Re: Removal of my name from the Emeritus volunteers list

2021-03-02 Thread Rene Gielen 
Antonio,

we are sorry to hear this, since this page entry first and foremost
represents you personal, unexpirable merit in contributing to the growth
and maintenance of a software project quite a few people found and still
find useful.

We respect your decision and wish you all the best. If your feelings
change in future, just drop us a line and we will happily reestablish
the former state.

- René
on behalf of the Struts PMC

Am 25.02.21 um 10:18 schrieb Antonio Petrelli:
> Greetings
> I am Antonio Petrelli, former PMC member of Struts, Tiles and Velocity.
> Following the removal of Marko Rodriguez from the TinkerPop project I would
> like to express my disappointment against Apache Software Foundation, that
> when I was involved was all about merit and meritocracy. Policing thought
> and speech was never its mission and now the woke and cancel culture ruined
> it all.
> 
> So please I want to express my disappointment by asking you to remove my
> name from the list of emeritus volunteers in your Struts website.
> 
> I hope you understand
> 
> Antonio Petrelli
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[ANN] [SECURITY] Announcing CVE-2019-0230 (Possible RCE) and CVE-2019-0233 (DoS) security issues

2020-08-13 Thread Rene Gielen 
Two new Struts Security Bulletins have been issued for Struts 2 by the
Apache Struts Security Team: [1]

S2-059 - Forced double OGNL evaluation, when evaluated on raw user input
in tag attributes, may lead to remote code execution (CVE-2019-0230) [2]

S2-060 - Access permission override causing a Denial of Service when
performing a file upload (CVE-2019-0233) [3]

Both issues affect Apache Struts in the version range 2.0.0 - 2.5.20.
The current version 2.5.22, which was released in November 2019, is not
affected.

CVE-2019-0230 has been reported by Matthias Kaiser, Apple Information
Security. By design, Struts 2 allows developers to utilize forced double
evaluation for certain tag attributes. When used with unvalidated, user
modifiable input, malicious OGNL expressions may be injected. In an
ongoing effort, the Struts framework includes mitigations for limiting
the impact of injected expressions, but Struts before 2.5.22 left an
attack vector open which is addressed by this report. [2]

However, we continue to urge developers building upon Struts 2 to not
use %{...} syntax referencing unvalidated user modifiable input in tag
attributes, since this is the ultimate fix for this class of
vulnerabilities. [4]

CVE-2019-0233 has been reported by Takeshi Terada of Mitsui Bussan
Secure Directions, Inc. In Struts before 2.5.22, when a file upload is
performed to an Action that exposes the file with a getter, an attacker
may manipulate the request such that the working copy of the uploaded
file or even the container temporary upload directory may be set to
read-only access. As a result, subsequent actions on the file or file
uploads in general will fail with an error. [3]

Both issues are already fixed in Apache Struts 2.5.22, which was
released in November 2019.

We strongly recommend all users to upgrade to Struts 2.5.22, if this has
not been done already. [5][6]

The Apache Struts Security Team would like to thank the reporters for
their efforts and their practice of responsible disclosure, as well as
their help while investigating the report and coordinating public
disclosure.

[1] https://struts.apache.org/announce.html#a20200813
[2] https://cwiki.apache.org/confluence/display/ww/s2-059
[3] https://cwiki.apache.org/confluence/display/ww/s2-060
[4]
https://struts.apache.org/security/#use-struts-tags-instead-of-raw-el-expressions
[5] https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.22
[6] https://struts.apache.org/download.cgi#struts-ga

-- 
René Gielen
http://twitter.com/rgielen



signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Struts Maven Archetypes 2.5.22

2020-07-07 Thread Rene Gielen 
+1 GA, binding

Thanks Lukasz!

- René

Am 02.07.20 um 07:31 schrieb Lukasz Lenart:
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Site build job re-activated

2020-04-24 Thread Rene Gielen 
Hey Lukasz,

there is still no publication of the latest site master. Looking into
the ticket, you said things work now, but ...?!?

Thanks & regards,
René

Am 13.04.20 um 09:02 schrieb Lukasz Lenart:
> pon., 13 kwi 2020 o 08:45 Rene Gielen  napisał(a):
>>
>> Thanks Lukasz!
>>
>> As I also mentioned in my comment, it does not look like direct pushes
>> to master get picked up for the production site. Do you have an idea?
> 
> This worked well, if not we can ask INFRA to take a look again at it.
> 
> https://issues.apache.org/jira/browse/INFRA-20016
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: OSGi Support

2020-04-13 Thread Rene Gielen 
This is more a question for the users list, isn't it?

- René

Am 09.04.20 um 08:15 schrieb Lukasz Lenart:
> śr., 8 kwi 2020 o 22:44 Martin Gainty  napisał(a):
>>
>> .Hi Lukasz
>>
>> /2.3.24.1/bundles>grep -S -l "bundle<" *.*
>>
>> ./admin/pom.xml
>> ./demo/pom.xml
> 
> Yes, I know that we have support for OSGi, my question is, does
> anybody is using this? Or maybe it can be marked as deprecated and
> removed?
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Releases and distribution

2020-04-13 Thread Rene Gielen 
Hi Justin,

Am 13.04.20 um 08:23 schrieb Justin Mclean:
> Hi,
> 
>> Both artifacts however are technical upstream artifacts for framework
>> releases and it does not make any sense for them to be used outside of
>> this context, say by end users upgrading their stack.
> 
> Well ASF policy states anything released needs to be put in the offical 
> release area, so you may need permission form the board to do it like this? 
> No need to rush to change anything right now. I can get back to you after 
> this is discussed at (or before) the next board meeting. 
> 

I'd argue there is nothing wrong with what we and AFAICS numerous other
ASF projects do here. These are official releases of artifatcs that have
a slightly different lifecycle than the framework releases relevant to
end users, which is why they were separated. End users will consume
theses artifacts as transitive dependencies when upgrading to the next
framework release, but it does not make sense to download them or use or
upgrade them directly in end user software projects.

So these are official releases that do not qualify for, say, issueing a
press release :)

But if the board thinks this needs adjustment we will be happy to apply
the then requested changes.

>> Does it make sense to list them in the report regardless?
> 
> The PMC voted on them so I'd say it makes sense to list then, but then you 
> might get asked why they are not in the release area.:-)
>
Actually we have done this in the past, and as I stated, I have simply
overseen it :) But this also raised the question above...

>> Should I adjust the already submitted report?
> 
> If you want to sure, but there's no need as I’ve added a comment to the 
> report.

Given that there is enough time left before the board meeting starts,
I'll adjust it then.

Thanks,
René

> 
> Thanks,
> Justin
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Site build job re-activated

2020-04-12 Thread Rene Gielen 
Thanks Lukasz!

As I also mentioned in my comment, it does not look like direct pushes
to master get picked up for the production site. Do you have an idea?

- René

[1] https://github.com/apache/struts-site/pull/144#discussion_r407337579

Am 11.04.20 um 19:08 schrieb Lukasz Lenart:
> Hi,
> 
> I have prepared a simple HOWTO change the website, you can review it here
> https://struts.staged.apache.org/updating-website.html
> 
> and merge this PR if ok
> https://github.com/apache/struts-site/pull/144
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Releases and distribution

2020-04-12 Thread Rene Gielen 
Hi Justin,

good catch - it was overseen.

Both artifacts however are technical upstream artifacts for framework
releases and it does not make any sense for them to be used outside of
this context, say by end users upgrading their stack.

Does it make sense to list them in the report regardless?
Should I adjust the already submitted report?

Thanks,
René

Am 13.04.20 um 03:42 schrieb Justin Mclean:
> Hi,
> I see votes Struts Master 14 and Struts Annotations 1.0.7 that are not 
> mentioned in the board report or in the normal release area [1], but they 
> seem to have been published via maven and I just wondering why that is the 
> case.
> Thanks,
> Justin
> 
> 1. https://dist.apache.org/repos/dist/release/struts/
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Site build job re-activated

2020-04-11 Thread Rene Gielen 
Hey folks,

was there a specific reason the Struts site build job was de-activated?
https://builds.apache.org/view/S-Z/view/Struts/job/Struts-site/

I re-activated it, so if this increases the probability for world
destruction please let me know :)

- René

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[ANN] Launch of the 2020 ASF Community Survey

2019-12-06 Thread Rene Gielen 
On behalf the ASF Diversity & Inclusion Committee:

Hello everyone,

If you have an apache.org email, you should have received an email with
an invitation to take the 2020 ASF Community Survey. Please take 15
minutes to complete it.

If you do not have an apache.org email address or you didn’t receive a
link, please follow this link to the survey:
https://communitysurvey.limequery.org/454363

This survey is important because it will provide us with scientific
information about our community, and shed some light on how we can
collaborate better and become more diverse. Our last survey of this kind
was implemented in 2016, which means that our existing data about Apache
communities is outdated. The deadline to complete the survey is January
4th, 2020. You can find information about privacy on the survey’s
Confluence page [1].

Your participation is paramount to the success of this project! Please
consider filling out the survey, and share this news with your fellow
Apache contributors. As individuals form the Apache community, your
opinion matters: we want to hear your voice.

If you have any questions about the survey or otherwise, please reach
out to us!

Kindly,
ASF Diversity & Inclusion
https://diversity.apache.org/


[1]
https://cwiki.apache.org/confluence/display/EDI/Launch+Plan+-+The+2020+ASF+Community+Survey


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Travel Assistance for ApacheCon NA Las Vegas 2019 now open.

2019-05-21 Thread Rene Gielen 
Extending on behalf of the Apache Travel Committee.

---

The Travel Assistance Committee (TAC) are pleased to announce that
travel assistance applications for ApacheCon NA 2019 are now open!

We will be supporting ApacheCon NA Las Vegas, Nevada on 9th - 12th
September 2019

 TAC exists to help those that would like to attend ApacheCon events,
but are unable to do so for financial reasons.
For more info on this years applications and qualifying criteria, please
visit the TAC website at
< http://www.apache.org/travel/  >.
Applications opened today and will close around the 21st June.

