[jira] [Commented] (FELIX-6600) Please release a new version of Script Console plugin
[ https://issues.apache.org/jira/browse/FELIX-6600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17698776#comment-17698776 ] Carsten Ziegeler commented on FELIX-6600: - I tried to build the project, but get this test error. So this neds to be fixed first: Tests in error: testScriptExecution(org.apache.felix.webconsole.plugins.scriptconsole.integration.ITScriptConsolePlugin): Problem starting test container. Tests run: 1, Failures: 0, Errors: 1, Skipped: 0 > Please release a new version of Script Console plugin > - > > Key: FELIX-6600 > URL: https://issues.apache.org/jira/browse/FELIX-6600 > Project: Felix > Issue Type: Bug > Components: Script Console Plugin >Reporter: Andreas Lemmer >Priority: Major > > The last release of org.apache.felix.webconsole.plugins.scriptconsole is > 1.0.2 from 2015 which still uses org.json (version 2007) with many CVEs. It > doesn't run with a recent org.json version, because the constructor argument > of JSONWriter was changed long ago. > As far as I can see, the org.json dependency has been removed in version > 1.0.3-SNAPSHOT, but there is no official 1.0.3 release. > Please release a version without org.json dependency. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [felix-dev] dependabot[bot] opened a new pull request, #207: Bump snakeyaml from 1.32 to 2.0 in /converter/serializer
dependabot[bot] opened a new pull request, #207: URL: https://github.com/apache/felix-dev/pull/207 Bumps [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) from 1.32 to 2.0. Commits https://bitbucket.org/snakeyaml/snakeyaml/commits/c98ffba9cd065d1ead94c9ec580d8b5a5966c9d3";>c98ffba issue 561: add negative test case https://bitbucket.org/snakeyaml/snakeyaml/commits/e2ca740df5510abf4f8de49c56e4ec53ec7b5624";>e2ca740 Use Maven wrapper on github https://bitbucket.org/snakeyaml/snakeyaml/commits/49d91a1e2d7fbd756f1d5f380b0c07e13546222d";>49d91a1 Fix target for github https://bitbucket.org/snakeyaml/snakeyaml/commits/19e331dd722325758263bfdfdd1d72872d8451bd";>19e331d Disable toolchain for github https://bitbucket.org/snakeyaml/snakeyaml/commits/42c781297909a3c7e61a234071540b91c6bf5834";>42c7812 Cobertura plugin does not work https://bitbucket.org/snakeyaml/snakeyaml/commits/03c82b5d8ef3525ba407f3a96cbb6d5f6f9d364d";>03c82b5 Rename GlobalTagRejectionTest to be run by Maven https://bitbucket.org/snakeyaml/snakeyaml/commits/6e8cd890716dfe22d5ba56f9a592225fb7fa2803";>6e8cd89 Remove cobertura https://bitbucket.org/snakeyaml/snakeyaml/commits/d9b0f480b1a63aca4678da7ab1915fcfc7d2a856";>d9b0f48 Improve Javadoc https://bitbucket.org/snakeyaml/snakeyaml/commits/519791aa35b5415494234cd91c250ba5ed9fa80a";>519791a Run install and site goals under docker https://bitbucket.org/snakeyaml/snakeyaml/commits/82f33d25ae189560ebeed29bbe3aff5bc44556fc";>82f33d2 Merge branch 'master' into add-module-info Additional commits viewable in https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.0..snakeyaml-1.32";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/felix-dev/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@felix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (FELIX-6600) Please release a new version of Script Console plugin
