[jira] [Created] (SLING-7232) Remove http.bridge from launchpad base
Carsten Ziegeler created SLING-7232: --- Summary: Remove http.bridge from launchpad base Key: SLING-7232 URL: https://issues.apache.org/jira/browse/SLING-7232 Project: Sling Issue Type: Improvement Components: Launchpad Reporter: Carsten Ziegeler Fix For: Launchpad Builder 10, Launchpad Base 2.6.26 Currently launchpad base embedds the http.bridge bundle for the webapp setup. So whenever the http bridge needs an update, we need to release a new launchpad version. As this is just a bundle which needs to be available in the webapp scenario we can move this to the provisioning model and bind it to the webapp runmode. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [VOTE] Release Apache Sling Event Support version 4.2.10
+1 Tommaso Il giorno mer 8 nov 2017 alle ore 06:38 Carsten Ziegeler < cziege...@apache.org> ha scritto: > +1 > -- > Carsten Ziegeler > Adobe Research Switzerland > cziege...@apache.org >
[jira] [Updated] (SLING-7231) Move to owasp sanitizer library
[ https://issues.apache.org/jira/browse/SLING-7231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-7231: Summary: Move to owasp sanitizer library (was: Move to owasp sanitizer) > Move to owasp sanitizer library > --- > > Key: SLING-7231 > URL: https://issues.apache.org/jira/browse/SLING-7231 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Reporter: Carsten Ziegeler >Priority: Critical > Fix For: XSS Protection API 2.0.2 > > > While looking at the extensive dependency list of the XSS module (which are > all caused by the embedded owasp.org artifacts), I found out that the > versions we use are outdated. > So I think we should update those to the latest. > Furthermore, the embedded antisamy library does not look to be maintained > anymore > (https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project) > instead the html sanitizer looks much fresher and claims to be faster > https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project > I think we should switch. Quick analysis: > Pros: > Actively maintained > Much faster > Lightweight (also from a dependency POV) > Cons: > Incompatible (and runtime-object based) configuration > Not completely feature equivalent (but close enough and better in some > aspects) > Some investigation is needed on how > a) filter rules can be configured (e.g. sling configurations, file based, > code bundle, ... ?) > b) existing configurations can be migrated -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-7231) Move to owasp sanitizer
Carsten Ziegeler created SLING-7231: --- Summary: Move to owasp sanitizer Key: SLING-7231 URL: https://issues.apache.org/jira/browse/SLING-7231 Project: Sling Issue Type: Improvement Components: XSS Protection API Reporter: Carsten Ziegeler Priority: Critical Fix For: XSS Protection API 2.0.2 While looking at the extensive dependency list of the XSS module (which are all caused by the embedded owasp.org artifacts), I found out that the versions we use are outdated. So I think we should update those to the latest. Furthermore, the embedded antisamy library does not look to be maintained anymore (https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project) instead the html sanitizer looks much fresher and claims to be faster https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project I think we should switch. Quick analysis: Pros: Actively maintained Much faster Lightweight (also from a dependency POV) Cons: Incompatible (and runtime-object based) configuration Not completely feature equivalent (but close enough and better in some aspects) Some investigation is needed on how a) filter rules can be configured (e.g. sling configurations, file based, code bundle, ... ?) b) existing configurations can be migrated -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [VOTE] Release Apache Sling Event Support version 4.2.10
+1 -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
RE: [VOTE] Release Apache Sling Hypermedia API tools 1.1.0
+1
RE: [VOTE] Apache Sling Servlets Get 2.1.30
+1
RE: [VOTE] Release Apache Sling Event Support version 4.2.10
+1
[jira] [Commented] (SLING-7186) System bundle + extension bundles should only export available packages on java9
[ https://issues.apache.org/jira/browse/SLING-7186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16243051#comment-16243051 ] ASF GitHub Bot commented on SLING-7186: --- karlpauls opened a new pull request #1: SLING-7186: Improve java9 system package handling URL: https://github.com/apache/sling-org-apache-sling-launchpad-base/pull/1 Update to the latest felix framework snapshot and work in changes to use the new java9 support. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > System bundle + extension bundles should only export available packages on > java9 > > > Key: SLING-7186 > URL: https://issues.apache.org/jira/browse/SLING-7186 > Project: Sling > Issue Type: Improvement > Components: Launchpad >Affects Versions: Launchpad Base 2.6.24 >Reporter: Karl Pauls >Assignee: Karl Pauls > Fix For: Launchpad Base 2.6.26 > > > We need to revisit the packages we export from the system bundle as well as > the extension bundles we add when running with java9. The issue is that by > default, starting with java9, we only have java.se modules on the module > path. Our current packages list + extension bundles assumes java.se.ee to be > present (which is not the case unless it is specifically requested via > --add-modules). > We have to investigate what we want to do to remedy this situation - I'll > create subtasks for the actual work (which probably has to include updating > to a Felix 5.6.10 when it is released). -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[GitHub] karlpauls opened a new pull request #1: SLING-7186: Improve java9 system package handling