Important: Applications close on June 21st, 2019. Applicants have until
the closing date above to submit their applications (which should
contain as much supporting material as required to efficiently and
accurately process their request), this will enable TAC to announce
successful awards shortly afterwards.

As usual, TAC expects to deal with a range of applications from a
diverse range of backgrounds. We therefore encourage (as always) anyone
thinking about sending in an application to do so ASAP.
We look forward to greeting many of you in Las Vegas!

Kind Regards,
Gavin - (On behalf of the Travel Assistance Committee)

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts Master 13

2018-10-01 Thread Rene Gielen 
+1 GA (binding)


Am 27.09.18 um 08:48 schrieb Lukasz Lenart:
> The Struts Master 13 test build is now available as a Maven artifact.
> https://repository.apache.org/content/groups/staging/org/apache/struts/struts-master/13/
> 
> Release notes:
> * uses a proper profile to prepare a release, "apache-release" instead
> of "release"
> 
> If you have had a chance to review the test build, please respond with
> a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> The vote will remain open for at least 72 hours, longer upon request.
> 
> 
> Kind regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE][FASTTRACK] Struts 2.5.17

2018-08-20 Thread Rene Gielen 
+1 GA (binding)

Am 20.08.18 um 07:31 schrieb Yasser Zamani:
> The Apache Struts 2.5.17 test build is now available. In addition to critical
>  overall proactive security improvements, it includes the latest security 
> patch
>  which fixes one possible vulnerability:
> - Possible Remote Code Execution when using results with no namespace.
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-057
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.17
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.5.17/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards.
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[VOTE][FASTTRACK] Struts 2.3.35

2018-08-20 Thread Rene Gielen 
+1 GA (binding)

@Yasser: Great work, thanks a lot!
Please keep in mind that your vote also counts. You have casted a vote,
yet not voted yourself. Please consider doing so since we need at least
3 binding +1!

Am 20.08.18 um 07:30 schrieb Yasser Zamani:
> The Apache Struts 2.3.35 test build is now available. In addition to critical
>  overall proactive security improvements, it includes the latest security 
> patch
>  which fixes one possible vulnerability:
> - Possible Remote Code Execution when using results with no namespace.
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-057
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.35
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.35/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards.
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 

-- 
René Gielen
IT-Neering.net
Kalkbergstraße 171, 52080 Aachen, Germany
Tel: +49-(0)2405-4067285
Fax: +49-(0)2405-4067286
Cel: +49-(0)163-2844164
http://twitter.com/rgielen

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

REMINDER - TAC Applications closes in 2 weeks for ACNA Montréal

2018-04-18 Thread Rene Gielen 
Reminder that travel assistance applications for ApacheCon NA 2018 are
still open but only for another*2 weeks*!
Please get your applications in NOW.

We will be supporting ApacheCon NA Montréal, Canada on 24th - 29th
September 2018

 TAC exists to help those that would like to attend ApacheCon events,
but are unable to do so for financial reasons. 
For more info on this years applications and qualifying criteria, please
visit the TAC website at < http://www.apache.org/travel/ >. Applications
are now open and will close 1st May. 

*Important*: Applications close on May 1st, 2018. Applicants have until
the closing date above to submit their applications (which should
contain as much supporting material as required to efficiently and
accurately process their request), this will enable TAC to announce
successful awards shortly afterwards. 

As usual, TAC expects to deal with a range of applications from a
diverse range of backgrounds. We therefore encourage (as always) anyone
thinking about sending in an application to do so ASAP.   
We look forward to greeting many of you in Montreal

Kind Regards, 
Gavin - (On behalf of the Travel Assistance Committee)


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts Master 11

2017-08-22 Thread Rene Gielen 
+1 GA (binding)

Am 18.08.17 um 10:12 schrieb Lukasz Lenart:
> The Struts Master 11 test build is now available as a Maven artifact.
> 
> https://repository.apache.org/content/groups/staging/org/apache/struts/struts-master/11/
> 
> Release notes:
> * uses the latest Apache Parent POM version 18 which include new
> versions of plugins
> 
> If you have had a chance to review the test build, please respond with
> a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> The vote will remain open for at least 72 hours, longer upon request.
> 
> 
> Kind regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: S2 makes Hacker News :/

2017-03-14 Thread Rene Gielen 
More of that...
http://www.reuters.com/article/us-canada-cyber-idUSKBN16K2BC

Am 09.03.17 um 16:04 schrieb Lukasz Lenart:
> 2017-03-09 15:45 GMT+01:00 Dave Newton :
>> https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites
> 
> Yeah... this is a sad news, even if we tried our best to keep this
> confidential ...
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: How to select how to solve issue?

2017-02-13 Thread Rene Gielen 
Am 13.02.17 um 12:10 schrieb Lukasz Lenart:
> 2017-02-04 19:19 GMT+01:00 Yasser Zamani :
>> 2. When I fixed WW-4694, I discovered that our AnnotationUtils has not
>> any tangible improvement for about 4 years and also, with my changes, a
>> method named isAnnotatedBy will be almost useless or duplicate. But
>> Spring has a similar class with same name and purpose which has been
>> wrote more robust and much newer than our one. I'm sure I can merge them
>> carefully with respect to not breaking the rest of the current codes and
>> also, merge only until my changes get clear, beauty and known future
>> bugs free, not merge everything. But is it recommended by you? Or no,
>> you prefer fewer changes but with higher possibility of future bugs and
>> maybe ugly code as changes made day by day?
> 
> It also depends :) If it is possible to resolve issue without coping,
> that's good, but if there is already a fix at hand and the solution
> isn't too specific (which can harm users at some point) I don't mind
> borrowing code ;-)
> 
> 

To get more into detail here: Copying from other OS licensed code is ok
as long as all requirements are met.

First off, it must be an OS license that is compatible with ASL V2.0.
See https://www.apache.org/legal/resolved#category-a for a complete list.

Second, we have to comply with specific license requirements of the
original work. In case of Spring both is quite easy, since they are
using ASL 2.0 themselves.

The important section in ASL 2.0 is cited below. As long theses
requirements are met, derived code is ok to be included legally.

- René

4. Redistribution. You may reproduce and distribute copies of the Work
or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You meet the
following conditions:

You must give any other recipients of the Work or Derivative Works a
copy of this License; and
You must cause any modified files to carry prominent notices stating
that You changed the files; and
You must retain, in the Source form of any Derivative Works that You
distribute, all copyright, patent, trademark, and attribution notices
from the Source form of the Work, excluding those notices that do not
pertain to any part of the Derivative Works; and
If the Work includes a "NOTICE" text file as part of its distribution,
then any Derivative Works that You distribute must include a readable
copy of the attribution notices contained within such NOTICE file,
excluding those notices that do not pertain to any part of the
Derivative Works, in at least one of the following places: within a
NOTICE text file distributed as part of the Derivative Works; within the
Source form or documentation, if provided along with the Derivative
Works; or, within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents of the
NOTICE file are for informational purposes only and do not modify the
License. You may add Your own attribution notices within Derivative
Works that You distribute, alongside or as an addendum to the NOTICE
text from the Work, provided that such additional attribution notices
cannot be construed as modifying the License.

You may add Your own copyright statement to Your modifications and may
provide additional or different license terms and conditions for use,
reproduction, or distribution of Your modifications, or for any such
Derivative Works as a whole, provided Your use, reproduction, and
distribution of the Work otherwise complies with the conditions stated
in this License.


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Upgrading do Servlet API 2.5 and JSP API 2.1

2016-11-24 Thread Rene Gielen 
Am 23.11.16 um 12:56 schrieb Lukasz Lenart:
> I prefer to go in small steps:
> 
> - Struts 2.6 - Servlets 2.5, JSP 2.1, Java 7
> - Struts 3 - Servlets 3.0, JSP 2.2, Java 7
> - Struts 4 - ..., Java 8
> 
> and as from Struts 3 switch to full Semantic Versioning http://semver.org/

+1 to all these proposals.

While Struts itself keeps innovating a great deal, a big portion of our
user base is usually conservative in their platform upgrade policy.

- René

> 
> 
> Regards
> Lukasz
> 
> 2016-11-18 13:15 GMT+01:00 Aaron Johnson :
>> +1 for Struts 2.6 with Servlet 3.0 and JSP 2.2
>>
>> On Thu, Nov 17, 2016 at 2:17 AM, Johannes Geppert  wrote:
>>
>>> +1 for a 2.6.x based on Servlet 3.0 and JSP 2.2.
>>>
>>> Best Regards
>>>
>>> Johannes
>>>
>>> #
>>> web: http://www.jgeppert.com
>>> twitter: http://twitter.com/jogep
>>>
>>>
>>> 2016-11-16 18:01 GMT+01:00 Aleksandr Mashchenko :
>>>
 Maybe Servlet 3.0 and JSP 2.2.

 For example: Apache Tomcat implements both in it 7.0.x series, which is
 available since ~2011.
 And support for the Apache Tomcat 6.0.x will end on 31 December 2016.

