date:20210727

Re: [javamail] - Branch version

2021-07-27 Thread Romain Manni-Bucau

+1 (will also help upgrades ;))

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le mer. 28 juil. 2021 à 00:51, Cesar Hernandez  a
écrit :

> Hi,
> I don't have the historical background about why the repository have
> folders, but +1 on having dedicated branches.
>
> El mar, 27 jul 2021 a las 15:01,  escribió:
>
>> Hi,
>>
>> Today we have 4 directories in the geronimo-javamail repository and I
>> would like to propose to use tags rather than directory to manage 1.x
>> version.
>>
>> We would have the latest current version on root (1.6) and 1.3.1, 1.4,
>> 1.5 on a dedicated branch.
>>
>> It will also help us for the release process.
>>
>> Toughts?
>>
>> https://github.com/apache/geronimo-javamail
>> 
>>
>> regards,
>>
>> --
>> François
>> fpa...@apache.org
>>
>>
>
> --
> Atentamente:
> César Hernández.
>

Re: [javamail] - Branch version

2021-07-27 Thread Cesar Hernandez

Hi,
I don't have the historical background about why the repository have
folders, but +1 on having dedicated branches.

El mar, 27 jul 2021 a las 15:01,  escribió:

> Hi,
>
> Today we have 4 directories in the geronimo-javamail repository and I
> would like to propose to use tags rather than directory to manage 1.x
> version.
>
> We would have the latest current version on root (1.6) and 1.3.1, 1.4,
> 1.5 on a dedicated branch.
>
> It will also help us for the release process.
>
> Toughts?
>
> https://github.com/apache/geronimo-javamail
> 
>
> regards,
>
> --
> François
> fpa...@apache.org
>
>

-- 
Atentamente:
César Hernández.

[GitHub] [geronimo-arthur] fpapon opened a new pull request #1: WIP: [GERONIMO-6811] Support Meecrowave

2021-07-27 Thread GitBox



fpapon opened a new pull request #1:
URL: https://github.com/apache/geronimo-arthur/pull/1


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@geronimo.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[javamail] - Branch version

2021-07-27 Thread fpapon

Hi,

Today we have 4 directories in the geronimo-javamail repository and I
would like to propose to use tags rather than directory to manage 1.x
version.

We would have the latest current version on root (1.6) and 1.3.1, 1.4,
1.5 on a dedicated branch.

It will also help us for the release process.

Toughts?

https://github.com/apache/geronimo-javamail


regards,

-- 
François
fpa...@apache.org

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

2021-07-27 Thread Romain Manni-Bucau (Jira)



[ 
https://issues.apache.org/jira/browse/GERONIMO-6814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17387945#comment-17387945
 ] 

Romain Manni-Bucau commented on GERONIMO-6814:
--

Specs are javaee api. But this issue affevcts also microprofile artifacts which 
are unrelated to these cve.

Most cve are on the deprecated server and irrelevant, we ensure there is none 
on maintained artifacts.

> Improve Geronimo specs to mitigate CVE-2011-5034
> 
>
> Key: GERONIMO-6814
> URL: https://issues.apache.org/jira/browse/GERONIMO-6814
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: geronimo-maven-plugin
>Affects Versions: 1.1.1
>Reporter: Karthick
>Priority: Major
>
> Hi,
>  
> By default Apache Karaf 4.3.2 ([Maven Repository: org.apache.karaf » 
> apache-karaf » 4.3.2 
> (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.karaf/apache-karaf/4.3.2]
>  packs jms_geronimo_1.1_spec 1.1.1 version which when scanned through 
> security tools like Jfrog XRay and Anchore reports CVE-2011-5034 ([NVD - 
> CVE-2011-5034 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2011-5034] )
> However, there seems to be no later version of geronimo where this CVE is 
> fixed.It has been 10 years since this CVE is created and no fix seen yet. Do 
> you have analysis on whether this CVE really affects geronimo specs or any 
> plan to provide next version?
> There 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

2021-07-27 Thread Karthick (Jira)



[ 
https://issues.apache.org/jira/browse/GERONIMO-6814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17387903#comment-17387903
 ] 

Karthick commented on GERONIMO-6814:


Hi,

I am unable to find what the 'spec' means. Not in maven [Maven Repository: 
org.apache.geronimo.specs » geronimo-jms_1.1_spec » 1.1.1 
(mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.geronimo.specs/geronimo-jms_1.1_spec/1.1.1]
 and not in github [apache/geronimo-specs: Mirror of Apache Geronimo specs 
(github.com)|https://github.com/apache/geronimo-specs]. 

