Re: Git history problem

2020-03-09 Thread Michael Brohl 
+1

It is easy to prevent this by using rebase merging but committers have to care 
about it. If Github can be configured to prevent merge commits we should do so.

Thanks,
Michael

> Am 09.03.2020 um 17:58 schrieb Mathieu Lirzin :
> 
> Hello,
> 
> The history of OFBiz trunk with the adoption of the Pull Request based
> contribution process is getting less and less readable. Here is a
> snippet of `git log --oneline --graph` demonstrating that:
> 
> --8<---cut here---start->8---
> a3bcdc4cc3 * | Improved: Removes getSubContentWithPermCheck and getSubSub
>   |/
> 8ec3886d7f * Fixed: Code refactoring to support groovy syntax (OFBIZ-1023
> 604a3bfa02 * Improved: Convert PartyInvitationService.xml from minilang t
> 5b8c89906c *   Merge pull request #36 from danwatford/ofbiz-11428-checkst
>   |\
> e665f9dc68 | * Improved: Set checkstyle to use LF line endings   
> e9ec4181ec * |   Merge pull request #17 from PierreSmits/Label-Cleanup   
>   |\ \  
> 974b85f4ec | * | Improved: Cleanup HumanRes labels   
> c71a7ae06d | * | Improved: UI labels 
> c121ad6b9d * | |   Merge pull request #15 from PierreSmits/OFBIZ-10551   
>   |\ \ \
>   | |_|/
>   |/| | 
> 58b0da26f5 | * | Improved: Remove unused labels from ProductUiLabels.xml 
> 66aa76d7f7 * | |   Merge pull request #35 from danwatford/ofbiz-11418-doc
>   |\ \ \
> 0ece441228 | * | | Fixed: Fixed line lengths in ModelFormFieldTest to adh
> cfad407c48 * | | |   Merge pull request #34 from danwatford/ofbiz-11418-d
>   |\ \ \ \  
>   | |/ / /  
> 5640de4eba | * | | Documented: Documented use of field attribute paramete
> --8<---cut here---end--->8---
> 
> I personnally think this is a huge issue because it makes analysing
> history and chasing previously introduced bugs unecessary hard.
> 
> I would strongly recommend configuring OFBiz Github to require a linear
> commit history when merging PR [1].
> 
> Thanks.
> 
> [1] 
> https://help.github.com/en/github/administering-a-repository/requiring-a-linear-commit-history
> 
> PS: Even if I try to be polite, I am profoundly angry regarding the way
> the PR contribution process has been adopted without any formal
> community approval or listening to people having stated important
> requirements that needed to be addressed before moving towards that new
> contribution process.
> 
> -- 
> Mathieu Lirzin
> GPG: F2A3 8D7E EB2B 6640 5761  070D 0ADE E100 9460 4D37

Re: [TEST] Test "POC for CSRF Token"

2020-03-09 Thread Jacques Le Roux 

Hi Girish,

I just had a look with Zap.  As a note: Zap reports missing CSRF tokens in forms when there are actually present in the URL. This is explained by the 
point 3 of OFBIZ-11306 description (Freemarker handling).


Jacques

Le 09/03/2020 à 10:57, Girish Vasmatkar a écrit :

Hi Jacques

I tried to simulate the CSRF manually (and I plan to use Zap as well) and I
got this error -

Invalid or missing CSRF token to path '/EntitySQLProcessor'

I logged in to OFBiz and then used an HTML form to perform the attack and
the patch successfully prevented.

So it looks good to me. I will let you know how it goes with ZAP.

Best,
Girish






On Sat, Mar 7, 2020 at 3:30 PM Jacques Le Roux 
wrote:


Hi All,

This is my 1st weekly reminder :)

As you may know CSRF attacks are very bad. TL;DR: They are hard to provoke
but once you are able to create one, mostly using social engineering, they
can be "/devastating for both the business and user/".[1]

OFBiz is currently riddled with CSRF vulnerabilities, all not idempotent
URLs[2] are susceptible to be attacked. James started an effort to fix them
with OFBIZ-11306 and I joined him.

Though, after almost 3 months of work, I'm pretty confident about our
results, I have investigated how to validate our effort, with 3 mains
penetrations tools: Burp, Owasp Zap and Qualys.

I notably followed[3]. Since we have (normally) covered all cases (see
OFBIZ-11306 description), I did not find a way to penetrate using this
method.