 ---
 Regards,
 Aleksandr


 -
 To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
 For additional commands, e-mail: dev-h...@struts.apache.org


>>>
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.30

2016-07-13 Thread Rene Gielen 
+1 GA (binding)

Am 12.07.16 um 07:37 schrieb Lukasz Lenart:
> The Apache Struts 2.3.30 test build is now available. With this release:
> 
> [WW-4641] - CVE-2016-0785
> [WW-4642] - Unable to retrieve s:hidden field values
> [WW-4645] - SecurityMemberAccess exclude class design issue
> [WW-4651] - Negative number is considered an arithmetic expression
> [WW-4648] - Upgrade commons-fileupload to the latest version
> 
> also this version uses the latest OGNL 3.0.x series which doesn't
> allow modify `_memeberAccess` via a key plus doesn't treat negative
> numbers as an expression
> https://github.com/jkuhnert/ognl#release-notes---version-3110-3019
> 
> Release notes
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.30
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.30/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
> 
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
> 
> 
> Kind regards
> 

-- 
René Gielen
IT-Neering.net
Kalkbergstraße 171, 52080 Aachen, Germany
Tel: +49-(0)2405-4067285
Fax: +49-(0)2405-4067286
Cel: +49-(0)163-2844164
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE][FASTTRACK] Struts 2.3.24.3

2016-04-20 Thread Rene Gielen 
+1 GA, binding

Am 20.04.16 um 15:19 schrieb Lukasz Lenart:
> The Struts 2.3.24.3 test build is now available. It includes the
> latest security patch which fixes three possible vulnerabilities:
> - Forced double OGNL evaluation, when evaluated on raw user input in
> tag attributes, may lead to remote code execution.
> - Possible RCE vulnerability in XSLTResult
> - Prevents execution of chained expressions based on new isSequence
> flag introduce in appropriated OGNL versions
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-029
> * https://cwiki.apache.org/confluence/display/WW/S2-031
> * https://cwiki.apache.org/confluence/display/WW/S2-032
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.24.3
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.24.3/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards
> 

-- 
René Gielen
IT-Neering.net
Kalkbergstraße 171, 52080 Aachen, Germany
Tel: +49-(0)2405-4067285
Fax: +49-(0)2405-4067286
Cel: +49-(0)163-2844164
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE][FASTTRACK] Struts 2.3.20.3

2016-04-20 Thread Rene Gielen 
+1 GA, binding

Am 20.04.16 um 13:51 schrieb Lukasz Lenart:
> The Struts 2.3.20.3 test build is now available. It includes the
> latest security patch which fixes three possible vulnerabilities:
> - Forced double OGNL evaluation, when evaluated on raw user input in
> tag attributes, may lead to remote code execution.
> - Possible RCE vulnerability in XSLTResult
> - Prevents execution of chained expressions based on new isSequence
> flag introduce in appropriated OGNL versions
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-029
> * https://cwiki.apache.org/confluence/display/WW/S2-031
> * https://cwiki.apache.org/confluence/display/WW/S2-032
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.20.3
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.20.3/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE][FASTTRACK] Struts 2.3.28.1

2016-04-20 Thread Rene Gielen 
+1 GA, binding

Am 20.04.16 um 08:42 schrieb Lukasz Lenart:
> The Struts 2.3.28.1 test build is now available. It includes the
> latest security patch which fixes two possible vulnerabilities:
> - Possible RCE vulnerability in XSLTResult
> - Prevents execution of chained expressions based on new isSequence
> flag introduce in appropriated OGNL versions
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-031
> * https://cwiki.apache.org/confluence/display/WW/S2-032
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.28.1
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.28.1/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.27

2016-03-19 Thread Rene Gielen 
+1 GA (binding)

- René

Am 18.03.16 um 10:01 schrieb Lukasz Lenart:
> This is a third call in row with tiny fix discovered during test
> period so I'm going to speed things up as there are three security
> bulletins addressed with this release.
> 
> The Apache Struts 2.3.26 test build is now available. With this release:
> - Possible XSS vulnerability in pages not using UTF-8 was fixed, read
> more details in S2-028
> - Prevents possible RCE when reusing user input in tag's attributes,
> see more details in S2-029
> - I18NInterceptor narrows selected locale to those available in JVM to
> reduce possibility of another XSS vulnerability, see more details in
> S2-030
> - New Configurationprovider type was introduced -
> ServletContextAwareConfigurationProvider, see WW-4410
> - Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
> - Spring BeanPostProcessor(s) are called only once to constructed
> objects., see WW-4554
> - OGNL was upgraded to version 3.0.13, see WW-4562
> - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568
> - A dedicated assembly with minimal set of jars was defined, see WW-4570
> - Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
> - Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
> - MessageStoreInterceptor was refactored to use PreResultListener to
> store messages, see WW-4605
> - A new annotation was added to support configuring Tiles -
> @TilesDefinition, see WW-4606
> 
> and few other small improvements, please see the release notes
> 
> Security note:
> This release fixes three potential security vulnerabilities as
> mentioned in the Version Notes
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.27
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.27/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> The vote will remain open for at least 24 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
> 
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
> 
> 
> Kind regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Struts 2.3.25

2016-03-03 Thread Rene Gielen 
This is good news!

Am 04.03.16 um 08:27 schrieb Lukasz Lenart:
> Hi,
> 
> Struts 2.3.25 is almost here just 5 issues left but those aren't huge 
> problems.
> 
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20WW%20AND%20fixVersion%20%3D%202.3.25%20AND%20resolution%20%3D%20Unresolved%20
> 
> 
> Regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: SMI on steroids Feature Request

2016-02-12 Thread Rene Gielen 
Greg is a Struts committer and as such completely free to implement and
commit on features or bugs, with or without PR. Given that, I think Greg
is pretty well aware how things are run.

Just in case this needs clarification, I'll put this straight with my
"manager" (aka PMC member) hat on:
What goes into releases is subject to silent consensus or explicit
consensus if discussion is needed or wanted. While the PMC members have
the final word in non-trivial or controversial decisions, all
participants on the dev-list or user-list are heard and have the power
to express their opinions and thus influence actual decisions.

The depicted decision flow is incorrect in that we don't have one, two
or whatever number of folks here that "filter" requests and then pass it
to be voted upon. We rarely vote on features anyway. We prefer simple
discussions among all people feeling involved, with hopefully valuable
outcome.

The sole purpose of this thread is to clarify on future directions of
SMI/DMI. I have no clue what kind of working patch, as suggested, would
help here. As for making the case for users and user impact as well as
why something is useful, this is the *essence* of this thread and the
referenced ticket and this is exactly what is being discussed here.

- René

Am 12.02.16 um 14:45 schrieb Martin Gainty:
> Hi Greg
> since barosso got a FT job at Amazon the Struts managers that call the shots 
> on new Struts features are Lukasz and Dave
> 
> If they say this is a good idea that should be voted on and then implemented 
> then perhaps our feature might be implemented
> 
> My suggestions is to lay out the groundwork for the new feature that is:
> Make the case that users like yourself would find this new feature useful
> If possible submit a working patch to latest codebase and a testcase 
> demonstrating the viability of this new feature
> As you probably have guessed already i am not a manager..so this is not my 
> call
> Good Luck Greg!
> Martin 
> __ 
>   
> 
> 
> 
>> Date: Thu, 11 Feb 2016 11:02:41 +
>> Subject: Re: SMI on steroids
>> From: gregh3...@gmail.com
>> To: dev@struts.apache.org
>>
>> Can there be two levels on the SMI?
>>
>> If DMI is on and SMI is in relaxed-strict mode (false) we can leave the
>>
>> {1} and prefix{0}suffix in so it works.
>>
>> although it would be better to have some kind of regex ie
>> regex:([A-Z-a-z]*) for safety plus a max length!
>>
>> Then if SMI is in strict mode (true) remove {1} and prefix{0}suffix so it
>> will then fall back on the global/allowed-methods.
>>
>> Just a thought.
>>
>> Cheers Greg
>>
>>
>>
>>
>> On 5 February 2016 at 09:23, Lukasz Lenart  wrote:
>>
>>> 2016-02-05 10:20 GMT+01:00 Greg Huber :
 my lastest comment..

 The entry that we don't want is {1} style

 PatternAllowedMethod{allowedMethodPattern=(.*), original='\{1\}'\}

 which is don't check anything, effectively disabling SMI.

 run{1}This style could be left in, as they are pretty restrictive, or is
 there a regex for the pattern that could be added to the globals,
 acknowledging there is a potential risk in your DMI?
>>>
>>> Yes, that true, but this approach is very strict and can affect many
>>> users/projects. I would like to hear other's opinion
>>>
>>>
>>> Regards
>>> --
>>> Łukasz
>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>
>>>
> 
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Official Docker images

2016-02-08 Thread Rene Gielen 
Would be a nice addition, indeed.

I think an image with Tomcat+war would be a good way to go for people to
try the showcases.

Maven image + checkout from git + building would be of interest for core
developers only, not sure wether one would want to go down this route.

- René

Am 08.02.16 um 11:25 schrieb Christoph Nenning:
>> Hi,
>>
>> I have updated the image at DockerHub, introduced Dockerfile to build
>> the image plus some other changes. The previous version was broken
>> (autogenerated CSSs were broken)
>>
>> https://hub.docker.com/r/theapachestruts/struts-site-jekyll/
>>
>> Should I prepare images with Showcase app and Showcase-rest? wdyt?
>>
>>
> 
> 
> +1
> 
> 
> Which way do you want to build them?
> Add another step to maven to wrap WAR in an image and push it?
> Or create an image which contains maven, checks out code from git and 
> builds the app on the fly?
> 
> 
> The latter approach causes problems for people behind a proxy.
> 
> 
> 
> Regards,
> Christoph
> 
> This Email was scanned by Sophos Anti Virus
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.5 BETA3

2016-01-22 Thread Rene Gielen 
[ ] Leave at test build
[ ] Alpha
[x] Beta
[ ] General Availability (GA)

Great job!


Am 21.01.16 um 14:56 schrieb Lukasz Lenart:
> The Apache Struts 2.5 BETA3 test build is now available.
> 
> New in BETA1
> - XWork source was merged into Struts Core source, it means that there
> be no more xwork artifact nor dedicated jar
> - OGNL was upgraded to version 3.0.11 and it breaks access to
> properties as it follows Java Bean Specification, see WW-4207 and
> WW-3909
> - Spring dependency for tests and spring plugin was upgraded to
> version 4.1.6, see WW-4510.
> - Struts2 internal logging api was marked as deprecated and was
> replaced with new Log4j2 api as logging layer, see WW-4504.
> - Struts2 is now build with JDK7, see WW-4503.
> - New plugin to support bean validation is now part of the
> distribution, see WW-4505.
> - Deprecated plugins are now removed from the distribution and are not
> longer supported anymore.
> - - Dojo Plugin
> - - Codebehind Plugin
> - - JSF Plugin
> - - Struts1 Plugin
> 
> New in BETA2
> - New security option was added - Strict Method Invocation (also known
> as Strict DMI), see WW-4540
> - Add support for latest stable AngularJS in Maven archetype, see WW-4522
> 
> New in BETA3
> - Dropped support for id and name - replaced with var, see WW-2069
> - Dedicated archive with a minimal set of dependencies was introduced,
> see WW-4570
> - It is possible to use multiple names when defining a result, see WW-4590
> - Rest plugin honors Accept header, see WW-4588
> - New result 'JSONActionRedirectResult' in json-plugin was defined, see 
> WW-4591
> - Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was
> dropped, see WW-4584
> - JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381
> - OGNL was upgraded to version 3.0.11 and it breaks access to
> properties as it follows Java Bean Specification, see WW-4207 and
> WW-3909
> - - and then OGNL was upgraded to version 3.1.1, see WW-4561
> - - and then OGNL was upgraded to version 3.2.1, see WW-4577
> 
> Release notes
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.5-BETA3/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
> 
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
> 
> 
> Kind regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: From Confluence to Markdown

2016-01-14 Thread Rene Gielen 
Hi Lukasz,

sorry for seeing this post a little bit late - too much mails all
around, I guess :)

I've made some progress on this as time permits, but still a lot to be
done. I'm convinced that moving to MarkDown / AsciiDoctor would be a
HUGE improvement both for our docs in general as well as our publishing
workflows. Nevertheless, exporting the existing docs is still cumbersome
so far ...

