Re: latest spring vulnerability and roller
On 02.04.22 23:21, Dave wrote: Thanks Michael! I put together a 2nd release candidate for Roller 6.1.1 based on the current master branch. Are there any other changes we should get in before starting a vote? Hi Dave, everything is integrated from my side. There was also no new spring release over night so i suppose everything is still fine :) maybe we could shorten the voting period this time for those who are waiting? thanks for doing the release, best regards, michael https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.1 Dave On Fri, Apr 1, 2022 at 10:47 PM Michael Bien wrote: Hello again, dev builds are now also uploaded automatically after PR integration. index for master builds: https://github.com/apache/roller/actions/workflows/main.yml?query=branch%3Amaster example of the most recent build (would be the first link of the index above): https://github.com/apache/roller/actions/runs/2080694025 (see bottom of the page for artifacts) best regards, michael On 02.04.22 01:50, Michael Bien wrote: Hello Roller users, you probably heard of "spring shell"* by now. if you don't want to wait for a roller update release, building roller yourself is really easy. follow first two steps described here: https://github.com/apache/roller#quick-start-running-via-maven The master branch already contains the spring dependency updates which include the fixes for the (known) vulnerabilities. We updated a lot of code over the last ~two years, this allows making those dependency updates quickly without having to change anything code wise - the apache release process still takes time though - building roller yourself takes 5-10 minutes. best regards, michael * https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 ** https://github.com/apache/roller/pull/115
Re: latest spring vulnerability and roller
Thanks Michael! I put together a 2nd release candidate for Roller 6.1.1 based on the current master branch. Are there any other changes we should get in before starting a vote? https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.1 Dave On Fri, Apr 1, 2022 at 10:47 PM Michael Bien wrote: > Hello again, > > dev builds are now also uploaded automatically after PR integration. > > index for master builds: > > https://github.com/apache/roller/actions/workflows/main.yml?query=branch%3Amaster > > example of the most recent build (would be the first link of the index > above): > https://github.com/apache/roller/actions/runs/2080694025 > (see bottom of the page for artifacts) > > best regards, > michael > > > On 02.04.22 01:50, Michael Bien wrote: > > Hello Roller users, > > > > you probably heard of "spring shell"* by now. > > > > if you don't want to wait for a roller update release, building roller > > yourself is really easy. > > > > follow first two steps described here: > > > > https://github.com/apache/roller#quick-start-running-via-maven > > > > > > The master branch already contains the spring dependency updates which > > include the fixes for the (known) vulnerabilities. > > > > We updated a lot of code over the last ~two years, this allows making > > those dependency updates quickly without having to change anything > > code wise - the apache release process still takes time though - > > building roller yourself takes 5-10 minutes. > > > > best regards, > > > > michael > > > > > > * https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 > > > > ** https://github.com/apache/roller/pull/115 > > > > > >
Re: latest spring vulnerability and roller
Hello again, dev builds are now also uploaded automatically after PR integration. index for master builds: https://github.com/apache/roller/actions/workflows/main.yml?query=branch%3Amaster example of the most recent build (would be the first link of the index above): https://github.com/apache/roller/actions/runs/2080694025 (see bottom of the page for artifacts) best regards, michael On 02.04.22 01:50, Michael Bien wrote: Hello Roller users, you probably heard of "spring shell"* by now. if you don't want to wait for a roller update release, building roller yourself is really easy. follow first two steps described here: https://github.com/apache/roller#quick-start-running-via-maven The master branch already contains the spring dependency updates which include the fixes for the (known) vulnerabilities. We updated a lot of code over the last ~two years, this allows making those dependency updates quickly without having to change anything code wise - the apache release process still takes time though - building roller yourself takes 5-10 minutes. best regards, michael * https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 ** https://github.com/apache/roller/pull/115
latest spring vulnerability and roller
Hello Roller users, you probably heard of "spring shell"* by now. if you don't want to wait for a roller update release, building roller yourself is really easy. follow first two steps described here: https://github.com/apache/roller#quick-start-running-via-maven The master branch already contains the spring dependency updates which include the fixes for the (known) vulnerabilities. We updated a lot of code over the last ~two years, this allows making those dependency updates quickly without having to change anything code wise - the apache release process still takes time though - building roller yourself takes 5-10 minutes. best regards, michael * https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 ** https://github.com/apache/roller/pull/115