Moreover, I'm a developer not a penetration tester. And, for misc.
reasons, I find quite painful to use those tools when it comes to CSRF,
even if
it's well explained in[3].

I did not either find an easy way to automatically test all URLs for CSRF
vulnerabilities. It seems to me that the most powerful tool is Qualys but
so
far I have been unable to scan a localhost instance. I expect to work on
that next week. If I can't get it working it would be nice to have a domain
where to put the changes and launch Qualys, and Zap that I have to test
for the same also, against this domain.

Another aspect I'd be interested in are regressions. I don't think there
should be any, but if you can apply the patch, or use my fork branch (see
OFBIZ-11425), and have a short tour it would be good.

[1]
https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/
[2] this is security jargon :), and idempotent URL is one that does not
change the state of the application. It's a bit more than safe URL:
http://restcookbook.com/HTTP%20Methods/idempotency/
[3]
https://portswigger.net/support/using-burp-to-test-for-cross-site-request-forgery

TIA

Jacques

Le 29/02/2020 à 11:01, Pierre Smits a écrit :

Thanks for the info, and the persistence to keep it in the attention

span,

Jacques.

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz

since

2008 (without privileges)

*Apache Trafodion, Vice President*
*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer


On Sat, Feb 29, 2020 at 10:28 AM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:


For those interested, it's maybe easier to test to simply apply the last
patches (framework + plugins) at OFBIZ-11306

Also if I see nothing happening, I'll do a reminder every week...

Thanks

Jacques

Le 27/02/2020 à 17:28, Jacques Le Roux a écrit :

Forgot to say that w/ or w/o test I'll commit in 1 month...

Jacques

Le 27/02/2020 à 15:08, Jacques Le Roux a écrit :

Hi,

After working with James, who initiated the "POC for CSRF Token"

effort, onhttps://issues.apache.org/jira/browse/OFBIZ-11306

I have created OFBIZ-11425 to ask for all possible help to review and

test.

TIA

Jacques

Git history problem

2020-03-09 Thread Mathieu Lirzin 
Hello,

The history of OFBiz trunk with the adoption of the Pull Request based
contribution process is getting less and less readable. Here is a
snippet of `git log --oneline --graph` demonstrating that:

--8<---cut here---start->8---
a3bcdc4cc3 * | Improved: Removes getSubContentWithPermCheck and getSubSub
   |/
8ec3886d7f * Fixed: Code refactoring to support groovy syntax (OFBIZ-1023
604a3bfa02 * Improved: Convert PartyInvitationService.xml from minilang t
5b8c89906c *   Merge pull request #36 from danwatford/ofbiz-11428-checkst
   |\
e665f9dc68 | * Improved: Set checkstyle to use LF line endings   
e9ec4181ec * |   Merge pull request #17 from PierreSmits/Label-Cleanup   
   |\ \  
974b85f4ec | * | Improved: Cleanup HumanRes labels   
c71a7ae06d | * | Improved: UI labels 
c121ad6b9d * | |   Merge pull request #15 from PierreSmits/OFBIZ-10551   
   |\ \ \
   | |_|/
   |/| | 
58b0da26f5 | * | Improved: Remove unused labels from ProductUiLabels.xml 
66aa76d7f7 * | |   Merge pull request #35 from danwatford/ofbiz-11418-doc
   |\ \ \
0ece441228 | * | | Fixed: Fixed line lengths in ModelFormFieldTest to adh
cfad407c48 * | | |   Merge pull request #34 from danwatford/ofbiz-11418-d
   |\ \ \ \  
   | |/ / /  
5640de4eba | * | | Documented: Documented use of field attribute paramete
--8<---cut here---end--->8---

I personnally think this is a huge issue because it makes analysing
history and chasing previously introduced bugs unecessary hard.

I would strongly recommend configuring OFBiz Github to require a linear
commit history when merging PR [1].

Thanks.

[1] 
https://help.github.com/en/github/administering-a-repository/requiring-a-linear-commit-history

PS: Even if I try to be polite, I am profoundly angry regarding the way
the PR contribution process has been adopted without any formal
community approval or listening to people having stated important
requirements that needed to be addressed before moving towards that new
contribution process.