[ https://issues.apache.org/jira/browse/FELIX-6600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17698756#comment-17698756 ] Carsten Ziegeler commented on FELIX-6600: - [~ALemmer] Could you please give the current SNAPSHOT version a try and report back here. If it works for you, I can cut a release > Please release a new version of Script Console plugin > - > > Key: FELIX-6600 > URL: https://issues.apache.org/jira/browse/FELIX-6600 > Project: Felix > Issue Type: Bug > Components: Script Console Plugin >Reporter: Andreas Lemmer >Priority: Major > > The last release of org.apache.felix.webconsole.plugins.scriptconsole is > 1.0.2 from 2015 which still uses org.json (version 2007) with many CVEs. It > doesn't run with a recent org.json version, because the constructor argument > of JSONWriter was changed long ago. > As far as I can see, the org.json dependency has been removed in version > 1.0.3-SNAPSHOT, but there is no official 1.0.3 release. > Please release a version without org.json dependency. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (FELIX-6599) javax.servlet incompatibility between Felix HTTP Jetty Light 4.2.8 and Jetty 9.4.x
[
https://issues.apache.org/jira/browse/FELIX-6599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17698754#comment-17698754
]
Carsten Ziegeler commented on FELIX-6599:
-
https://github.com/apache/felix-dev/commit/fb073764f93d97428002182418024200be0544e9
> javax.servlet incompatibility between Felix HTTP Jetty Light 4.2.8 and Jetty
> 9.4.x
> --
>
> Key: FELIX-6599
> URL: https://issues.apache.org/jira/browse/FELIX-6599
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
>Affects Versions: http.jetty-4.2.8
>Reporter: Antoine DESSAIGNE
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: http.jetty-4.2.10, http.base-4.2.6, http.bridge-4.2.8
>
>
> Hello everyone,
> We detected what looks like an inconsistency in Felix HTTP Jetty Light 4.2.8
> (where Jetty is an external jar and not inlined).
> In the {{MANIFEST.MF}} file we can see
> {noformat}
> Import-Package:
> javax.servlet.descriptor;version="[3.1,4)"
> javax.servlet.http;version="[3.1,4)"
> javax.servlet;version="[3.1,4)"
> ...
> Require-Capability:
> osgi.contract;filter:="(&(osgi.contract=JavaServlet)(version=4.0))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
> {noformat}
> So it asks for {{javax.servlet}} in version range [3.1,4) but ask for a 4.0
> Java Servlet capability. Unfortunately
> {{org.apache.felix.http.base.internal.registry.PathResolverFactory}} uses
> {{javax.servlet.http.MappingMatch}} which is only available starting in 4.0.
> Felix HTTP Jetty Light uses Jetty 9.4.50.v20221201 which requires
> {{javax.servlet}} in version range [3.1,4).
> So it looks like in the 4.2.x branch, {{javax.servlet}} should be in 3.1.0
> and {{javax.servlet.http.MappingMatch}} should not be used. Am I right or is
> there something I did wrong?
> Thank you for your help
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (FELIX-6599) javax.servlet incompatibility between Felix HTTP Jetty Light 4.2.8 and Jetty 9.4.x
[
https://issues.apache.org/jira/browse/FELIX-6599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved FELIX-6599.
-
Resolution: Fixed
> javax.servlet incompatibility between Felix HTTP Jetty Light 4.2.8 and Jetty
> 9.4.x
> --
>
> Key: FELIX-6599
> URL: https://issues.apache.org/jira/browse/FELIX-6599
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
>Affects Versions: http.jetty-4.2.8
>Reporter: Antoine DESSAIGNE
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: http.jetty-4.2.10, http.base-4.2.6, http.bridge-4.2.8
>
>
> Hello everyone,
> We detected what looks like an inconsistency in Felix HTTP Jetty Light 4.2.8
> (where Jetty is an external jar and not inlined).
> In the {{MANIFEST.MF}} file we can see
> {noformat}
> Import-Package:
> javax.servlet.descriptor;version="[3.1,4)"
> javax.servlet.http;version="[3.1,4)"
> javax.servlet;version="[3.1,4)"
> ...
> Require-Capability:
> osgi.contract;filter:="(&(osgi.contract=JavaServlet)(version=4.0))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
> {noformat}
> So it asks for {{javax.servlet}} in version range [3.1,4) but ask for a 4.0
> Java Servlet capability. Unfortunately
> {{org.apache.felix.http.base.internal.registry.PathResolverFactory}} uses
> {{javax.servlet.http.MappingMatch}} which is only available starting in 4.0.
