Re: [VOTE] Release Apache Roller 6.1.3 based on rc1
Looks great. Database upgrade no problems. One thing there are alot of these log messages from the war deploy: DEBUG 2024-06-03 08:51:11 [ajp-nio-127.0.0.1-8009-exec-2] UISecurityInterceptor - Entering UISecurityInterceptor DEBUG 2024-06-03 08:51:11 [ajp-nio-127.0.0.1-8009-exec-2] UISecurityInterceptor - action is UISecurityEnforced ... enforcing security rules DEBUG 2024-06-03 08:51:12 [ajp-nio-127.0.0.1-8009-exec-7] UISecurityInterceptor - Entering UISecurityInterceptor DEBUG 2024-06-03 08:51:17 [ajp-nio-127.0.0.1-8009-exec-1] UISecurityInterceptor - Entering UISecurityInterceptor DEBUG 2024-06-03 08:51:17 [ajp-nio-127.0.0.1-8009-exec-1] UISecurityInterceptor - action is UISecurityEnforced ... enforcing security rules Is there a de-register page for a user. There is the remove weblog but not the actual user registration. On 02/06/2024 21:17, Dave wrote: Hi Roller folks, I propose that we release Roller 6.1.3 based on the release candidate #1 (rc1) files already available. https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.3/ This new release of Roller will add: - Input validation/sanitization for Profile full name, name, timezone and locale fields - Input sanitization for Bookmark and Bookmark folder name and description fields - Fix to embedded Jetty (used in tests and mvn jetty:run) - Many fixes for various warnings in tests - Dependency updates: - ant - asm - commons-validator - commons-codec - commons-text - commons-lang3 - guice - log4j2 - lucene - maven-war - maven-surefire - spring - spring-security - jquery - struts2-bootstrap-plugin - mokito-core - instancio-junit - maven-antrun-plugin - selenium-firefox-driver These PRs capture most if not all of the changes: https://github.com/apache/roller/pull/135 https://github.com/apache/roller/pull/134 https://github.com/apache/roller/pull/132 https://github.com/apache/roller/pull/131 Please test and review the release files if you have a chance. Please vote -1 with reasons, 0 or +1 to release. Thanks! Dave
Re: [VOTE] Release Apache Roller 6.1.3 based on rc1
+1 (binding) Hi Dave! - checked sha256 sigs - checked WEB-INF/lib - tested first deployment+first post using containers (podman, tomcat 9, JDK 17, postgresql 42.x) - indirectly tested the functionality by having a similar build deployed for a few month by now (JDK 21, jetty, hsqldb) looks good to me and thanks for the release! best regards, michael On 02.06.24 22:17, Dave wrote: Hi Roller folks, I propose that we release Roller 6.1.3 based on the release candidate #1 (rc1) files already available. https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.3/ This new release of Roller will add: - Input validation/sanitization for Profile full name, name, timezone and locale fields - Input sanitization for Bookmark and Bookmark folder name and description fields - Fix to embedded Jetty (used in tests and mvn jetty:run) - Many fixes for various warnings in tests - Dependency updates: - ant - asm - commons-validator - commons-codec - commons-text - commons-lang3 - guice - log4j2 - lucene - maven-war - maven-surefire - spring - spring-security - jquery - struts2-bootstrap-plugin - mokito-core - instancio-junit - maven-antrun-plugin - selenium-firefox-driver These PRs capture most if not all of the changes: https://github.com/apache/roller/pull/135 https://github.com/apache/roller/pull/134 https://github.com/apache/roller/pull/132 https://github.com/apache/roller/pull/131 Please test and review the release files if you have a chance. Please vote -1 with reasons, 0 or +1 to release. Thanks! Dave
Re: [VOTE] Release Apache Roller 6.1.3 based on rc1
On 03.06.24 10:05, Greg Huber wrote: Looks great. Database upgrade no problems. looks like a debug setting made it into the candidate: https://github.com/apache/roller/blob/f6b3aa448d7703430e11b761b703b69020ea38a7/app/src/main/resources/log4j2.xml#L73 this would be set to "info" normally. -mbien