karlpauls opened a new pull request #1: SLING-7186: Improve java9 system package handling URL: https://github.com/apache/sling-org-apache-sling-launchpad-base/pull/1 Update to the latest felix framework snapshot and work in changes to use the new java9 support. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
Re: [VOTE] Release Apache Sling Hypermedia API tools 1.1.0
+1 -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
Re: [VOTE] Release Apache Sling Hypermedia API tools 1.1.0
+1 from me (non-binding) On Tue, Nov 7, 2017 at 2:56 PM Andrei Dulvac wrote: > Hi, > > We solved 7 issues in this > release:https://issues.apache.org/jira/projects/SLING/versions/12337960 > > There are no outstanding > issues:https://issues.apache.org/jira/browse/SLING/component/12330969. > > Staging > repository:https://repository.apache.org/content/repositories/orgapachesling-1808 > > You can use this UNIX script to download the release and verify the > signatures:http://svn.apache.org/repos/asf/sling/trunk/check_staged_release.sh > Usage: > sh check_staged_release.sh 1808 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > >
[VOTE] Release Apache Sling Hypermedia API tools 1.1.0
Hi, We solved 7 issues in this release:https://issues.apache.org/jira/projects/SLING/versions/12337960 There are no outstanding issues:https://issues.apache.org/jira/browse/SLING/component/12330969. Staging repository:https://repository.apache.org/content/repositories/orgapachesling-1808 You can use this UNIX script to download the release and verify the signatures:http://svn.apache.org/repos/asf/sling/trunk/check_staged_release.sh Usage: sh check_staged_release.sh 1808 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours.
[jira] [Commented] (SLING-7226) Repo Init: allow to pass intermediate path upon creating service user
[ https://issues.apache.org/jira/browse/SLING-7226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16241773#comment-16241773 ] angela commented on SLING-7226: --- [~marett], the API contract doesn't mandate any specific format and leaves it to the implementation to reject invalid paths. So, I wouldn't make any attempt to perform the validation yourself. regarding userID: I don't recall having any kind of limitations here but I neither recall explicitly testing if it works. > Repo Init: allow to pass intermediate path upon creating service user > - > > Key: SLING-7226 > URL: https://issues.apache.org/jira/browse/SLING-7226 > Project: Sling > Issue Type: Improvement > Components: Repoinit >Reporter: angela > > [~marett], [~bdelacretaz], if I am not mistaken it is currently not possible > to pass the second parameter 'intermediatePath' when creating a service user > using the repo-init. > In the Jackrabbit {{UserManager}} API the call looks as follows: > {code} > UserManager.createSystemUser(String userID, String intermediatePath) > {code} > I would appreciate if both params would be respected by the repo-init and I > don't think it should be a big deal adding this. > Thanks. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (SLING-7226) Repo Init: allow to pass intermediate path upon creating service user
[ https://issues.apache.org/jira/browse/SLING-7226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16241773#comment-16241773 ] angela edited comment on SLING-7226 at 11/7/17 10:04 AM: - [~marett], the API contract doesn't mandate any specific format and leaves it to the implementation to reject invalid paths. So, I wouldn't make any attempt to perform the validation yourself. regarding userID: I don't recall having any kind of limitations here but I neither recall explicitly testing if it works. Again I would suggest to leave the validation to the implementation. was (Author: anchela): [~marett], the API contract doesn't mandate any specific format and leaves it to the implementation to reject invalid paths. So, I wouldn't make any attempt to perform the validation yourself. regarding userID: I don't recall having any kind of limitations here but I neither recall explicitly testing if it works. > Repo Init: allow to pass intermediate path upon creating service user > - > > Key: SLING-7226 > URL: https://issues.apache.org/jira/browse/SLING-7226 > Project: Sling > Issue Type: Improvement > Components: Repoinit >Reporter: angela > > [~marett], [~bdelacretaz], if I am not mistaken it is currently not possible > to pass the second parameter 'intermediatePath' when creating a service user > using the repo-init. > In the Jackrabbit {{UserManager}} API the call looks as follows: > {code} > UserManager.createSystemUser(String userID, String intermediatePath) > {code} > I would appreciate if both params would be respected by the repo-init and I > don't think it should be a big deal adding this. > Thanks. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[Fwd: [sling-org-apache-sling-pipes] annotated tag org.apache.sling.pipes-0.0.10 created (now 599e47e)]