> Felix HTTP Jetty Light uses Jetty 9.4.50.v20221201 which requires
> {{javax.servlet}} in version range [3.1,4).
> So it looks like in the 4.2.x branch, {{javax.servlet}} should be in 3.1.0
> and {{javax.servlet.http.MappingMatch}} should not be used. Am I right or is
> there something I did wrong?
> Thank you for your help
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [felix-antora-site] pekdemira opened a new pull request, #5: Update index.adoc for a broken link
pekdemira opened a new pull request, #5: URL: https://github.com/apache/felix-antora-site/pull/5 Update the broken link to the OSGi Specifications page at https://docs.osgi.org/specification/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@felix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (FELIX-6600) Please release a new version of Script Console plugin
Andreas Lemmer created FELIX-6600: - Summary: Please release a new version of Script Console plugin Key: FELIX-6600 URL: https://issues.apache.org/jira/browse/FELIX-6600 Project: Felix Issue Type: Bug Components: Script Console Plugin Reporter: Andreas Lemmer The last release of org.apache.felix.webconsole.plugins.scriptconsole is 1.0.2 from 2015 which still uses org.json (version 2007) with many CVEs. It doesn't run with a recent org.json version, because the constructor argument of JSONWriter was changed long ago. As far as I can see, the org.json dependency has been removed in version 1.0.3-SNAPSHOT, but there is no official 1.0.3 release. Please release a version without org.json dependency. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [VOTE] Release Apache Felix Http Jetty 4.2.10, Http Bridge 4.2.8, Http Base 4.2.6
+1 On Thu, Mar 9, 2023 at 5:58 AM Karl Pauls wrote: > +1 > > regards, > > Karl > > On Thursday, March 9, 2023, wrote: > > > +1 > > > > David > > > > On Thu, 9 Mar 2023 at 08:31, Carsten Ziegeler > > wrote: > > > > > Hi, > > > > > > We solved one issue in these releases > > > https://issues.apache.org/jira/browse/FELIX-6599 > > > (I'll update the issue once my access to jira works again) > > > > > > Staging repository: > > > > https://repository.apache.org/content/repositories/orgapachefelix-1456/ > > > > > > You can use this UNIX script to download the release and verify the > > > signatures: > > > > https://github.com/apache/felix-dev/blob/master/check_staged_release.sh > > > > > > Usage: > > > sh check_staged_release.sh 1456 /tmp/felix-staging > > > > > > Please vote to approve this release: > > > > > > [ ] +1 Approve the release > > > [ ] -1 Veto the release (please provide specific comments) > > > > > > This vote will be open for 72 hours. > > > > > > Regards > > > Carsten > > > -- > > > Carsten Ziegeler > > > Adobe > > > cziege...@apache.org > > > > > > > > -- > Karl Pauls > karlpa...@gmail.com > -- *Raymond Augé* (@rotty3000) Senior Software Architect *Liferay, Inc.* (@Liferay) OSGi Fellow, Java Champion
Release Felix Log
Hi all, Would any of the Felix committers be available to cut a 1.3.0 release of Felix Log? I would like to start using the improvement (FELIX-6593) that was merged a couple of weeks ago. Best regards, Arnoud Glimmerveen
Re: [VOTE] Release Apache Felix Http Jetty 4.2.10, Http Bridge 4.2.8, Http Base 4.2.6
+1 regards, Karl On Thursday, March 9, 2023, wrote: > +1 > > David > > On Thu, 9 Mar 2023 at 08:31, Carsten Ziegeler > wrote: > > > Hi, > > > > We solved one issue in these releases > > https://issues.apache.org/jira/browse/FELIX-6599 > > (I'll update the issue once my access to jira works again) > > > > Staging repository: > > https://repository.apache.org/content/repositories/orgapachefelix-1456/ > > > > You can use this UNIX script to download the release and verify the > > signatures: > > https://github.com/apache/felix-dev/blob/master/check_staged_release.sh > > > > Usage: > > sh check_staged_release.sh 1456 /tmp/felix-staging > > > > Please vote to approve this release: > > > > [ ] +1 Approve the release > > [ ] -1 Veto the release (please provide specific comments) > > > > This vote will be open for 72 hours. > > > > Regards > > Carsten > > -- > > Carsten Ziegeler > > Adobe > > cziege...@apache.org > > > -- Karl Pauls karlpa...@gmail.com
