[jira] [Created] (SSHD-1249) How much large file we can transfer in single session?

[Sandeep (Jira)]

Sandeep created SSHD-1249:
-

 Summary: How much large file we can transfer in single session?
 Key: SSHD-1249
 URL: https://issues.apache.org/jira/browse/SSHD-1249
 Project: MINA SSHD
  Issue Type: Question
Reporter: Sandeep


Hi Apache Team, Contributor,

I just wanted to know more info for  questions:
 # How much large file size we can transfer in a single session? is any 
limitations for this?
 # Is any session timeout if file upload going on?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Triuble with deleghated tasks in MINA 2.2 SSLHandler

[Emmanuel Lécharny]

Hi Jonathan,

I have a test that isn't happy with the way we deal with delegatedTasks 
in MINA 2.2 new SSLFilter implementation.


The context:
We do a TLS connection with a wrong certificate, the test is expected to 
fail, because of this error:


javax.net.ssl.SSLHandshakeException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target


The problem is that this exception is never caught, for some reason I'm 
trying to understand.The SSLHandlerG0.execute_task do catch an exception 
and stores it into the mPendingError variable, but this is never used.


--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Re: SSL classes name

[Jonathan Valliere]

I’m okay with that except the new SSL isn’t exactly a drop in replacement
for the old one. I felt this would cause enough confusion on purpose to
force devs to look at their code and make sure it’s compatible.

On Wed, Feb 23, 2022 at 10:52 AM Emmanuel Lécharny 
wrote:

> Hi Jonathan,
>
> the ssl filter classes should be renamed from SSLxxx to Sslxxx. This is
> breaking a lot of applications using them. I have no problem with using
> SSLxxx in a 3.0, but for a 2.2, I think that would be too much trouble
> for our users...
>
>
> --
> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
> 
> T. +33 (0)4 89 97 36 50
> P. +33 (0)6 08 33 32 61
> emmanuel.lecha...@busit.com https://www.busit.com/
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
> For additional commands, e-mail: dev-h...@mina.apache.org
>
> --
CONFIDENTIALITY NOTICE: The contents of this email message and any
attachments are intended solely for the addressee(s) and may contain
confidential and/or privileged information and may be legally protected
from disclosure.

Re: Vote needed: [VOTE] Apache FtpServer 1.1.3 release

[Emmanuel Lécharny]

You did;-) I need one more vote...

On 23/02/2022 20:09, Jeff Genender wrote:

Did i not vote?

+1 if not.

Jeff




On Feb 22, 2022, at 11:06 PM, Emmanuel Lécharny  wrote:

Hi,

I need at least one more vote for this release...

Thanks !

On 20/02/2022 09:48, Emmanuel Lecharny wrote:

Hi,
This is a bug fix release. This version uses the latest MINA release
(2.1.6), the latest Log4j version (2.17.1) and an issue with TLS 1.3
that wasn't enabled properly.
A temporary tag has been created (it can be removed if the vote is not approved)
The newly approved Nexus has been used for the preparation of this
release and all final artifacts are stored in a staging repository:
https://repository.apache.org/content/repositories/orgapachemina-1067/
The distributions are available for download on :
https://repository.apache.org/content/repositories/orgapachemina-004/org/apache/mina/ftpserver/1.1.3/
Let us vote :
[ ] +1 | Release Apache FtpServer 1.1.3
[ ] +/- | Abstain
[ ] -1 | Do *NOT* release Apache FtpServer 1.1.3
Thanks !


--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org





--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Re: Vote needed: [VOTE] Apache FtpServer 1.1.3 release

[Jeff Genender]

Did i not vote?

+1 if not.

Jeff



> On Feb 22, 2022, at 11:06 PM, Emmanuel Lécharny  wrote:
> 
> Hi,
> 
> I need at least one more vote for this release...
> 
> Thanks !
> 
> On 20/02/2022 09:48, Emmanuel Lecharny wrote:
>> Hi,
>> This is a bug fix release. This version uses the latest MINA release
>> (2.1.6), the latest Log4j version (2.17.1) and an issue with TLS 1.3
>> that wasn't enabled properly.
>> A temporary tag has been created (it can be removed if the vote is not 
>> approved)
>> The newly approved Nexus has been used for the preparation of this
>> release and all final artifacts are stored in a staging repository:
>> https://repository.apache.org/content/repositories/orgapachemina-1067/
>> The distributions are available for download on :
>> https://repository.apache.org/content/repositories/orgapachemina-004/org/apache/mina/ftpserver/1.1.3/
>> Let us vote :
>> [ ] +1 | Release Apache FtpServer 1.1.3
>> [ ] +/- | Abstain
>> [ ] -1 | Do *NOT* release Apache FtpServer 1.1.3
>> Thanks !
> 
> -- 
> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
> T. +33 (0)4 89 97 36 50
> P. +33 (0)6 08 33 32 61
> emmanuel.lecha...@busit.com https://www.busit.com/
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
> For additional commands, e-mail: dev-h...@mina.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

SSL classes name

[Emmanuel Lécharny]

Hi Jonathan,

the ssl filter classes should be renamed from SSLxxx to Sslxxx. This is 
breaking a lot of applications using them. I have no problem with using 
SSLxxx in a 3.0, but for a 2.2, I think that would be too much trouble 
for our users...



--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-1248) Log4J2 Security Vulneralibility ( CVE-2021-44832 )

[Thomas Wolf (Jira)]

[ 
https://issues.apache.org/jira/browse/SSHD-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496554#comment-17496554
 ] 

Thomas Wolf commented on SSHD-1248:
---

AFAIK Apache MINA sshd does _*not*_ use log4j or log4j2. It uses only the slf4j 
API, and users are free to use any logging back-end. In our tests we use 
logback.

Where in Apache MINA sshd did you find a dependency on log4j or log4j2?

> Log4J2 Security Vulneralibility ( CVE-2021-44832 )
> --
>
> Key: SSHD-1248
> URL: https://issues.apache.org/jira/browse/SSHD-1248
> Project: MINA SSHD
>  Issue Type: Question
>Affects Versions: 2.8.0
>Reporter: Putra Nugraha
>Priority: Major
>
> Upon checking a possible security vulnerabilities, I noticed MINA SSHD is 
> using Log4J2 version 2.14.1 and Log4J2 made some fixes in the later version ( 
> 2.17.1 for Java 8 ) which one if it is related to security vulnerabilities to 
> RCE.
>  
> May I know if there is any plan on MINA SSHD to adapt the above fix? Or can 
> we please have this fixed if not planned?
>  
> Further details on the above Log4J security vulnerabilities can be found here
> https://logging.apache.org/log4j/2.x/security.html



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org