Re: [PR] [KARAF-7544] Clean up Jetty/servlet-api use [karaf]
jbonofre commented on PR #1809: URL: https://github.com/apache/karaf/pull/1809#issuecomment-1859049339 FYI: it's what we had before but we changed that as Jetty and servlet api is provided by Pax Web. However, for backward compatibility we add a meta feature. In Karaf 4.5.x, we can completely remove `jetty` feature from Karaf and use `pax-web-jettty` from pax web instead. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [KARAF-7544] Clean up Jetty/servlet-api use [karaf]
jbonofre commented on PR #1809: URL: https://github.com/apache/karaf/pull/1809#issuecomment-1859049128 I will do a manual merge to test and squash. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [KARAF-7754] Target Java 11 [karaf]
jbonofre commented on PR #1781: URL: https://github.com/apache/karaf/pull/1781#issuecomment-1859048691 It doesn't work for verify goal with this change. The verify mojo should be updated -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
(karaf) branch main updated (fef1c5533f -> 6c9fb7cc5f)
This is an automated email from the ASF dual-hosted git repository. jbonofre pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/karaf.git from fef1c5533f Merge pull request #1808 from jbonofre/KARAF-7727 new ed41a6db17 [KARAF-7766] Require Java 11 at runtime new abd30ca1be Merge remote-tracking branch 'origin/main' into karaf7766 new 8af26f0bfd Update assemblies/features/base/src/main/filtered-resources/resources/bin/karaf.bat new 4763d87719 Merge branch 'apache:main' into karaf7766 new 6c9fb7cc5f Merge pull request #1782 from rovarga/karaf7766 The 9471 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../src/main/filtered-resources/resources/bin/inc | 6 +- .../main/filtered-resources/resources/bin/karaf| 94 +- .../filtered-resources/resources/bin/karaf.bat | 85 --- 3 files changed, 73 insertions(+), 112 deletions(-)
Re: [PR] [KARAF-7766] Require Java 11 at runtime [karaf]
jbonofre merged PR #1782: URL: https://github.com/apache/karaf/pull/1782 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [KARAF-7766] Require Java 11 at runtime [karaf]
mattrpav commented on PR #1782: URL: https://github.com/apache/karaf/pull/1782#issuecomment-1858827365 @rovarga does this fix the script error about "[" being misused? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Support Java 21 in Builder.JavaVersion [karaf]
rovarga opened a new pull request, #1810: URL: https://github.com/apache/karaf/pull/1810 We have jre-21 defined in jre.properties, but the Builder would not recognize them. Update the enumeration and eliminate manuall-maintained ordinal, deferring to Enum.compareTo() instead. Signed-off-by: Robert Varga -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
(karaf-jclouds) branch master updated: vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291
This is an automated email from the ASF dual-hosted git repository. nite pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/karaf-jclouds.git The following commit(s) were added to refs/heads/master by this push: new 79d0ec3 vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 new 4ed5c6f Merge pull request #8 from BulkSecurityGeneratorProjectV2/fix/JLL/use_https_to_resolve_dependencies_maven 79d0ec3 is described below commit 79d0ec3c25c1850a5dbd58f266e82c996e7b25fe Author: Jonathan Leitschuh AuthorDate: Sat Dec 16 07:13:20 2023 + vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 This fixes a security vulnerability in this project where the `pom.xml` files were configuring Maven to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSS: 8.1 Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories) Reported-by: Jonathan Leitschuh Signed-off-by: Jonathan Leitschuh Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8 Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories) Reported-by: Jonathan Leitschuh Signed-off-by: Jonathan Leitschuh Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8 Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D Co-authored-by: Moderne --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 82e56ee..7798440 100644 --- a/pom.xml +++ b/pom.xml @@ -596,7 +596,7 @@ limitations under the License. maven2-repository.dev.java.net Java.net Repository for Maven - http://download.java.net/maven/2/ + https://download.java.net/maven/2/ default
(karaf) branch main updated: KARAF-7727: Fix org.osgi.util.promise version and use properties
This is an automated email from the ASF dual-hosted git repository.