[jira] [Commented] (FELIX-6599) javax.servlet incompatibility between Felix HTTP Jetty Light 4.2.8 and Jetty 9.4.x
[
https://issues.apache.org/jira/browse/FELIX-6599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17698310#comment-17698310
]
Antoine DESSAIGNE commented on FELIX-6599:
--
Thank you [~cziegeler] for handling this so quickly
> javax.servlet incompatibility between Felix HTTP Jetty Light 4.2.8 and Jetty
> 9.4.x
> --
>
> Key: FELIX-6599
> URL: https://issues.apache.org/jira/browse/FELIX-6599
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
>Affects Versions: http.jetty-4.2.8
>Reporter: Antoine DESSAIGNE
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: http.jetty-4.2.10, http.base-4.2.6, http.bridge-4.2.8
>
>
> Hello everyone,
> We detected what looks like an inconsistency in Felix HTTP Jetty Light 4.2.8
> (where Jetty is an external jar and not inlined).
> In the {{MANIFEST.MF}} file we can see
> {noformat}
> Import-Package:
> javax.servlet.descriptor;version="[3.1,4)"
> javax.servlet.http;version="[3.1,4)"
> javax.servlet;version="[3.1,4)"
> ...
> Require-Capability:
> osgi.contract;filter:="(&(osgi.contract=JavaServlet)(version=4.0))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
> {noformat}
> So it asks for {{javax.servlet}} in version range [3.1,4) but ask for a 4.0
> Java Servlet capability. Unfortunately
> {{org.apache.felix.http.base.internal.registry.PathResolverFactory}} uses
> {{javax.servlet.http.MappingMatch}} which is only available starting in 4.0.
> Felix HTTP Jetty Light uses Jetty 9.4.50.v20221201 which requires
> {{javax.servlet}} in version range [3.1,4).
> So it looks like in the 4.2.x branch, {{javax.servlet}} should be in 3.1.0
> and {{javax.servlet.http.MappingMatch}} should not be used. Am I right or is
> there something I did wrong?
> Thank you for your help
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [VOTE] Release Apache Felix Http Jetty 4.2.10, Http Bridge 4.2.8, Http Base 4.2.6
+1 David On Thu, 9 Mar 2023 at 08:31, Carsten Ziegeler wrote: > Hi, > > We solved one issue in these releases > https://issues.apache.org/jira/browse/FELIX-6599 > (I'll update the issue once my access to jira works again) > > Staging repository: > https://repository.apache.org/content/repositories/orgapachefelix-1456/ > > You can use this UNIX script to download the release and verify the > signatures: > https://github.com/apache/felix-dev/blob/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 1456 /tmp/felix-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] -1 Veto the release (please provide specific comments) > > This vote will be open for 72 hours. > > Regards > Carsten > -- > Carsten Ziegeler > Adobe > cziege...@apache.org >
[VOTE] Release Apache Felix Http Jetty 4.2.10, Http Bridge 4.2.8, Http Base 4.2.6
Hi, We solved one issue in these releases https://issues.apache.org/jira/browse/FELIX-6599 (I'll update the issue once my access to jira works again) Staging repository: https://repository.apache.org/content/repositories/orgapachefelix-1456/ You can use this UNIX script to download the release and verify the signatures: https://github.com/apache/felix-dev/blob/master/check_staged_release.sh Usage: sh check_staged_release.sh 1456 /tmp/felix-staging Please vote to approve this release: [ ] +1 Approve the release [ ] -1 Veto the release (please provide specific comments) This vote will be open for 72 hours. Regards Carsten -- Carsten Ziegeler Adobe cziege...@apache.org