-- 
Mathieu Lirzin
GPG: F2A3 8D7E EB2B 6640 5761  070D 0ADE E100 9460 4D37

Re: OFBIZ-11415: Backport request - Using FlexibleStringExpander in form widget field's parameter names

2020-03-09 Thread Jacques Le Roux 

Thanks Daniel,

I continue...

Jacques

Le 09/03/2020 à 16:04, Daniel Watford a écrit :

Hi Jacques,

All looks good to me, thanks.

The branch used for PR37 was taken from PR31's branch, which means there
was some shared commits.

>From the git log it looks like you merged PR37, which would explain why all
the commits from PR31 were merged as well.

Thanks,

Dan.

On Mon, 9 Mar 2020 at 13:32, Jacques Le Roux 
wrote:


Hi Daniel,

Done, please check I did not miss anything. I was a bit confused because
when I merged PR31 it seem PR37 was automatically merged too.

If all is OK I'll continue on OFBIZ-4035

Thanks

Jacques

Le 06/03/2020 à 18:03, Jacques Le Roux a écrit :

Hi Daniel, All,

At https://markmail.org/message/ahu6kz7dihcyp45z you asked

"How do committers decide which features to backport to 18.12?"

I (roughly) answered

 "The rule is normally we only backport bug fixes, obviously to avoid

regression.  But if nobody disagree for simple new features or improvements

sometimes we backport"

I have decided I'll backport after the weekend OFBIZ-11415 & OFBIZ-11418

in at least R18 if nobody is against

As I said already, I'm also considering the related OFBIZ-4035 and will

work on it next week, if nobody beats me on it...

Jacques

Le 25/02/2020 à 15:04, Daniel Watford a écrit :

Hello,

I've created  https://issues.apache.org/jira/browse/OFBIZ-11415 as a
request to backport functionality introduced to trunk by
https://issues.apache.org/jira/browse/OFBIZ-11330.

PR created: https://github.com/apache/ofbiz-framework/pull/31

Thanks,

Dan.

Re: OFBIZ-11415: Backport request - Using FlexibleStringExpander in form widget field's parameter names

2020-03-09 Thread Daniel Watford 
Hi Jacques,

All looks good to me, thanks.

The branch used for PR37 was taken from PR31's branch, which means there
was some shared commits.

>From the git log it looks like you merged PR37, which would explain why all
the commits from PR31 were merged as well.

Thanks,

Dan.

On Mon, 9 Mar 2020 at 13:32, Jacques Le Roux 
wrote:

> Hi Daniel,
>
> Done, please check I did not miss anything. I was a bit confused because
> when I merged PR31 it seem PR37 was automatically merged too.
>
> If all is OK I'll continue on OFBIZ-4035
>
> Thanks
>
> Jacques
>
> Le 06/03/2020 à 18:03, Jacques Le Roux a écrit :
> > Hi Daniel, All,
> >
> > At https://markmail.org/message/ahu6kz7dihcyp45z you asked
> >
> >"How do committers decide which features to backport to 18.12?"
> >
> > I (roughly) answered
> >
> > "The rule is normally we only backport bug fixes, obviously to avoid
> regression.  But if nobody disagree for simple new features or improvements
> > sometimes we backport"
> >
> > I have decided I'll backport after the weekend OFBIZ-11415 & OFBIZ-11418
> in at least R18 if nobody is against
> >
> > As I said already, I'm also considering the related OFBIZ-4035 and will
> work on it next week, if nobody beats me on it...
> >
> > Jacques
> >
> > Le 25/02/2020 à 15:04, Daniel Watford a écrit :
> >> Hello,
> >>
> >> I've created  https://issues.apache.org/jira/browse/OFBIZ-11415 as a
> >> request to backport functionality introduced to trunk by
> >> https://issues.apache.org/jira/browse/OFBIZ-11330.
> >>
> >> PR created: https://github.com/apache/ofbiz-framework/pull/31
> >>
> >> Thanks,
> >>
> >> Dan.
> >>
>


-- 
Daniel Watford

Re: OFBIZ-11415: Backport request - Using FlexibleStringExpander in form widget field's parameter names

2020-03-09 Thread Jacques Le Roux 

Hi Daniel,

Done, please check I did not miss anything. I was a bit confused because when I 
merged PR31 it seem PR37 was automatically merged too.

If all is OK I'll continue on OFBIZ-4035

Thanks

Jacques

Le 06/03/2020 à 18:03, Jacques Le Roux a écrit :

Hi Daniel, All,

At https://markmail.org/message/ahu6kz7dihcyp45z you asked

   "How do committers decide which features to backport to 18.12?"

