>>>>>>>>>>>> *Software Engineer* >>>>>>>>>>>>>>>>>>>>>>> Mobile : +94 (0) 718 338 360 >>>>>>>>>>>>>>>>>>>>>>> <%2B94%20%280%29%20773%20451194> >>>>>>>>>>>>>>>>>>>>>>> kas...@wso2.com <thili...@wso2.com> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> *Niranjan Karunanandham* >>>>>>>>>>>>>>>>>>>>>> Associate Technical Lead - WSO2 Inc. >>>>>>>>>>>>>>>>>>>>>> WSO2 Inc.: http://www.wso2.com >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> Kasun Bandara >>>>>>>>>>>>>>>>>>>>> *Software Engineer* >>>>>>>>>>>>>>>>>>>>> Mobile : +94 (0) 718 338 360 >>>>>>>>>>>>>>>>>>>>> <%2B94%20%280%29%20773%20451194> >>>>>>>>>>>>>>>>>>>>> kas...@wso2.com <thili...@wso2.com> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >>>>>>>>>>>>>>>>>>>> email: kasung AT spamfree wso2.com >>>>>>>>>>>>>>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>>>>>>>>>>>>>>> blog: http://kasunbg.org >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> Anupama Pathirage >>>>>>>>>>>>>>>>>>> Associate Technical Lead >>>>>>>>>>>>>>>>>>> WSO2, Inc. http://wso2.com/ >>>>>>>>>>>>>>>>>>> Email: anup...@wso2.com >>>>>>>>>>>>>>>>>>> Mobile:+94 71 8273 979 >>>>>>>>>>>>>>>>>>> Blog:http://mycodeideas.blogspot.com/ >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Kalpa Welivitigoda >>>>>>>>>>>>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>>>>>>>>>>>> Email: kal...@wso2.com >>>>>>>>>>>>>>>>>> Mobile: +94776509215 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> Anupama Pathirage >>>>>>>>>>>>>>>>> Associate Technical Lead >>>>>>>>>>>>>>>>> WSO2, Inc. http://wso2.com/ >>>>>>>>>>>>>>>>> Email: anup...@wso2.com >>>>>>>>>>>>>>>>> Mobile:+94 71 8273 979 >>>>>>>>>>>>>>>>> Blog:http://mycodeideas.blogspot.com/ >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Kalpa Welivitigoda >>>>>>>>>>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>>>>>>>>>> Email: kal...@wso2.com >>>>>>>>>>>>>>>> Mobile: +94776509215 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Kasun Bandara >>>>>>>>>>>>>>> *Software Engineer* >>>>>>>>>>>>>>> Mobile : +94 (0) 718 338 360 >>>>>>>>>>>>>>> <%2B94%20%280%29%20773%20451194> >>>>>>>>>>>>>>> kas...@wso2.com <thili...@wso2.com> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Anupama Pathirage >>>>>>>>>>>>>> Associate Technical Lead >>>>>>>>>>>>>> WSO2, Inc. http://wso2.com/ >>>>>>>>>>>>>> Email: anup...@wso2.com >>>>>>>>>>>>>> Mobile:+94 71 8273 979 >>>>>>>>>>>>>> Blog:http://mycodeideas.blogspot.com/ >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>> >>>>>>>>>>>>> Kalpa Welivitigoda >>>>>>>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>>>>>>> Email: kal...@wso2.com >>>>>>>>>>>>> Mobile: +94776509215 >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Rajith Roshan >>>>>>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>>>>>> Mobile: +94-72-642-8350 <%2B94-71-554-8430> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Viraj Senevirathne >>>>>>>>>>> Software Engineer; WSO2, Inc. >>>>>>>>>>> >>>>>>>>>>> Mobile : +94 71 958 0269 >>>>>>>>>>> Email : vir...@wso2.com >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rajith Roshan >>>>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>>>> Mobile: +94-72-642-8350 <%2B94-71-554-8430> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Viraj Senevirathne >>>>>>>>> Software Engineer; WSO2, Inc. >>>>>>>>> >>>>>>>>> Mobile : +94 71 958 0269 >>>>>>>>> Email : vir...@wso2.com >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> Dev@wso2.org >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Bhathiya Jayasekara* >>>>>>>> *Senior Software Engineer,* >>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>>> >>>>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>>> <https://twitter.com/bhathiyax>* >>>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Best Regards, >>>>>>> >>>>>>> Kalpa Welivitigoda >>>>>>> Senior Software Engineer, WSO2 Inc. http://wso2.com >>>>>>> Email: kal...@wso2.com >>>>>>> Mobile: +94776509215 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Bhathiya Jayasekara* >>>>>> *Senior Software Engineer,* >>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>> >>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>> <https://twitter.com/bhathiyax>* >>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Bhathiya Jayasekara* >>>>> *Senior Software Engineer,* >>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>> >>>>> *Phone: +94715478185 <%2B94715478185>* >>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>> *Twitter: https://twitter.com/bhathiyax >>>>> <https://twitter.com/bhathiyax>* >>>>> *Blog: http://movingaheadblog.blogspot.com >>>>> <http://movingaheadblog.blogspot.com/>* >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >>>> email: kasung AT spamfree wso2.com >>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>> blog: http://kasunbg.org >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> >> >> -- >> >> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >> email: kasung AT spamfree wso2.com >> linked-in: http://lk.linkedin.com/in/gajasinghe >> blog: http://kasunbg.org >> >> >> > > -- *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev