Re: [Architecture] [Dev][VOTE] Release WSO2 Identity Server 5.8.0 RC1

2019-05-11 Thread Malithi Edirisinghe 
Hi All,

We are closing the vote as we found an issue with the email confirmation
with user self-registration and another with is-analytics dependency
versions. We will fix the issues and release another release candidate as
soon as possible.

Thanks,
Malithi

On Sat, May 11, 2019 at 2:32 AM Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi all,
>
> We are pleased to announce the first release candidate of WSO2 Identity
> Server 5.8.0.
>
> This release fixes the following issues,
>
>- 5.8.0-RC1 fixes
>
>- 5.8.0-Beta5 fixes
>
>- 5.8.0-Beta4 fixes
>
>- 5.8.0-Beta3 fixes
>
>- 5.8.0-Beta fixes
>
>- 5.8.0-Alpha5 fixes
>
>- 5.8.0-Alpha4 fixes
>
>- 5.8.0-Alpha3 fixes
>
>- 5.8.0-Alpha2 fixes
>
>- 5.8.0-Alpha fixes
>
>- 5.8.0-M26 fixes
>
>- 5.8.0-M25 fixes
>
>- 5.8.0-M24 fixes
>
>- 5.8.0-M6 fixes
>
>- 5.8.0-M5 fixes
>
>- 5.8.0-M4 fixes
>
>- 5.8.0-M3 fixes
>
>- 5.8.0-M2 fixes
>
>- 5.8.0-M1 fixes
>
>
>
> Source and distribution
>
> Runtime - https://github.com/wso2/product-is/releases/tag/v5.8.0-rc1
> Analytics -
> https://github.com/wso2/analytics-is/releases/tag/v5.8.0-rc1
>
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
>
> Thanks,
> - WSO2 Identity and Access Management Team -
>
> --
>
> Hasanthi Dissanayake
>
> Senior Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com 
>
> --
> You received this message because you are subscribed to the Google Groups
> "IAM team" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iam-group+unsubscr...@wso2.com.
> To view this discussion on the web visit
> https://groups.google.com/a/wso2.com/d/msgid/iam-group/CANox4YgAgBJ4XZeLTxPNBV9irYUk4ja_1oqaJMz%3DfjLmb4oGmg%40mail.gmail.com
> 
> .
>


-- 

*Malithi Edirisinghe*
Technical Lead
WSO2 Inc.

Mobile : +94 (0) 718176807
malit...@wso2.com
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev][VOTE] Release WSO2 Identity Server 5.8.0 RC1

2019-05-11 Thread Tharindu Bandara 
Hi All,

We are closing the vote as we found an issue with the email confirmation
with user self-registration and another with is-analytics dependency
versions. We will fix the issues and release another release candidate as
soon as possible.

Thanks,
Tharindu

On Sat, May 11, 2019 at 2:32 AM Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> Hi all,
>
> We are pleased to announce the first release candidate of WSO2 Identity
> Server 5.8.0.
>
> This release fixes the following issues,
>
>- 5.8.0-RC1 fixes
>
>- 5.8.0-Beta5 fixes
>
>- 5.8.0-Beta4 fixes
>
>- 5.8.0-Beta3 fixes
>
>- 5.8.0-Beta fixes
>
>- 5.8.0-Alpha5 fixes
>
>- 5.8.0-Alpha4 fixes
>
>- 5.8.0-Alpha3 fixes
>
>- 5.8.0-Alpha2 fixes
>
>- 5.8.0-Alpha fixes
>
>- 5.8.0-M26 fixes
>
>- 5.8.0-M25 fixes
>
>- 5.8.0-M24 fixes
>
>- 5.8.0-M6 fixes
>
>- 5.8.0-M5 fixes
>
>- 5.8.0-M4 fixes
>
>- 5.8.0-M3 fixes
>
>- 5.8.0-M2 fixes
>
>- 5.8.0-M1 fixes
>
>
>
> Source and distribution
>
> Runtime - https://github.com/wso2/product-is/releases/tag/v5.8.0-rc1
> Analytics -
> https://github.com/wso2/analytics-is/releases/tag/v5.8.0-rc1
>
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
>
> Thanks,
> - WSO2 Identity and Access Management Team -
>
> --
>
> Hasanthi Dissanayake
>
> Senior Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com 
>
> --
> You received this message because you are subscribed to the Google Groups
> "IAM team" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iam-group+unsubscr...@wso2.com.
> To view this discussion on the web visit
> https://groups.google.com/a/wso2.com/d/msgid/iam-group/CANox4YgAgBJ4XZeLTxPNBV9irYUk4ja_1oqaJMz%3DfjLmb4oGmg%40mail.gmail.com
> 
> .
>


-- 
*Tharindu Bandara*
Software Engineer | WSO2

Email : tharin...@wso2.com
Mobile : +94 714221776
web : http://wso2.com


https://wso2.com/signature
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [VOTE] Release of WSO2 Stream Processor 4.4.0 RC4

2019-05-11 Thread Niveathika Rajendran 
Hi all,

I have tested APIM, IS and EI analytics solutions.

+1 Go ahead and release

Best Regards,
*Niveathika Rajendran,*
*Senior Software Engineer.*
*Mobile : +94 077 903 7536*





On Thu, May 9, 2019 at 10:30 PM Ramindu De Silva  wrote:

> Hi All,
>
> WSO2 Stream Processor team is pleased to announce the fourth release
> candidate of WSO2 Stream Processor 4.4.0.
>
> WSO2 Stream Processor is an open source embodiment of the WSO2 Analytics
> platform, of which the real-time, incremental & intelligent data processing
> capabilities let digital businesses create actionable business insights and
> data products.
>
> Please find the improvements and fixes related to this release:
>
>- siddhi
>
> 
>- carbon-analytics-common
>
> 
>- carbon-analytics
>
> 
>- carbon-dashboards
>
> 
>- analytics-solutions
>
> 
>- product-sp
>
> 
>
> You can download the product distribution from here
> 
>
> The tag to be voted upon:
> https://github.com/wso2/product-sp/releases/tag/v4.4.0-RC4
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> You can find the official documentation in
> https://docs.wso2.com/display/SP440
>
> Best Regards,
> WSO2 Stream Processor Team
>
> --
> *Ramindu De Silva*
> Associate Technical Lead
> WSO2 Inc.: http://wso2.com
> lean.enterprise.middleware
>
> email: ramin...@wso2.com 
> mob: +94 719678895
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] HoneyPot APIs for API Manager - New Feature of APIM product

2019-05-11 Thread Frank Leymann 
Sure, you get information *about* the attacker from such headers. But how
do we *detect* (!) an attack - also from headers?  Or do you have a
catalogue of IP addresses that are allowed to use the API (then, detection
would be simple)...


Best regards,
Frank




Am Fr., 10. Mai 2019 um 07:37 Uhr schrieb Nadee Poornima :

> Hi Frank,
>
> In deed: very nice idea, valuable feature!  Which attributes should be
>> used to detect an attack?
>>
>
> Thank you very much for the feedback.
>
> In here, if anyone invokes this Honeypot API, it will detect as an
> anonymous attack. We are getting the headers (IP, if have access tokens) in
> order to identify the attacker. Currently, we are implementing to detect
> and alert this to the system admin. We hope to implement the blocking part
> also in future time.
>
> Thank you & regards,
> Nadee
>
>
> On Thu, May 9, 2019 at 10:47 PM Frank Leymann  wrote:
>
>> In deed: very nice idea, valuable feature!  Which attributes should be
>> used to detect an attack?
>>
>> Best regards,
>> Frank
>>
>>
>>
>>
>> Am Do., 9. Mai 2019 um 11:09 Uhr schrieb Sanjeewa Malalgoda <
>> sanje...@wso2.com>:
>>
>>> Tracing and logging problematic API calls definitely add value to
>>> product. This is kind of alerting mechanism. But we should not stop from
>>> there. We can go one step ahead and block calls with similar attributes. We
>>> can block API calls temporary based on the API context, application id,
>>> user and IP address. Then users who accessed honeypot APIs will not be able
>>> to use other APIs.
>>>
>>> Blocking condition related updates we can put into topic from traffic
>>> manager. So we can use same mechanism here as well.
>>>
>>> Thanks,
>>> sanjeewa.
>>>
>>> On Thu, May 9, 2019 at 12:18 PM Nadee Poornima  wrote:
>>>
 Hi All,

 If published APIs in the store, they could invoke by the Hackers by
 scanning the open ports of a system. Therefore in order to prevent such
 attacks, the user needs to use different tools or mechanism. The
 Honeypots[1] is such a system, user can use in their environment to detect
 such anonymous attacks.

 Instead of using such out of box tools or mechanism, we are trying to
 implement a mechanism to detect such anonymous invocation of APIs within
 the APIM product.

 *The suggested Approach:*
 There is a deployed API in the gateway(not showing the API in publisher
 or store), once invoked that API by an anonymous user, it will identify it
 as anonymous invocation and trigger an Alert (send an email) to admin user
 of the system. Request Data will publish to the Trafic Manager and they
 will persist to DB as well.
 Those invocations will appear as a list in the Admin portal and admin
 user could remove or persist them through the UI after reviewing them.
 Further, we will implement an Admin UI part to configure that Alert(like
 configuring email).

 [image: HoneyPotAPIAlertApproach.png]

 [1]. https://blog.rapid7.com/2016/12/06/introduction-to-honeypots/

 Thank you and regards,
 *Nadee Poornima*
 Software Engineer - Support Team | WSO2

 Email : nad...@wso2.com
 Mobile : +94713441341
 MyBlog: https://medium.com/nadees-tech-stories

 

>>>
>>>
>>> --
>>> *Sanjeewa Malalgoda*
>>> Software Architect | Associate Director, Engineering - WSO2 Inc.
>>> (m) +94 712933253 | (e) sanje...@wso2.com | (b) Blogger
>>> , Medium
>>> 
>>>
>>> GET INTEGRATION AGILE 
>>> Integration Agility for Digitally Driven Business
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>
>
> --
> *Nadee Poornima*
> Software Engineer - Support Team | WSO2
>
> Email : nad...@wso2.com
> Mobile : +94713441341
> MyBlog: https://medium.com/nadees-tech-stories
>
> 
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture