Cool, most of the stuff to be backported is Andrea's anyway. I found two more classes that were being used by JDBCConfig that weren't on the whitelist. Fix is in on master and 2.7.x
-- Kevin Michael Smith [email protected] On Thu, Aug 13, 2015, at 12:43 AM, Simone Giannecchini wrote: > Dear Kevin, > we are going to look into this starting the 24th. > We can take over your work although we might bother a little for guidance. > > > > Regards, > Simone Giannecchini > == > GeoServer Professional Services from the experts! > Visit http://goo.gl/it488V for more information. > == > Ing. Simone Giannecchini > @simogeo > Founder/Director > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 333 8128928 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > ------------------------------------------------------- > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 > Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i > file/s allegato/i sono da considerarsi strettamente riservate. Il loro > utilizzo è consentito esclusivamente al destinatario del messaggio, per le > finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio > senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia > via e-mail e di procedere alla distruzione del messaggio stesso, > cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per > finalità diverse, costituisce comportamento contrario ai principi dettati dal > D.Lgs. 196/2003. > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named addressee(s). > If you are not the intended recipient, please contact immediately the sender > by telephone, fax or e-mail and delete the information in this message that > has been received in error. The sender does not give any warranty or accept > liability as the content, accuracy or completeness of sent messages and > accepts no responsibility for changes made after they were sent or for other > risks which arise as a result of e-mail transmission, viruses, etc. > > On Wed, Aug 12, 2015 at 11:44 PM, Kevin Smith <[email protected]> wrote: >> __ >> 2.7.x is patched, but backporting to 2.6.x is proving problematic and I've >> used about as much time as I can spare on this. >> >> I've resolved the merge conflicts, but there are still plenty of unit test >> failures that need resolution. >> https://github.com/smithkm/geoserver/tree/xstream_whitelist_2.6 >> >> -- >> Kevin Michael Smith >> [email protected] >> >> >> On Tue, Aug 11, 2015, at 05:51 PM, Jody Garnett wrote: >>> That would be great (stable and maintenance is the goal). >>> >>> -- >>> Jody Garnett >>> >>> On 11 August 2015 at 17:32, Kevin Smith <[email protected]> wrote: >>>> On 11 August 2015 at 10:07, Andrea Aime <[email protected]> >>>> wrote: >>>>> On Tue, Aug 11, 2015 at 6:57 PM, Jody Garnett <[email protected]> >>>>> wrote: >>>>>> My understanding is the security fixes have been back ported - lets >>>>>> confirm with Kevin and Torben. >>>>> >>>>> >>>>> No, the xstream related one did not even reach 2.7.x yet. >>>>> I believe Kevin ported them back to a custom Boundless fork of 2.7.x for >>>>> the next >>>>> Suite release, but not on the official GeoServer one. >>>>> >>>> >>>> Right, it has been part of the internal GS 2.7.x/GWC 1.7.x derived builds >>>> we've been testing for the Suite release for the past week without any >>>> issues. I can cherry pick it over to the official stable branches unless >>>> there are any objections. >>>> >>>> >>>> -- >>>> >>>> Kevin Smith** >>>> Software Engineer | Boundless[1] >>>> [email protected] >>>> +1-778-785-7459[2] >>>> @boundlessgeo[3] >>>> >>>> >>>> http://boundlessgeo.com/ >>>> >>>> >>> ------------------------------------------------------------------------------ >>> >>> _________________________________________________ >>> Geoserver-devel mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Geoserver-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> Links: 1. http://boundlessgeo.com/ 2. tel:%2B1-778-785-7459 3. http://twitter.com/boundlessgeo/
------------------------------------------------------------------------------
_______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