If you could provide a differentiating factor between what artifacts you mean 
as runtime/server and what is the definition of 'specs'.

 

> Improve Geronimo specs to mitigate CVE-2011-5034
> 
>
> Key: GERONIMO-6814
> URL: https://issues.apache.org/jira/browse/GERONIMO-6814
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: geronimo-maven-plugin
>Affects Versions: 1.1.1
>Reporter: Karthick
>Priority: Major
>
> Hi,
>  
> By default Apache Karaf 4.3.2 ([Maven Repository: org.apache.karaf » 
> apache-karaf » 4.3.2 
> (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.karaf/apache-karaf/4.3.2]
>  packs jms_geronimo_1.1_spec 1.1.1 version which when scanned through 
> security tools like Jfrog XRay and Anchore reports CVE-2011-5034 ([NVD - 
> CVE-2011-5034 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2011-5034] )
> However, there seems to be no later version of geronimo where this CVE is 
> fixed.It has been 10 years since this CVE is created and no fix seen yet. Do 
> you have analysis on whether this CVE really affects geronimo specs or any 
> plan to provide next version?
> There 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

2021-07-27 Thread Romain Manni-Bucau (Jira)



[ 
https://issues.apache.org/jira/browse/GERONIMO-6814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17387848#comment-17387848
 ] 

Romain Manni-Bucau commented on GERONIMO-6814:
--

Hi,

AFAIK these vulnerabilities are related to the server and not spec jar but cve 
scanner mix it due to the groupid so looks like a false positive to me.

> Improve Geronimo specs to mitigate CVE-2011-5034
> 
>
> Key: GERONIMO-6814
> URL: https://issues.apache.org/jira/browse/GERONIMO-6814
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: geronimo-maven-plugin
>Affects Versions: 1.1.1
>Reporter: Karthick
>Priority: Major
>
> Hi,
>  
> By default Apache Karaf 4.3.2 ([Maven Repository: org.apache.karaf » 
> apache-karaf » 4.3.2 
> (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.karaf/apache-karaf/4.3.2]
>  packs jms_geronimo_1.1_spec 1.1.1 version which when scanned through 
> security tools like Jfrog XRay and Anchore reports CVE-2011-5034 ([NVD - 
> CVE-2011-5034 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2011-5034] )
> However, there seems to be no later version of geronimo where this CVE is 
> fixed.It has been 10 years since this CVE is created and no fix seen yet. Do 
> you have analysis on whether this CVE really affects geronimo specs or any 
> plan to provide next version?
> There 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

2021-07-27 Thread Karthick (Jira)

Karthick created GERONIMO-6814:
--

 Summary: Improve Geronimo specs to mitigate CVE-2011-5034
 Key: GERONIMO-6814
 URL: https://issues.apache.org/jira/browse/GERONIMO-6814
 Project: Geronimo
  Issue Type: Bug
  Security Level: public (Regular issues)
  Components: geronimo-maven-plugin
Affects Versions: 1.1.1
Reporter: Karthick


Hi,

 

By default Apache Karaf 4.3.2 ([Maven Repository: org.apache.karaf » 
apache-karaf » 4.3.2 
(mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.karaf/apache-karaf/4.3.2]
 packs jms_geronimo_1.1_spec 1.1.1 version which when scanned through security 
tools like Jfrog XRay and Anchore reports CVE-2011-5034 ([NVD - CVE-2011-5034 
(nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2011-5034] )

However, there seems to be no later version of geronimo where this CVE is 
fixed.It has been 10 years since this CVE is created and no fix seen yet. Do 
you have analysis on whether this CVE really affects geronimo specs or any plan 
to provide next version?

There 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: [javamail] - Branch version

Re: [javamail] - Branch version

[GitHub] [geronimo-arthur] fpapon opened a new pull request #1: WIP: [GERONIMO-6811] Support Meecrowave

[javamail] - Branch version

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

[jira] [Created] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

8 matches

Site Navigation

Mail list logo

Footer information