Hi, I neglected to previously push the tags to the git repos. Apparently this generates _loads_ of email notifications since it includes every tagged commit. Really sorry about the email flood. THanks, Robert--- Begin Message --- This is an automated email from the ASF dual-hosted git repository. rombert pushed a change to annotated tag org.apache.sling.pipes-0.0.10 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-pipes.git. at 599e47e (tag) tagging b3062aedc838b697b86dc4a38337eb91439b12b5 (commit) by Oliver Lietz on Mon Oct 10 07:53:18 2016 + - Log - org.apache.sling.pipes-0.0.10 --- This annotated tag includes the following new commits: new 7d8dd3e SLING-5134 - new Sling Pipes module, donated by Nicolas Peltier, thanks! new 71f5ff4 SLING-5361 Plain string expressions shouldn't be evaluated new bea5e38 SLING-5362 Default output should be truncated new 3a36234 SLING-5433 - WritePipe should remove a property when value is evaluated as null new 6d828c6 SLING-5431 - PipeBinding NPE when evaluating null expression new dd440e9 SLING-5434 - WritePipe shoud remove properties at the very end new dcaabb7 SLING-5523 - filter pipe should be able to filter out resources that *have* a configured child new 44c3578 fix test by adding a time zone new 18e222e SLING-5718 Pipes size parameter is ignored new 43bda66 SLING-5728 enhance filterpipe logging (patch provided by Nicolas Peltier) new 96b3989 SLING-5729 pipe expressions should allow regexp with {n} or {n,m} (patch provided by Nicolas Peltier) new 9eb8d4d SLING-5735 Pipes XPathPipe does not log query (patch provided by Nicolas Peltier) new 42c9c0f SLING-6032 - Not sling pipe new c21dae5 SLING-5818 - Make sling pipe writer a persistent configuration new e40cd79 SLING-6032 - Not sling pipe SLING-5818 - Make sling pipe writer a persistent configuration new bfffca2 SLING-6063 - plumber servlet doesn't persist changes anymore new befff31 SLING-6073 pipe writer and additionalbindings configurations added through POST break the pipe new 01b272e use Sling parent 28 new c6f5163 style new 5edb2dd style new 2146966 move DefaultOutputWriter and PlumberServlet to package impl new 03ac78b rename package impl internal new d5b073e move non-extensible pipes to package internal new 088c4f8 typo new f7e399f typo new 0945744 SLING-6104 : Improve handling to avoid Oak warning new c1911c4 SLING-6122 Sling Pipes javadoc fails new 4fa993e add scm settings new 6e503dc fix developerConnection in scm settings new 429539b [maven-release-plugin] prepare release org.apache.sling.pipes-0.0.10 new b3062ae [maven-release-plugin] copy for tag org.apache.sling.pipes-0.0.10 The 31 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. -- To stop receiving notification emails like this one, please contact ['"comm...@sling.apache.org" ']. --- End Message ---
Re: [git] Where is launchpad.base ?
Great, thanks Robert Robert Munteanu wrote > On Tue, 2017-11-07 at 11:04 +0200, Robert Munteanu wrote: >> On Tue, 2017-11-07 at 09:54 +0100, Carsten Ziegeler wrote: >>> It seems that launchpad.base (not launchpad.builder which we >>> renamed >>> to >>> starter) is not available in git. At least I cant find it. >>> >>> Carsten >> >> It was left out, not sure why. >> >> I've created the repo on Github/Gitbox, it will take at most 30 >> minutes >> for the 'sling' team to get write access and I'll push the commits >> then. > > Done > > https://github.com/apache/sling-org-apache-sling-launchpad-base > > Robert > -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
Re: [git] Where is launchpad.base ?
On Tue, 2017-11-07 at 11:04 +0200, Robert Munteanu wrote: > On Tue, 2017-11-07 at 09:54 +0100, Carsten Ziegeler wrote: > > It seems that launchpad.base (not launchpad.builder which we > > renamed > > to > > starter) is not available in git. At least I cant find it. > > > > Carsten > > It was left out, not sure why. > > I've created the repo on Github/Gitbox, it will take at most 30 > minutes > for the 'sling' team to get write access and I'll push the commits > then. Done https://github.com/apache/sling-org-apache-sling-launchpad-base Robert
Re: [git] Where is launchpad.base ?
On Tue, 2017-11-07 at 09:54 +0100, Carsten Ziegeler wrote: > It seems that launchpad.base (not launchpad.builder which we renamed > to > starter) is not available in git. At least I cant find it. > > Carsten It was left out, not sure why. I've created the repo on Github/Gitbox, it will take at most 30 minutes for the 'sling' team to get write access and I'll push the commits then. Robert
[git] Where is launchpad.base ?
It seems that launchpad.base (not launchpad.builder which we renamed to starter) is not available in git. At least I cant find it. Carsten -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org