- René

Am 28.11.15 um 10:48 schrieb Lukasz Lenart:
> Hi,
> 
> Rene you have mentioned sometime ago that you are working on solution
> to migrate our existing Confluence space into Markdown/AsciiDoc. Can
> you share more insights?
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: unsubscribe me

2016-01-07 Thread Rene Gielen 
Please follow the instructions found here:
http://struts.apache.org/mail.html

Am 06.01.16 um 19:17 schrieb john feng:
> unsubscribe
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Official Docker images

2015-10-14 Thread Rene Gielen 
This is really a great improvement for having a portable and easy to
setup publishing platform, indeed.

Related: I made some experiments with JBake lately
http://jbake.org/

The claim "Jekyll of the JVM" pins it down quite well. It requires just
a JDK and integrates perfectly with maven builds. We might want to keep
this on our radar for an even more streamlined future publishing worklflow.

I also made some experiments on how hard it would be to move
documentation to AsciiDoctor, maybe including migration from Confluence.
Not there yet, but it looks really promising for streamlined
documentation in a one-stop publishing process.

- René

Am 08.10.15 um 11:51 schrieb Lukasz Lenart:
> 2015-10-08 11:42 GMT+02:00 Christoph Nenning :
>> Alright. Got it up and running. Some pages are not present, I guess that
>> is stuff exported from wiki, e.g.
>>
>> http://localhost:4000/docs/guides.html
> 
> Exactly, but right now we can improve that as well :)
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.5 BETA1

2015-07-29 Thread Rene Gielen 
> [ ] Leave at test build
> [ ] Alpha
> [x] Beta
> [ ] General Availability (GA)

+1 Beta, binding

good enough at least for a Beta :)

Great job, folks!

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Starting work on 2.5

2015-05-23 Thread Rene Gielen 
Ah, fine then. I was under the impression that only recently deprecated
plugins would be found in
https://github.com/apache/struts-archive/tree/master/plugins.

Thanks folks for clearing up my confusion :)

- René

Am 22.05.15 um 15:51 schrieb Johannes Geppert:
>> It was already there, I assumed it was you when you were working on
>> adding support for Portlet 2 spec
> 
> Right! This is the old one which was replaced with the new portlet2 spec
> implementation.
> 
> 
> #
> web: http://www.jgeppert.com
> twitter: http://twitter.com/jogep
> 
> 
> 2015-05-22 15:46 GMT+02:00 Lukasz Lenart :
> 
>> 2015-05-22 13:40 GMT+02:00 Rene Gielen :
>>> While it is OK for me to drop GitFlow, I'm -1 for moving core
>>> development to GitHub. We should not rely on an external service for our
>>> internal workflow. GitHub should remain the interface for external
>>> contributors, but not the place where the committership driven
>>> development should take place. I'm pretty sure we'll get in trouble
>>> justifying such a move towards the board.
>>
>> I'm not saying that we must use GH for everything, but instead
>> scattering people's repos I prefer working on my own clone or local
>> branch. Each branch pushed into Apache Git will be replicated to
>> GitHub and then to users' repos.
>>
>>> Basides that, what was the reasoning behind deprecating
>>> struts2-portlet-plugin? Did I miss something?
>>
>> It was already there, I assumed it was you when you were working on
>> adding support for Portlet 2 spec
>>
>>
>> Regards
>> --
>> Łukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> For additional commands, e-mail: dev-h...@struts.apache.org
>>
>>
> 

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Starting work on 2.5

2015-05-22 Thread Rene Gielen 
While it is OK for me to drop GitFlow, I'm -1 for moving core
development to GitHub. We should not rely on an external service for our
internal workflow. GitHub should remain the interface for external
contributors, but not the place where the committership driven
development should take place. I'm pretty sure we'll get in trouble
justifying such a move towards the board.

Basides that, what was the reasoning behind deprecating
struts2-portlet-plugin? Did I miss something?

- René

Am 17.05.15 um 10:33 schrieb Lukasz Lenart:
> 2015-05-15 15:08 GMT+02:00 Lukasz Lenart :
>> Finally struts-archive was migrated to Git [1] so I can kicking out
>> deprecated plugins and start cleaning up the code [2]
>>
>> [1] https://git1-us-west.apache.org/repos/asf?p=struts-archive.git;a=tree
>> [2] 
>> https://cwiki.apache.org/confluence/display/WW/Struts+Next#StrutsNext-M1(akaStruts2.5)
> 
> Before I will start working on 2.5 I would like throw away GitFlow -
> it simple doesn't work for the project, to point just few issues:
> - dedicated develop and bunch of feature branches which are replicated
> all over the world and scatter other's repos [1]
> - Maven does tagging which means I always have to remember to use -n
> flag to avoid tagging by GitFlow
> - Maven introduces next development cycle which means I always must
> manually update version in master branch and resolve bunch of
> conflicts in poms
> - etc
> 
> My idea is to have only master branch in Apache Git and use GitHub for
> large work, so committers can always directly push changes to master
> (we use tags to keep track on versions). If you are going to work on
> something bigger you can create local branch or clone Struts via GH
> and work on your own clone there. Next you can prepare a PR which will
> be directly merged into master. So Git repo will always contain just
> one branch which will reduce number of branches scattered over the
> world. And as we use Maven to release new versions, it will be
> possible to release directly from master branch - no need to update
> versions and resolve conflicts.
> 
> All this is based on my over year of experience with using GitFlow in
> Struts. If there be no objections, in 72h - assuming silence
> consensus, I will drop GitFlow support.
> 
> 
> [1] my local list of branches
> * develop
>   feature/WW-4176-support-string-keys-in-json
>   feature/locale-aware-converters
>   master
>   remotes/aleksandr-m/develop
>   remotes/aleksandr-m/feature/exclude-object-class
>   remotes/aleksandr-m/feature/http-interceptor
>   remotes/aleksandr-m/feature/preselect-optgroup
>   remotes/aleksandr-m/feature/remove-html5-deprecations
>   remotes/aleksandr-m/feature/use-js-to-support-multiple-buttons
>   remotes/aleksandr-m/feature/visitor-validator-full-field-name
>   remotes/aleksandr-m/master
>   remotes/origin/HEAD -> origin/master
>   remotes/origin/develop
>   remotes/origin/feature/locale-aware-converters
>   remotes/origin/master
> 
> 
> Regards
> 

-- 
René Gielen
IT-Neering.net
Kalkbergstraße 171, 52080 Aachen, Germany
Tel: +49-(0)2405-4067285
Fax: +49-(0)2405-4067286
Cel: +49-(0)163-2844164
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.24

2015-05-11 Thread Rene Gielen 
Just to make it clear: as of today, Christoph's vote is technically
binding by all means :)

@Christoph: later today you'll get a mail with further information

- René

Am 11.05.15 um 15:03 schrieb Christoph Nenning:
>> 2015-05-10 8:32 GMT+02:00 i...@flyingfischer.ch :
>>> +1 Binding
>>>
>>> Markus Fischer
>>
>> Thanks Markus! But I need one more vote from PMC to get 3x binding
>> votes :) Still waiting...
>>
>>
> 
> Looks fine, here we go:
> 
> 
> +1 binding
> 
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [X] General Availability (GA)
> 
> 
> 
> Regards,
> Christoph
> 
> 
> This Email was scanned by Sophos Anti Virus
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE][FASTTRACK] Struts 2.3.20.1

2015-05-07 Thread Rene Gielen 
+1 GA binding

Thanks Łukasz!

- René

Am 06.05.15 um 09:28 schrieb Lukasz Lenart:
> The Struts 2.3.20.1 test build is now available. It includes the
> latest security patch which fixes one possible vulnerabilities:
> - Wrong excludeParams overrides those defined in 
> DefaultExcludedPatternsChecker
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-024
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.20.1
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.20.1/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [ANN] Apache Struts 2.3.20 GA release available with security fix

2014-12-09 Thread Rene Gielen 
Can't believe this is a minor release
Great job, thank Lukasz!