nite pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/main by this push:
new f7451eb361 KARAF-7727: Fix org.osgi.util.promise version and use
properties
new fef1c5533f Merge pull request #1808 from jbonofre/KARAF-7727
f7451eb361 is described below
commit f7451eb3618decec1a276148add5ba598b1ed95a
Author: JB Onofré
AuthorDate: Fri Dec 15 17:36:33 2023 +0100
KARAF-7727: Fix org.osgi.util.promise version and use properties
---
assemblies/features/framework/src/main/feature/feature.xml | 8
assemblies/features/standard/src/main/feature/feature.xml | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/assemblies/features/framework/src/main/feature/feature.xml
b/assemblies/features/framework/src/main/feature/feature.xml
index e202b95064..d339d8555d 100644
--- a/assemblies/features/framework/src/main/feature/feature.xml
+++ b/assemblies/features/framework/src/main/feature/feature.xml
@@ -31,8 +31,8 @@
mvn:org.ops4j.pax.logging/pax-logging-log4j2/${pax.logging.version}
mvn:org.fusesource.jansi/jansi/${jansi.version}
-mvn:org.osgi/org.osgi.util.function/1.2.0
-mvn:org.osgi/org.osgi.util.promise/1.2.0
+mvn:org.osgi/org.osgi.util.function/${org.osgi.util.function.version}
+mvn:org.osgi/org.osgi.util.promise/${org.osgi.util.promise.version}
mvn:org.apache.felix/org.apache.felix.coordinator/${felix.coordinator.version}
mvn:org.apache.felix/org.apache.felix.converter/${felix.converter.version}
mvn:org.apache.felix/org.apache.felix.configadmin/${felix.configadmin.version}
@@ -57,8 +57,8 @@
mvn:org.ops4j.pax.logging/pax-logging-api/${pax.logging.version}
mvn:org.ops4j.pax.logging/pax-logging-logback/${pax.logging.version}
-mvn:org.osgi/org.osgi.util.function/1.2.0
-mvn:org.osgi/org.osgi.util.promise/1.2.0
+mvn:org.osgi/org.osgi.util.function/${org.osgi.util.function.version}
+mvn:org.osgi/org.osgi.util.promise/${org.osgi.util.promise.version}
mvn:org.apache.felix/org.apache.felix.coordinator/${felix.coordinator.version}
mvn:org.apache.felix/org.apache.felix.converter/${felix.converter.version}
mvn:org.apache.felix/org.apache.felix.configadmin/${felix.configadmin.version}
diff --git a/assemblies/features/standard/src/main/feature/feature.xml
b/assemblies/features/standard/src/main/feature/feature.xml
index 85e9e04ce0..896cdf5c97 100644
--- a/assemblies/features/standard/src/main/feature/feature.xml
+++ b/assemblies/features/standard/src/main/feature/feature.xml
@@ -1465,9 +1465,9 @@ org.apache.felix.eventadmin.AddSubject=true
-mvn:org.osgi/org.osgi.util.function/1.2.0
-mvn:org.osgi/org.osgi.util.promise/1.2.0
-mvn:org.osgi/org.osgi.service.component/1.5.0
+mvn:org.osgi/org.osgi.util.function/${org.osgi.util.function.version}
+mvn:org.osgi/org.osgi.util.promise/${org.osgi.util.promise.version}
+mvn:org.osgi/org.osgi.service.component/${org.osgi.service.component.version}
mvn:org.apache.felix/org.apache.felix.metatype/${felix.metatype.version}
mvn:org.apache.felix/org.apache.felix.scr/${felix.scr.version}
Re: [PR] KARAF-7727: Fix org.osgi.util.promise version and use properties [karaf]
rovarga merged PR #1808: URL: https://github.com/apache/karaf/pull/1808 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@karaf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