I (roughly) answered

    "The rule is normally we only backport bug fixes, obviously to avoid regression.  But if nobody disagree for simple new features or improvements 
sometimes we backport"


I have decided I'll backport after the weekend OFBIZ-11415 & OFBIZ-11418 in at 
least R18 if nobody is against

As I said already, I'm also considering the related OFBIZ-4035 and will work on 
it next week, if nobody beats me on it...

Jacques

Le 25/02/2020 à 15:04, Daniel Watford a écrit :

Hello,

I've created  https://issues.apache.org/jira/browse/OFBIZ-11415 as a
request to backport functionality introduced to trunk by
https://issues.apache.org/jira/browse/OFBIZ-11330.

PR created: https://github.com/apache/ofbiz-framework/pull/31

Thanks,

Dan.

Re: [GitHub] [ofbiz-site] PierreSmits commented on issue #1: Improved: widget-theme.xsd typos (OFBIZ-11421)

2020-03-09 Thread Swapnil M Mane 
Hello team,
Here is the Jira ticket to track the progress for this activity
https://issues.apache.org/jira/browse/INFRA-19945

Best regards,
Swapnil M Mane,
ofbiz.apache.org



On Sat, Feb 29, 2020 at 10:24 AM Swapnil M Mane 
wrote:

> Thank you team for inputs, will sync up with the Infra team to proceed
> with this.
>
> Best regards,
> Swapnil M Mane,
> ofbiz.apache.org
>
>
>
> On Thu, Feb 27, 2020 at 3:14 PM Pierre Smits 
> wrote:
>
>> Good advice, Michael. But that don't always happen.
>>
>> Met vriendelijke groet,
>>
>> Pierre Smits
>> *Proud* *contributor** of* Apache OFBiz  since
>> 2008 (without privileges)
>>
>> *Apache Trafodion , Vice President*
>> *Apache Directory , PMC Member*
>> Apache Incubator , committer
>> Apache Steve , committer
>>
>>
>> On Thu, Feb 27, 2020 at 10:35 AM Michael Brohl 
>> wrote:
>>
>> > Every Git PR also needs a Jira, for which the notifications go to the
>> > notifications mailing list.
>> >
>> > If people want to contribute and follow, they should subscribe to
>> > notifications.
>> >
>> > Maybe we should send a reminder and encourage them to do so instead of
>> > mixing notifications and dev again.
>> >
>> > Michael Brohl
>> >
>> > ecomify GmbH - www.ecomify.de
>> >
>> >
>> > Am 27.02.20 um 09:54 schrieb Pierre Smits:
>> > > With the great difference between the numbers of subscribers of dev@
>> and
>> > > notifications@  (last time I checked notifications@ had around 50), I
>> > > advise against it.
>> > >
>> > > If we want more people to contribute we need more than just the
>> handful
>> > of
>> > > active committers/contributors and employees of system integrators, we
>> > need
>> > > to ensure that such notifications get sent to largest subset of our
>> > > community (dev@).
>> > >
>> > > Met vriendelijke groet,
>> > >
>> > > Pierre Smits
>> > > *Proud* *contributor** of* Apache OFBiz 
>> > since
>> > > 2008 (without privileges)
>> > >
>> > > *Apache Trafodion , Vice President*
>> > > *Apache Directory , PMC Member*
>> > > Apache Incubator , committer
>> > > Apache Steve , committer
>> > >
>> > >
>> > > On Thu, Feb 27, 2020 at 9:33 AM Michael Brohl <
>> michael.br...@ecomify.de>
>> > > wrote:
>> > >
>> > >> +1, Thanks Swapnil!
>> > >>
>> > >> Michael
>> > >>
>> > >> Am 27.02.20 um 09:17 schrieb Swapnil M Mane:
>> > >>> Hi team,
>> > >>> Should we move these Git notification to
>> > notificati...@ofbiz.apache.org
>> > >>> list [1] that we created in the past to avoid notification traffic
>> on
>> > dev
>> > >>> list, thoughts?
>> > >>>
>> > >>> [1] https://s.apache.org/0jdhc
>> > >>>
>> > >>>
>> > >>> Best regards,
>> > >>> Swapnil M Mane,
>> > >>> ofbiz.apache.org
>> > >>>
>> > >>>
>> > >>>
>> > >>> On Wed, Feb 26, 2020 at 3:24 PM GitBox  wrote:
>> > >>>
>> >  PierreSmits commented on issue #1: Improved: widget-theme.xsd typos
>> >  (OFBIZ-11421)
>> >  URL:
>> > https://github.com/apache/ofbiz-site/pull/1#issuecomment-591338641
>> > 
>> > 
>> >   Done.
>> > 
>> >  
>> >  This is an automated message from the Apache Git Service.
>> >  To respond to the message, please log on to GitHub and use the
>> >  URL above to go to the specific comment.
>> > 
>> >  For queries about this service, please contact Infrastructure at:
>> >  us...@infra.apache.org
>> > 
>> > 
>> >  With regards,
>> >  Apache Git Services
>> > 
>> > >>
>> >
>> >
>>
>