- René

Am 08.12.14 16:37, schrieb Lukasz Lenart:
> The Apache Struts group is pleased to announce that Apache Struts
> 2.3.20 is available as a "General Availability" release. The GA
> designation is our highest quality grade.
> 
> Apache Struts 2 is an elegant, extensible framework for creating
> enterprise-ready Java web applications. The framework is designed to
> streamline the full development cycle, from building, to deploying, to
> maintaining applications over time.
> 
> One medium security issue was solved with this release:
> 
> S2-023 Generated value of token can be predictable
> * http://struts.apache.org/docs/s2-023.html
> 
> Besides that, this release contains several fixes and improvements
> just to mention few of them:
> - merged security fixes from version 2.3.16.1, 2.3.16.2, 2.3.16.3
> - extended existing security mechanism to block access to given Java
> packages and Classes
> - collection Parameters for RedirectResult
> - make ParametersInterceptor supports chinese in hash key by default
> - themes.properties can be loaded using ServletContext allows to put
> template folder under WEB-INF or on classpath
> - new tag datetextfield
> - only valid Ognl expressions are cached
> - custom TextProvider can be used for validation errors of model driven 
> actions
> - datetimepicker's label fixed
> - PropertiesJudge removed and properties are checked in SecurityMemberAccess
> - resource reloading works in IBM JVM
> - default reloading settings were removed from default.properties
> - commons-fileupload library upgraded to version 1.3.1 to fix
> potential security vulnerability
> - the scheme attribute accepts expressions in s:url tag
> - solves problem with infinite loop in FastByteArrayOutputStream
> - LocalizedTextUtil supports many ClassLoaders
> - Bill of Materials pom was introduced
> - debug=browser|console was migrated to jQuery
> - struts_dojo.js was fixed
> - interface org/apache/struts2/views/TagLibrary was restored and
> marked as @Depreacted
> and many other small improvements, please careful read the version notes.
> 
> The release notes are available online at:
> * http://struts.apache.org/docs/version-notes-2320.html
> 
> All developers are strongly advised to update existing Struts 2
> applications to Struts 2.3.20!
> 
> Struts 2.3.20 is available in a full distribution, or as separate
> library, source, example and documentation distributions, from the
> releases page.
> * http://struts.apache.org/download.cgi#struts2320
> 
> The release is also available from the central Maven repository under
> Group ID "org.apache.struts".
> 
> The 2.3.x series of the Apache Struts framework has a minimum
> requirement of the following specification versions:
> * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
> * Java 2 Standard Platform Edition (J2SE) 5
> 
> Should any issues arise with your use of any version of the Struts
> framework, please post your comments to the user list, and, if
> appropriate, file a tracking ticket.appropriate, file a tracking
> ticket:
> * https://issues.apache.org/jira/browse/WW
> 
> 
> - The Apache Struts group.
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Struts 2.3.20 ready for test

2014-12-01 Thread Rene Gielen 
Hi Markus,

to help collect the vote and for enabling consistent future reference to
the voting process thread it would be great if you could reply to
Łukasz' [VOTE] mail.

Sorry for for being a bit pedantic, and thanks for voting :)

Regards,
René

Am 01.12.14 18:23, schrieb i...@flyingfischer.ch:
> +1 non binding.
> 
> Markus Fischer
> 
> Am 28.11.2014 um 08:56 schrieb Lukasz Lenart:
>> Thanks Volker & Greg! I think it's time to vote :)
>>
>>
>>
>> Regards
>>
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: @required attribute

2014-11-07 Thread Rene Gielen 
We kind of broke it already. Currently it looks broken in either way to me.
I think we should try for the best possible fix that has clear semantics
and an "easy-enough" migration path.

I'd also suggest to discuss this further in the mentioned JIRA ticket to
have a straight issue history.

- René
Am 07.11.2014 22:02 schrieb "Paul Benedict" :

> I'd rather break everything at once. That's how I feel about it. I don't
> want to keep on telling users migration plans from 2.3 to 2.5 and 2.5 to
> 3.0
>
>
> Cheers,
> Paul
>
> On Fri, Nov 7, 2014 at 8:59 AM, Lukasz Lenart 
> wrote:
>
> > 2014-11-07 15:56 GMT+01:00 Paul Benedict :
> > > I keep telling Lukasz we need to build 3.0 -- but he hasn't taken my
> > advice
> > > yet :-)
> >
> > We can skip 2.5 if you think that's better - but we will have a lot of
> > changes at once
> >
> >
> > Regards
> > --
> > Łukasz
> > + 48 606 323 122 http://www.lenart.org.pl/
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > For additional commands, e-mail: dev-h...@struts.apache.org
> >
> >
>

Re: [VOTE] Struts 2.3.18

2014-10-31 Thread Rene Gielen 
To add some additional context, anyone is invited to vote. The more votes
we get, binding or not, the more confident we can be about the release
quality. On the other hand, if we get -1 from any of the voters, we
carefully have to check what the reasons were and if GA release makes sense
then.

For project government reasons, we need at least 3 votes from active PMC
members, aka "binding" votes. PMC members add the binding keyword to their
vote to help the release manager when checking whether this requirement was
met. But I must admit it can easily confused with indicating that one is
really committed to his or her voting decision, which is actually a great
thing to hear about :)

- René
Am 31.10.2014 18:01 schrieb "Lukasz Lenart" :

> 2014-10-31 11:35 GMT+01:00  :
> > +1 GA (binding)
> >
> > I already voted on Monday, but I forget to add the quality
>
> Thanks a lot! But "binding" vote means it was cast by PMC - that's the law
> :-)
>
>
> Cheers
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Fwd: Announcing the new "Powered By Apache" logo

2014-10-27 Thread Rene Gielen 
Looks great!
Am 27.10.2014 14:28 schrieb "Lukasz Lenart" :

> 2014-10-08 7:35 GMT+02:00 Lukasz Lenart :
> > Done, please check - we have one more version then normally as jpg
> > version doesn't allow transparent background :-) She complained a bit
> > for that ;-)
> >
> > https://copy.com/JTqvpsGr7Q4BRgng
> > https://copy.com/PRsAuqAziTd6vJP6
>
> Pushed the logos to production - should be visible in few hours (there
> is a problem with syncing stuff)
> http://www.apache.org/foundation/press/kit/poweredBy/pb-struts.png
> http://www.apache.org/foundation/press/kit/poweredBy/pb-struts.jpg
> http://www.apache.org/foundation/press/kit/poweredBy/pb-struts.psd
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Fwd: Announcing the new "Powered By Apache" logo

2014-10-06 Thread Rene Gielen 
This would be great, yes.

Am 02.10.14 14:31, schrieb Lukasz Lenart:
> Should we prepare the same "Powered by..." logo?
> 
> 
> -- Forwarded message --
> From: Sally Khudairi 
> Date: 2014-10-01 18:32 GMT+02:00
> Subject: Announcing the new "Powered By Apache" logo
> To: ASF Marketing & Publicity 
> 
> 
> [re-sending due to the revised rules re: emailing pmcs@]
> 
> Hello Apache PMCs --
> 
> 
> It's my pleasure to share that that we have a new "Powered By Apache"
> logo available at http://apache.org/foundation/press/kit/
> 
> 
> Kindly note that whilst we have created logos for many TLPs, not all
> have been included. I have asked our design partners (HotWax Media,
> friends of Apache OFBiz) to see if they can complete the full set of
> TLPs, but we need to be patient, as they are donating their services.
> 
> 
> Should you need a logo for your project in the meantime, there is a
> template that you can use to create your own.
> 
> 
> I have also requested high-res versions of the template logo in both
> vector and .eps formats. I'll notify you when they are available.
> 
> 
> We encourage all projects to use the logos and to invite your
> communities to do so as well under the guidelines provided. Thanks in
> advance for helping spread the word!
> 
> 
> As always, feel free to drop me a note if you need anything.
> 
> 
> Thanks,
> Sally
> 
> 
> = = = = =
> vox +1 617 921 8656
> skype sallykhudairi
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 

-- 
René Gielen
IT-Neering.net
Kalkbergstraße 171, 52080 Aachen, Germany
Tel: +49-(0)2405-4067285
Fax: +49-(0)2405-4067286
Cel: +49-(0)163-2844164
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: New logo

2014-09-22 Thread Rene Gielen 
OK, one more thing :)

We should clarify the footer from "Logo and website donated by
SoftwareMill." to "Logo and website design donated by SoftwareMill.

- René

Am 19.09.14 09:31, schrieb Lukasz Lenart:
> Finally, here you have!
> 
> 
> 2014-04-15 8:25 GMT+02:00 Lukasz Lenart :
>> New frontpage with small adjustments: bigger text on download button
>> and info about SoftwareMill donation in the footer
>>
>> https://copy.com/LmnHo87Gydff
>>
>> She is preparing html & css now so I assume after Easters I'm going to
>> apply the new L&F :-)
>>
>>
>> 2014-04-08 19:11 GMT+02:00 Ken McWilliams :
>>> L& F is a big step up from what is there! Really nice.
>>>
>>>
>>> On Tue, Apr 8, 2014 at 8:23 AM, i...@flyingfischer.ch >>> wrote:
>>>
>>>> Looks good! Very clean main page, great work.
>>>>
>>>> Maybe the "honeycomb"-like background image in the green/blue part lacks
>>>> some contrast?
>>>>
>>>> Looking forward to the new design!
>>>>
>>>> Markus
>>>>
>>>> Am 08.04.2014 13:07, schrieb Lukasz Lenart:
>>>>
>>>>  Next version of website
>>>>>
>>>>> Main page
>>>>> https://copy.com/BhaCZtoewOYV
>>>>> Documentation pages
>>>>> https://copy.com/S2Dc0SCoHyv3
>>>>>
>>>>> I love the documentation layout but have some doubts about the main
>>>>> page which I cannot articulate them :\
>>>>>
>>>>>
>>>>> 2014-03-21 21:27 GMT+01:00 Ken McWilliams :
>>>>>
>>>>>> Logo looks great! Like the original all Caps version over the Camel
>>>>>> case...
>>>>>> the later is more understated.
>>>>>>
>>>>>>
>>>>>> On Fri, Mar 21, 2014 at 8:25 AM, Paul Benedict 
>>>>>> wrote:
>>>>>>
>>>>>>  I think the website looks great with the new design and logo.
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Mar 21, 2014 at 8:11 AM, Lukasz Lenart >>>>>>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>
>>>>>>>  Camel cased version
>>>>>>>> https://copy.com/jC4OWepdqrvP
>>>>>>>>
>>>>>>>> 2014-03-21 12:59 GMT+01:00 Lukasz Lenart :
>>>>>>>>
>>>>>>>>> She's working on new layout, first attempt:
>>>>>>>>>
>>>>>>>>> https://copy.com/Ly91R3KAkPCm
>>>>>>>>> https://copy.com/9gghodFkEJmr
>>>>>>>>>
>>>>>>>>> About CamelCase - hm... good question, I also like that - will ask her
>>>>>>>>>
>>>>>>>> ;-)
>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2014-03-19 16:32 GMT+01:00 Rene Gielen :
>>>>>>>>>
>>>>>>>>>> By sudden I realized I forgot to comment so far - shame on me!
>>>>>>>>>>
>>>>>>>>>> Logo image idea / execution: fabulous
>>>>>>>>>> Color scheme: 3rd ++, 2nd +
>>>>>>>>>> Font: Yet undecided. My gut fav is 2nd, but I also agree with Lukasz
>>>>>>>>>> that Aleo (1st) is classy.
>>>>>>>>>>
>>>>>>>>>> Is there a consensus about all uppercase writing? Am I too
>>>>>>>>>> traditional
>>>>>>>>>> by considering good'ol upper+lower as well? :)
>>>>>>>>>>
>>>>>>>>>> Anyway - great job, and a huge thanks to you guys!
>>>>>>>>>>
>>>>>>>>>> - René
>>>>>>>>>>
>>>>>>>>>> Am 07.03.14 15:53, schrieb Lukasz Lenart:
>>>>>>>>>>
>>>>>>>>>>> New colors https://copy.com/mewPAFa0GuQo and designer's answer:
>>>>>>>>>>>
>>>>>>>>>>> Several blue variants to be considered. As well as several fonts.
>>>>>>>>>>>
>>>>>>>>>>> I do not agree about the font - I like it very much, it is modern -
>>>>>>>>>>> not all serifs are outdated.
>>>>>>>>>>>
>>>>>>>>>>> The font is called Aleo, you can read some here
>>>>>>>>>>> http://fontfabric.com/aleo-free-font/
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> 
>>>>>>>>>> -
>>>>>>>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>>>>>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> -
>>>>>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>>>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Paul
>>>>>>>
>>>>>>>
>>>>> -
>>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>>
>>>>>
>>>> -
>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>
>>>>
> 
> 
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: New logo

2014-09-22 Thread Rene Gielen 
Awesome. Nuff said.

- René

Am 19.09.14 09:31, schrieb Lukasz Lenart:
> Finally, here you have!
> 
> 
> 2014-04-15 8:25 GMT+02:00 Lukasz Lenart :
>> New frontpage with small adjustments: bigger text on download button
>> and info about SoftwareMill donation in the footer
>>
>> https://copy.com/LmnHo87Gydff
>>
>> She is preparing html & css now so I assume after Easters I'm going to
>> apply the new L&F :-)
>>
>>
>> 2014-04-08 19:11 GMT+02:00 Ken McWilliams :
>>> L& F is a big step up from what is there! Really nice.
>>>
>>>
>>> On Tue, Apr 8, 2014 at 8:23 AM, i...@flyingfischer.ch >>> wrote:
>>>
>>>> Looks good! Very clean main page, great work.
>>>>
>>>> Maybe the "honeycomb"-like background image in the green/blue part lacks
>>>> some contrast?
>>>>
>>>> Looking forward to the new design!
>>>>
>>>> Markus
>>>>
>>>> Am 08.04.2014 13:07, schrieb Lukasz Lenart:
>>>>
>>>>  Next version of website
>>>>>
>>>>> Main page
>>>>> https://copy.com/BhaCZtoewOYV
>>>>> Documentation pages
>>>>> https://copy.com/S2Dc0SCoHyv3
>>>>>
>>>>> I love the documentation layout but have some doubts about the main
>>>>> page which I cannot articulate them :\
>>>>>
>>>>>
>>>>> 2014-03-21 21:27 GMT+01:00 Ken McWilliams :
>>>>>
>>>>>> Logo looks great! Like the original all Caps version over the Camel
>>>>>> case...
>>>>>> the later is more understated.
>>>>>>
>>>>>>
>>>>>> On Fri, Mar 21, 2014 at 8:25 AM, Paul Benedict 
>>>>>> wrote:
>>>>>>
>>>>>>  I think the website looks great with the new design and logo.
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Mar 21, 2014 at 8:11 AM, Lukasz Lenart >>>>>>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>
>>>>>>>  Camel cased version
>>>>>>>> https://copy.com/jC4OWepdqrvP
>>>>>>>>
>>>>>>>> 2014-03-21 12:59 GMT+01:00 Lukasz Lenart :
>>>>>>>>
>>>>>>>>> She's working on new layout, first attempt:
>>>>>>>>>
>>>>>>>>> https://copy.com/Ly91R3KAkPCm
>>>>>>>>> https://copy.com/9gghodFkEJmr
>>>>>>>>>
>>>>>>>>> About CamelCase - hm... good question, I also like that - will ask her
>>>>>>>>>
>>>>>>>> ;-)
>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2014-03-19 16:32 GMT+01:00 Rene Gielen :
>>>>>>>>>
>>>>>>>>>> By sudden I realized I forgot to comment so far - shame on me!
>>>>>>>>>>
>>>>>>>>>> Logo image idea / execution: fabulous
>>>>>>>>>> Color scheme: 3rd ++, 2nd +
>>>>>>>>>> Font: Yet undecided. My gut fav is 2nd, but I also agree with Lukasz
>>>>>>>>>> that Aleo (1st) is classy.
>>>>>>>>>>
>>>>>>>>>> Is there a consensus about all uppercase writing? Am I too
>>>>>>>>>> traditional
>>>>>>>>>> by considering good'ol upper+lower as well? :)
>>>>>>>>>>
>>>>>>>>>> Anyway - great job, and a huge thanks to you guys!
>>>>>>>>>>
>>>>>>>>>> - René
>>>>>>>>>>
>>>>>>>>>> Am 07.03.14 15:53, schrieb Lukasz Lenart:
>>>>>>>>>>
>>>>>>>>>>> New colors https://copy.com/mewPAFa0GuQo and designer's answer:
>>>>>>>>>>>
>>>>>>>>>>> Several blue variants to be considered. As well as several fonts.
>>>>>>>>>>>
>>>>>>>>>>> I do not agree about the font - I like it very much, it is modern -
>>>>>>>>>>> not all serifs are outdated.
>>>>>>>>>>>
>>>>>>>>>>> The font is called Aleo, you can read some here
>>>>>>>>>>> http://fontfabric.com/aleo-free-font/
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> 
>>>>>>>>>> -
>>>>>>>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>>>>>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> -
>>>>>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>>>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Paul
>>>>>>>
>>>>>>>
>>>>> -
>>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>>
>>>>>
>>>> -
>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>
>>>>
> 
> 
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [jax-rs-spec users] [jsr339-experts] MVC 1.0 JSR

2014-08-19 Thread Rene Gielen 
Reference:
https://java.net/projects/jax-rs-spec/lists/users/archive/2014-08/message/16

It was tried to make this a part if next JAX-RS spec, but wit this
message it is clear that it will be covered by a new JSR apart from JAX-RS

See also the attached PDF in the posting.

- René

Am 19.08.14 19:11, schrieb Paul Benedict:
> I never heard of a JSR that codifies an "official" MVC solution. If you
> have the JSR number for what you're speaking about, let me know.
> 
> 
> Cheers,
> Paul
> 
> 
> On Tue, Aug 19, 2014 at 12:06 PM, Frans Thamura  wrote:
> 
>> anyone know this?
>>
>> MVC become JSR.
>>
>> F
>>
>>
>>
>> -- Forwarded message --
>> From: Santiago Pericas-Geertsen 
>> Date: Tue, Aug 19, 2014 at 9:37 PM
>> Subject: [jax-rs-spec users] [jsr339-experts] MVC 1.0 JSR
>> To: jsr339-expe...@jax-rs-spec.java.net
>>
>>
>> Hello Experts,
>>
>>  As I stated in my earlier message, MVC 1.0 is now a separate JSR.
>> Given the discussions we have had in the past related to MVC and
>> JAX-RS, I felt it was appropriate to send you this proposal as well.
>>
>>  Even though it is not part of JAX-RS anymore, if you want to be
>> listed as a supporter for MVC 1.0, you can also respond to this
>> message.
>>
>>  Thanks.
>>
>> -- Santiago
>>
>>
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> For additional commands, e-mail: dev-h...@struts.apache.org
>>
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Do we still sign releases?

2014-06-24 Thread Rene Gielen 
Correct, unsigned releases won't make it to central.

On 24. Juni 2014 07:06:46 MESZ, Lukasz Lenart  wrote:
>I think yes
>https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.3.16/
>
>and this is verified by Nexus during Closing repository (I think)
>
>2014-06-24 3:20 GMT+02:00 Paul Benedict :
>> Back in the 1.x days, we signed releases (the jars, zips, etc.). I
>don't
>> know if we always did, but I did when I was release manager. Is that
>> practice still in force? ... And do we do that for Struts 2 as well?
>>
>> Cheers,
>> Paul
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>For additional commands, e-mail: dev-h...@struts.apache.org

-- 
Sent from my mobile phone

Re: Lost JIRA admin rights to STR & WW

2014-06-20 Thread Rene Gielen 
Karma should be there again, enjoy the powers :)

Am 20.06.14 16:45, schrieb Paul Benedict:
> Who, so mighty and powerful, can grant me the karma back?
> 
> Cheers,
> Paul
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Unable to intigrate Jasper report for struds2

2014-05-12 Thread Rene Gielen 
Hi,

actually this is the place to discuss the development of the Struts
framework. To get support for developing applications based on Struts 2,
the user mailing list is the place to find help:
http://struts.apache.org/mail.html

Regarding your particular problem: When you are going to rephrase the
question for the user mailing list, you might want to provide a more
precise description that explains what you are missing from the links
found by the Google search for the search term

struts2 jasperreports

Regards,
René

Am 12.05.14 14:53, schrieb manju:
> Hello ,
> 
> 
> sorry if i'm posting in wrong  place 
> 
> please can any one let me know how to integrate Jasper reports to Struds2 
> 
> as i'm new to this i need step by step process 
> 
> 
> thanks in advance 
> 
> 
> 
> --
> View this message in context: 
> http://struts.1045723.n5.nabble.com/Unable-to-intigrate-Jasper-report-for-struds2-tp5715933.html
> Sent from the Struts - Dev mailing list archive at Nabble.com.
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact

2014-05-01 Thread Rene Gielen 
As confirmed in our last announcement, the Apache Struts 1 framework in
all versions is affected by a ClassLoader manipulation vulnerability
(CVE-2014-0114) similar to a recently fixed vulnerability in Struts 2
(CVE-2014-0112, CVE-2014-0094) [1].