Re: OFBiz-Github-MultiBranch » trunk - Build # 6 - Still Failing

2020-03-09 Thread Michael Brohl 

Hi Pierre,

can you explain why a push to your private repository triggers a build 
on the official ASF infrastructure builds.apache.org?


Thanks,

Michael Brohl

ecomify GmbH - www.ecomify.de


Am 09.03.20 um 09:15 schrieb Pierre Smits:

Good morning Michael, all,

My apologies for the inconvenience caused.

A minor glitch in a push to my GitHub fork of the official repository
caused this to happen.


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)


On Mon, Mar 9, 2020 at 7:19 AM Michael Brohl 
wrote:


Good morning,

I've got this mailed to my apache mail account. Does anyone know what
this is?

Seems to be a misconfigured Jenkins but I am not aware that we have this
running.

I also see that it is partly working against a repository from Pierre so
it might be initiated by him?

Regards,

Michael Brohl

ecomify GmbH - www.ecomify.de



 Weitergeleitete Nachricht 
Betreff:OFBiz-Github-MultiBranch » trunk - Build # 6 - Still
Failing
Datum:  Mon, 9 Mar 2020 02:34:47 + (UTC)
Von:Apache Jenkins Server 
An: mbr...@apache.org



For more details, see
https://builds.apache.org/job/OFBiz-Github-MultiBranch/job/trunk/6/

[Mar 8, 2020 12:13:05 AM] (mbrohl) Improved: Upgrade Freemarker from
2.3.29 to 2.3.30.


HTML Version:

https://builds.apache.org/job/OFBiz-Github-MultiBranch/job/trunk/6/Yetus_20Report/

ERROR: File 'out/brief.txt' does not exist






smime.p7s
Description: S/MIME Cryptographic Signature

Re: [TEST] Test "POC for CSRF Token"

2020-03-09 Thread Girish Vasmatkar 
Hi Jacques

I tried to simulate the CSRF manually (and I plan to use Zap as well) and I
got this error -

Invalid or missing CSRF token to path '/EntitySQLProcessor'

I logged in to OFBiz and then used an HTML form to perform the attack and
the patch successfully prevented.

So it looks good to me. I will let you know how it goes with ZAP.

Best,
Girish






On Sat, Mar 7, 2020 at 3:30 PM Jacques Le Roux 
wrote:

> Hi All,
>
> This is my 1st weekly reminder :)
>
> As you may know CSRF attacks are very bad. TL;DR: They are hard to provoke
> but once you are able to create one, mostly using social engineering, they
> can be "/devastating for both the business and user/".[1]
>
> OFBiz is currently riddled with CSRF vulnerabilities, all not idempotent
> URLs[2] are susceptible to be attacked. James started an effort to fix them
> with OFBIZ-11306 and I joined him.
>
> Though, after almost 3 months of work, I'm pretty confident about our
> results, I have investigated how to validate our effort, with 3 mains
> penetrations tools: Burp, Owasp Zap and Qualys.
>
> I notably followed[3]. Since we have (normally) covered all cases (see
> OFBIZ-11306 description), I did not find a way to penetrate using this
> method.
>
> Moreover, I'm a developer not a penetration tester. And, for misc.
> reasons, I find quite painful to use those tools when it comes to CSRF,
> even if
> it's well explained in[3].
>
> I did not either find an easy way to automatically test all URLs for CSRF
> vulnerabilities. It seems to me that the most powerful tool is Qualys but
> so
> far I have been unable to scan a localhost instance. I expect to work on
> that next week. If I can't get it working it would be nice to have a domain
> where to put the changes and launch Qualys, and Zap that I have to test
> for the same also, against this domain.
>
> Another aspect I'd be interested in are regressions. I don't think there
> should be any, but if you can apply the patch, or use my fork branch (see
> OFBIZ-11425), and have a short tour it would be good.
>
> [1]
> https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/
> [2] this is security jargon :), and idempotent URL is one that does not
> change the state of the application. It's a bit more than safe URL:
> http://restcookbook.com/HTTP%20Methods/idempotency/
> [3]
> https://portswigger.net/support/using-burp-to-test-for-cross-site-request-forgery
>
> TIA
>
> Jacques
>
> Le 29/02/2020 à 11:01, Pierre Smits a écrit :
> > Thanks for the info, and the persistence to keep it in the attention
> span,
> > Jacques.
> >
> > Met vriendelijke groet,
> >
> > Pierre Smits
> > *Proud* *contributor** of* Apache OFBiz
> since
> > 2008 (without privileges)
> >
> > *Apache Trafodion, Vice President*
> > *Apache Directory, PMC Member*
> > Apache Incubator, committer
> > Apache Steve, committer
> >
> >
> > On Sat, Feb 29, 2020 at 10:28 AM Jacques Le Roux <
> > jacques.le.r...@les7arts.com> wrote:
> >
> >> For those interested, it's maybe easier to test to simply apply the last
> >> patches (framework + plugins) at OFBIZ-11306
> >>
> >> Also if I see nothing happening, I'll do a reminder every week...
> >>
> >> Thanks
> >>
> >> Jacques
> >>
> >> Le 27/02/2020 à 17:28, Jacques Le Roux a écrit :
> >>> Forgot to say that w/ or w/o test I'll commit in 1 month...
> >>>
> >>> Jacques
> >>>
> >>> Le 27/02/2020 à 15:08, Jacques Le Roux a écrit :
>  Hi,
> 
>  After working with James, who initiated the "POC for CSRF Token"
> >> effort, onhttps://issues.apache.org/jira/browse/OFBIZ-11306
>  I have created OFBIZ-11425 to ask for all possible help to review and
> >> test.
>  TIA
> 
>  Jacques
> 
>

Re: Demo instance for OFBiz 17.12 release and remove 13.07 demo

2020-03-09 Thread Nicolas Malin 
+1

Nicolas

On 06/03/2020 10:34, Swapnil M Mane wrote:
> Hello team,
> Current we have three demo instances [1] for OFBiz.
>
> -- Current Stable Release 16.11 - Demo
> https://demo-stable.ofbiz.apache.org/ordermgr/control/main
>
> -- Developer Trunk - Demo
> https://demo-trunk.ofbiz.apache.org/ordermgr/control/main
>
> -- Previous Stable Release 13.07 - Demo
> https://demo-old.ofbiz.apache.org/ordermgr/control/main
>
> As we have our new OFBiz release 17.12, should we think of taking the
> following actions:
>
> 1. The 'Current Stable Release' instance should have release 17.12
> i.e. demo-stable.ofbiz.apache.org should deploy on release 17.12
>
> 2. The 'Previous Stable Release' instance should have release 16.11
> i.e. demo-old.ofbiz.apache.org should deploy on 16.11
>
> After this migration, we will *no longer have 13.07 - Demo* instance.
>
> Here are some more details about the 13.07 demo instance.
> The 13.07 instance gets down abruptly very frequently.
> After this, it requires manual interaction to restart, in recent times
> Jacques and I manually restarted it many times.
> Looking at the current scenarios, it seems our users are also not
> using 13.07 demo instance on a frequent basis, because no one from our
> users reports us when it is down ;-)
>
> [1] https://ofbiz.apache.org/ofbiz-demos.html
>
> Best regards,
> Swapnil M Mane,
> ofbiz.apache.org


pEpkey.asc
Description: application/pgp-keys

Re: OFBiz-Github-MultiBranch » trunk - Build # 6 - Still Failing

2020-03-09 Thread Pierre Smits 
Good morning Michael, all,

My apologies for the inconvenience caused.

A minor glitch in a push to my GitHub fork of the official repository
caused this to happen.