Thanks to the efforts of Alvaro Munoz and the HP Fortify team, the
Apache Struts project team can recommend a first mitigation that is
relatively simple to apply. It involves the introduction of a generic
Servlet filter, adding the possibility to blacklist unacceptable request
parameters based on regular expressions. Please see the corresponding HP
Fortify blog entry [2] for detailed instructions.

The HP Fortify team also informed us that the vulnerability may be
exploited for Remote Code Execution (RCE) in certain environments. Based
on this information, the Apache Struts project team recommends to apply
the mitigation advice *immediately* for all Struts 1 based applications.

Struts 1 has had its End-Of-Life announcement more than one year ago
[3]. However, in a cross project effort the Struts team is looking for a
correction or an improved mitigation path. Please stay tuned for further
information regarding a solution.

This is a cross-list posting. If you have questions regarding this
report, please direct them to secur...@struts.apache.org only.

[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html
[2]
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U2J7xeaSxro
[3] http://struts.apache.org/struts1eol-announcement.html

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114

2014-04-29 Thread Rene Gielen 
The Apache Struts project team confirms that Struts 1 in all versions is
affected by a ClassLoader manipulation vulnerability similar to a
recently fixed vulnerability in Struts 2 (CVE-2014-0112, CVE-2014-0094) [1].

This is a different underlying flaw. For future reference, please use
CVE-2014-0114 in regards to this issue.

Struts 1 has had its End-Of-Life announcement one year ago. In a cross
project effort, the Struts team is looking for a correction or
mitigation path though. Please stay tuned for further information
regarding a solution.

This is a cross-list posting. If you have questions regarding this
report, please direct them to secur...@struts.apache.org only.

[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE][FASTTRACK] Struts 2.3.16.2

2014-04-24 Thread Rene Gielen 
+1 GA

Thanks Lukasz!

Am 24.04.14 23:13, schrieb Lukasz Lenart:
> The Struts 2.3.16.2 test build is now available. It includes the
> latest security patch which fixes two possible vulnerabilities:
> - Improves excluded params to avoid ClassLoader manipulation via
> ParametersInterceptor
> - Adds excluded params to CookieInterceptor to avoid ClassLoader
> manipulation when the interceptors is configured to accept all cookie
> names (wildcard matching via "*")
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-021
> 
> Release notes:
> * [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16.2]
> 
> Distribution:
> * [http://people.apache.org/builds/struts/2.3.16.2/]
> 
> Maven 2 staging repository:
> * [https://repository.apache.org/content/repositories/orgapachestruts-1002/]
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical)

2014-04-24 Thread Rene Gielen 
In Struts 2.3.16.1, an issue with ClassLoader manipulation via request
parameters was supposed to be resolved. Unfortunately, the correction
wasn't sufficient.

A security fix release fully addressing this issue is in preparation and
will be released as soon as possible.

Once the release is available, all Struts 2 users are strongly
recommended to update their installations.

* Until the release is available, all Struts 2 users are strongly
recommended to apply the mitigation described [1] *

Please follow the Apache Struts announcement channels [2][3][4][5] to
stay updated regarding the upcoming security release. Most likely the
release will be available within the next 72 hours. Please prepare for
upgrading all Struts 2 based production systems to the new release
version once available.

- The Apache Struts Team.

[1] http://struts.apache.org/announce.html#a20140424
[2] http://struts.apache.org/mail.html
[3] http://struts.apache.org/announce.html
[4] https://plus.google.com/+ApacheStruts/posts
[5] https://twitter.com/TheApacheStruts

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [CANCELLED][VOTE] Struts 2.3.17

2014-04-14 Thread Rene Gielen 
Fair enough. For future votes we should keep in mind that that 72h is
the minimum time. Given that a test drive of a full release takes it's
time (for me ususally around 2 -3 hours), granting our users and
developers a full week before cancelling the vote seems to be reasonable
- even given the test build was published before.

For the record: Mine would have been +0 GA :)

Am 15.04.14 08:33, schrieb Lukasz Lenart:
> Ok, I'm cancelling this Vote - not enough voters with binding vote :(
> 
> But don't worry, I'm going polish few things and start with 2.3.18
> very soon, Happy Easters!
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Time to start new release

2014-03-30 Thread Rene Gielen 
Looks good.

Great job, you are a machine ;)

- René

Am 30.03.14 20:52, schrieb Lukasz Lenart:
> Version Notes
> https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.17
> 
> Please take a look if everything is ok. Thanks!
> 
> 2014-03-28 21:56 GMT+01:00 Lukasz Lenart :
>> 56 issues solved, time to start a new release :-)
>>
>> https://issues.apache.org/jira/browse/WW/fixforversion/12324780/
>>
>> 2014-03-27 12:17 GMT+01:00 Lukasz Lenart :
>>> Ok, 12 issues left
>>>
>>> https://issues.apache.org/jira/issues/?jql=project%20%3D%20WW%20AND%20fixVersion%20%3D%202.3.17%20AND%20status%20%3D%20Open%20ORDER%20BY%20priority%20DESC
>>>
>>> 2014-03-08 18:19 GMT+01:00 Lukasz Lenart :
 Those issues (in most cases) will be solves with 2.3.17

 https://issues.apache.org/jira/issues/?jql=project+%3D+WW+AND+fixVersion+%3D+2.3.17+AND+status+%3D+Open+ORDER+BY+priority+DESC

 2014-03-06 22:30 GMT+01:00 Lukasz Lenart :
> Hi,
>
> Time to start work on new release, any important issues to solve and
> include in the release?
> Thus probably will be the last 2.3.x - next will be 2.5.x (minor code
> cleanup) or 3.0 (large refactorings)
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: New logo

2014-03-19 Thread Rene Gielen 
By sudden I realized I forgot to comment so far - shame on me!

Logo image idea / execution: fabulous
Color scheme: 3rd ++, 2nd +
Font: Yet undecided. My gut fav is 2nd, but I also agree with Lukasz
that Aleo (1st) is classy.

Is there a consensus about all uppercase writing? Am I too traditional
by considering good'ol upper+lower as well? :)

Anyway - great job, and a huge thanks to you guys!

- René

Am 07.03.14 15:53, schrieb Lukasz Lenart:
> New colors https://copy.com/mewPAFa0GuQo and designer's answer:
> 
> Several blue variants to be considered. As well as several fonts.
> 
> I do not agree about the font - I like it very much, it is modern -
> not all serifs are outdated.
> 
> The font is called Aleo, you can read some here
> http://fontfabric.com/aleo-free-font/
> 

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE][FASTTRACK] Struts 2.3.16.1

2014-03-04 Thread Rene Gielen 
Checked, no issues found.

+1 GA (binding)

- René

Am 03.03.14 09:19, schrieb Lukasz Lenart:
> The Struts 2.3.16.1 test build is now available. It includes the
> latest security patch which fixes two possible vulnerabilities.
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-020
> 
> Release notes:
> * [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16.1]
> 
> Distribution:
> * [http://people.apache.org/builds/struts/2.3.16.1/]
> 
> Maven 2 staging repository:
> * [https://repository.apache.org/content/repositories/orgapachestruts-1000/]
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] 
> http://apache.org/dev/mirrors.html#use|http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> Regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Git flow

2014-01-28 Thread Rene Gielen 
Am 28.01.14 12:19, schrieb Lukasz Lenart:
> I don't think we need git-flow - we don't have huge development team,
> there is (almost) no situation when we work together on some
> issue/feature. And learning the whole flow is useless (at this
> moment).
> 

Then I'm wondering a bit why we wanted to move to git in the first
place. It was my impression that we wanted to profit especially from
advanced processes like easy feature branching and merging, e.g.
- isolate features to make their impact better assessable
- allow for (yet not require!) code reviews before features are merged
to mainline - especially useful for our new committers, IMO
- allow cherry picking for releases
- backporting features from development to stable branches
- allow for collaborative working on groundbreaking features and ideas
for new major versions
- allow isolated work and straight forward, well documented processes
for hotfix releases, including multiple merging to all working branches
- allow for external contributions while working on new features, solely
targeted towards such feature
... to name just a few.

As for me, I did not find it hard to learn git-flow to a level that I
felt my own and my team's productivity increased. I started with forcing
myself to work based on feature branches and the follow-up processes,
only to to find me loving it soon and missing it everywhere where I was
forced to use e.g. svn where such processes are PITA.

> I'd rather start with something simpler and what we can understand and
> explain each others - using git-flow means we must understand how it
> works in first place and it isn't just to read some blog posts -
> understand the whole philosophy behind.
> 

I agree that git-flow is not the only possible way to go, and that we
might want to establish our own solution. Of course, it is well thought
out and flexible for both keeping things simple if you want to, as well
as offering advanced tooling for advanced problems. In either case -
adapting git-flow or working out our own process - I would opt for a
model that is both easy to use and grows with our needs. I see advanced
needs if we start our work on S3, and if we might manage to attract more
contributors along the way. Certainly we would want to establish a flow
that does not limit ourselves in future, wouldn't we?

Just to give an example, I started some prototyping experiments on how
multiple possible return value types and result containers could work
out (inspired by Spring MVC and Play). To advance on this, I would like
to share this and have others review and potentially collaborate on
this. But for a rather long time, this might stay experimental and not
ready even for development branches that we might want to offer
adventurous users to use in their projects. I'm pretty sure that there
might be a lot of such experiments and ideas that develop around the
idea of bringing out a new major release.

> That being said, I opt to work out our own flow - simple and straight
> forward. There can be advantage - we must adjust our release process
> to the flow as well.
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Git flow

2014-01-23 Thread Rene Gielen 
Am 16.01.14 14:14, schrieb Lukasz Lenart:
> Till we won't decide what flow to use, it's ok to commit directly to
> master branch.
> 

... or maybe open some arbitrary feature-branch first?

> 
> Regards
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Git flow

2014-01-23 Thread Rene Gielen 
Hey Lukasz & others,

sorry for chiming in a bit late, I'm suffering from heavy workload
currently.