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)


On Mon, Mar 9, 2020 at 7:19 AM Michael Brohl 
wrote:

> Good morning,
>
> I've got this mailed to my apache mail account. Does anyone know what
> this is?
>
> Seems to be a misconfigured Jenkins but I am not aware that we have this
> running.
>
> I also see that it is partly working against a repository from Pierre so
> it might be initiated by him?
>
> Regards,
>
> Michael Brohl
>
> ecomify GmbH - www.ecomify.de
>
>
>
>  Weitergeleitete Nachricht 
> Betreff:OFBiz-Github-MultiBranch » trunk - Build # 6 - Still
> Failing
> Datum:  Mon, 9 Mar 2020 02:34:47 + (UTC)
> Von:Apache Jenkins Server 
> An: mbr...@apache.org
>
>
>
> For more details, see
> https://builds.apache.org/job/OFBiz-Github-MultiBranch/job/trunk/6/
>
> [Mar 8, 2020 12:13:05 AM] (mbrohl) Improved: Upgrade Freemarker from
> 2.3.29 to 2.3.30.
>
>
> HTML Version:
>
> https://builds.apache.org/job/OFBiz-Github-MultiBranch/job/trunk/6/Yetus_20Report/
>
> ERROR: File 'out/brief.txt' does not exist
>
>

Re: Demo instance for OFBiz 17.12 release and remove 13.07 demo

2020-03-09 Thread Aditya Sharma 
+1 Thanks Swapnil

Thanks and Regards,
Aditya Sharma

On Sun, Mar 8, 2020 at 4:17 PM Michael Brohl 
wrote:

> +1
>
> Thanks Swapnil,
>
> Michael
>
>
> Am 06.03.20 um 10:34 schrieb Swapnil M Mane:
> > Hello team,
> > Current we have three demo instances [1] for OFBiz.
> >
> > -- Current Stable Release 16.11 - Demo
> > https://demo-stable.ofbiz.apache.org/ordermgr/control/main
> >
> > -- Developer Trunk - Demo
> > https://demo-trunk.ofbiz.apache.org/ordermgr/control/main
> >
> > -- Previous Stable Release 13.07 - Demo
> > https://demo-old.ofbiz.apache.org/ordermgr/control/main
> >
> > As we have our new OFBiz release 17.12, should we think of taking the
> > following actions:
> >
> > 1. The 'Current Stable Release' instance should have release 17.12
> > i.e. demo-stable.ofbiz.apache.org should deploy on release 17.12
> >
> > 2. The 'Previous Stable Release' instance should have release 16.11
> > i.e. demo-old.ofbiz.apache.org should deploy on 16.11
> >
> > After this migration, we will *no longer have 13.07 - Demo* instance.
> >
> > Here are some more details about the 13.07 demo instance.
> > The 13.07 instance gets down abruptly very frequently.
> > After this, it requires manual interaction to restart, in recent times
> > Jacques and I manually restarted it many times.
> > Looking at the current scenarios, it seems our users are also not
> > using 13.07 demo instance on a frequent basis, because no one from our
> > users reports us when it is down ;-)
> >
> > [1] https://ofbiz.apache.org/ofbiz-demos.html
> >
> > Best regards,
> > Swapnil M Mane,
> > ofbiz.apache.org
>
>

Fwd: OFBiz-Github-MultiBranch » trunk - Build # 6 - Still Failing

2020-03-09 Thread Michael Brohl 

Good morning,

I've got this mailed to my apache mail account. Does anyone know what 
this is?


Seems to be a misconfigured Jenkins but I am not aware that we have this 
running.


I also see that it is partly working against a repository from Pierre so 
it might be initiated by him?


Regards,

Michael Brohl

ecomify GmbH - www.ecomify.de



 Weitergeleitete Nachricht 
Betreff:OFBiz-Github-MultiBranch » trunk - Build # 6 - Still Failing
Datum:  Mon, 9 Mar 2020 02:34:47 + (UTC)
Von:Apache Jenkins Server 
An: mbr...@apache.org



For more details, see 
https://builds.apache.org/job/OFBiz-Github-MultiBranch/job/trunk/6/


[Mar 8, 2020 12:13:05 AM] (mbrohl) Improved: Upgrade Freemarker from 
2.3.29 to 2.3.30.



HTML Version: 
https://builds.apache.org/job/OFBiz-Github-MultiBranch/job/trunk/6/Yetus_20Report/


ERROR: File 'out/brief.txt' does not exist



smime.p7s
Description: S/MIME Cryptographic Signature