Basically this idea looks quite good and straightforward to me. On the
other hand, kind of a standard, named git-flow, seems to have
established, which I find worth evaluating:

http://nvie.com/posts/a-successful-git-branching-model/

Not only that it is well documented and contains all the (corner) cases
we might need, there is also excellent tooling support:

https://github.com/nvie/gitflow offers extensions to git to add workflow
semantics to your branching process, e.g. starting a feature:
git flow feature
git flow feature start  []
git flow feature finish 
Besides more examples on what the git extension does, you will find
further excellent explanatory resources linked on this page.

IntelliJ IDEA also has git-flow support:
http://plugins.jetbrains.com/plugin/7315
While there were some issues reported lately, development seems to be
active and I already used it successfully in version IDEA 12

Atlassian Sourcetree, IMO the most complete git shell on the planet, has
also excellent support for git-flow. The following is also a great read
describing the concepts and processes behind this branching model, in
addition to the original article quoted above:
http://blog.sourcetreeapp.com/2012/08/01/smart-branching-with-sourcetree-and-git-flow/

The Atlassian blog also contains an overview over various well
established workflows, including git-flow - also well worth reading:
https://www.atlassian.com/git/workflows

What I like about git-flow
- well documented - so well that we don't have to document it ourselves ;)
- well thought out
- very organized
- clean branch naming, including "subdirectories" for branches; that is
branches are named LANE/TOPIC - e.g. hotfix/s2-099
- there is quite users / future contributors are already familiar with
this workflow, since they might be using it at work

Just my $0.02
René

Am 16.01.14 08:01, schrieb Lukasz Lenart:
> Hi,
> 
> As Struts migrated to Git it's time to plan what kind of git flow we
> are going to use.
> 
> I thought about something like that:
> - 'master' contains always the latest released source (also as a tagged 
> version)
> - 'develop' contains the next version and we can commit some small
> patches directly to it
> - 'branch-xxx' will contain large modifications and refactors
> - 'feature-xxx' will contain huge modifications, like Struts3
> -- 'feature-xxx-yyy' will contain branch of feature branch
> 
> The naming schema can be adjusted but I think it should be simple and
> straightforward.
> 
> 
> Regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Svn to Git migration

2014-01-15 Thread Rene Gielen 
I wonder what the downside is to just put svn subtrees in question into
read only mode compared to moving them to attic. As for placing a
prominent notice, such as MOVED-TO-GIT-README.txt, it would be useful to
our users in either case.

Having a look at wicket, they just left svn at a point in time, keeping
everything in place (presumably read-only):
http://svn.apache.org/repos/asf/wicket/
While I would wish to find a prominent README here as described above, a
see a case for not breaking things that are not in our hand. In the
early days of Weld / CDI e.g., I desperately needed trunk level builds
that were not published yet. For that reason I did a
checkout-and-build-dependency step in the maven bootstrap phase of my
build. While this was clearly violating the reproducible build
principle, I could live with this trade-off since the features I needed
were additions unlikely to go away. To some extent reproducibility may
be seen as that if you would checkout some project published a few years
ago, it would build without some early failures before javac even kicks
in. I know this is a corner case, but it would suffer from repo contents
(from which a checkout would be done during my build) being moved away.

Regarding Apache policies, there are a few around that might help
finding a decision:
- Apache requires us to run on our own infrastructure for a single
reason: provide resources that will last for ages at the same place.
That is why we would not want to do canonical hosting of projects
externally, such as on GitHub - maybe it shuts down tomorrow? Unlikely,
yes. On the other hand, we have seen such things happen: tr.im URL
shortener was popular by it's time, but then money ran out. Each mailing
list posting containing tr.im URL you will look up in archive render
useless due to the URLs cannot be resolved any more. That's why Apache
even promotes their own URL shortener, http://s.apache.org.
- Dead projects, that is projects with dead communities, go to the Attic
meta project, including move of svn resources. While this has more to do
with having a meta-PMC for keeping oversight even if the owning PMC is
dead, it indeed involves moving of svn resources - AFAIK the only
process where such move happens as a part of an Apache policy. So moving
something to something called "attic" makes me shout out "I'm not dead
yet!" spontaneously :)

So far, I would really tend to go into read-only mode with notices
placed in svn rather than to move things away. If there are good
arguments for the move I have missed so far, I would of course happily
switch my position on that topic.

Just my 0.02$
- René

Am 15.01.14 20:54, schrieb Lukasz Lenart:
> 2014/1/15 Paul Benedict :
>> The published POMs should all have a link to the SCM URL. We shouldn't move
>> to the attic so those links can stay valid.
> 
> Ok, what is wrong if they become invalid? Maybe people start thinking
> about migration :-)
> 
>> And what do you mean "cut the wire"? Is that an Apache directive to stop
>> people from going to svn?
> 
> I don't know how it is in English - when child is born, connection
> with mother is cut :-) The same here, at some point we must strictly
> say - sorry guys!
> 
> It was mentioned as a good practise from other projects which migrated to Git.
> 
> 
> Regards
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Svn to Git migration

2014-01-14 Thread Rene Gielen 
+1



Paul Benedict  schrieb:
>No, please don't move things to the attic. We published POMs and other
>links to the repository. We should just make it read-only.
>
>
>On Tue, Jan 14, 2014 at 1:23 PM, Johannes Geppert 
>wrote:
>
>> Looks good to me!
>>
>> Thanks Łukasz for taking care of this migration.
>>
>> Johannes
>>
>> #
>> web: http://www.jgeppert.com
>> twitter: http://twitter.com/jogep
>>
>>
>> 2014/1/14 Lukasz Lenart 
>>
>> > Guys,
>> > can you review cleanup I have performed?
>> >
>> > https://svn.apache.org/repos/asf/struts/
>> > https://svn.apache.org/repos/asf/struts/attic/
>> >
>> > what else I should move to attic as well
>> >
>> >
>> > Regards
>> > --
>> > Łukasz
>> > + 48 606 323 122 http://www.lenart.org.pl/
>> >
>> > 2014/1/14 Lukasz Lenart :
>> > > I think it isn't needed. I'm going to move everything to 'attic'
>> > > folder to be backed up and create README about migration
>> > >
>> > > 2014/1/14 Paul Benedict :
>> > >> Can you request to turn it read only?
>> > >> On Jan 14, 2014 11:58 AM, "Lukasz Lenart"
>
>> > wrote:
>> > >>
>> > >>> Migration to Git is almost done! Please DON'T use Subversion
>anymore!
>> > >>>
>> > >>> https://issues.apache.org/jira/browse/INFRA-7174
>> > >>>
>> > >>>
>> > >>> Regards
>> > >>> --
>> > >>> Łukasz
>> > >>> + 48 606 323 122 http://www.lenart.org.pl/
>> > >>>
>> > >>> 2014/1/9 Lukasz Lenart :
>> > >>> > Time to move forward
>> > >>> >
>> > >>> > https://issues.apache.org/jira/browse/INFRA-7174
>> > >>> >
>> > >>> > 2013/12/10 Christian Grobmeier :
>> > >>> >> On 10 Dec 2013, at 7:55, Lukasz Lenart wrote:
>> > >>> >>
>> > >>> >>> I'm going postpone transition to Git as we must straighten
>site
>> > >>> >>> building first! Right now it's a real pain in the a.. and
>it
>> takes
>> > >>> >>> ages to update site after release. Not saying about other
>mirror
>> > >>> >>> problems with this whole SvnPubSub crap :\
>> > >>> >>
>> > >>> >>
>> > >>> >> Oh ok. :-|
>> > >>> >>
>> > >>> >> I am a bit undecided on how we approach the website (again).
>> > >>> >>
>> > >>> >>
>> > >>> >>
>> > >>> >>
>> > >>> >>>
>> > >>> >>> Regards
>> > >>> >>> --
>> > >>> >>> Łukasz
>> > >>> >>> + 48 606 323 122 http://www.lenart.org.pl/
>> > >>> >>>
>> > >>> >>> 2013/12/6 Dave Newton :
>> > >>> 
>> > >>>  Correct; pull requests are a github thing.
>> > >>> 
>> > >>>  And they're nice (usually).
>> > >>> 
>> > >>> 
>> > >>>  On Fri, Dec 6, 2013 at 12:09 PM, Christian Grobmeier
>> > >>>  wrote:
>> > >>> 
>> > >>> > On 6 Dec 2013, at 15:19, Lukasz Lenart wrote:
>> > >>> >
>> > >>> > 2013/12/6 Christian Grobmeier :
>> > >>> >>
>> > >>> >>
>> > >>> >>> On 6 Dec 2013, at 8:11, Lukasz Lenart wrote:
>> > >>> >>>
>> > >>> >>> Do you know if git at Apache supports Pull Requests
>between
>> > >>> branches?
>> > >>> 
>> > >>>  I've started working like that some time ago and it's
>> awesome
>> > >>> feature
>> > >>>  :-)
>> > >>> 
>> > >>> >>>
>> > >>> >>> Honestly I don't know :-)
>> > >>> >>>
>> > >>> >>> I mean you can merge between branches easily. Is that
>what
>> you
>> > >>> mean?
>> > >>> >>>
>> > >>> >>
>> > >>> >> Not exactly, in GitHub you can prepare a Pull Request
>between
>> > >>> >> different branches in the same repo - you don't have to
>fork
>> the
>> > >>> repo
>> > >>> >> at all. So you'll see the PR on issues list and you can
>> comment,
>> > >>> >> change the code and so on, before merging it to
>mater/develop.
>> > >>> >>
>> > >>> >> But I think it's pure GitHub functionality not really
>related
>> > to git
>> > >>> >> itself.
>> > >>> >>
>> > >>> >
>> > >>> > I don't know for sure, but I agree, its most likely a
>github
>> > feature.
>> > >>> > I think something like gitlabhq might be able to do the
>same:
>> > >>> > https://github.com/gitlabhq/gitlabhq
>> > >>> > But i have not heard if this is going to live at ASF
>infra
>> > >>> >
>> > >>> >
>> > >>> >> Regards
>> > >>> >> --
>> > >>> >> Łukasz
>> > >>> >> + 48 606 323 122 http://www.lenart.org.pl/
>> > >>> >>
>> > >>> >>
>> > >>>
>-
>> > >>> >> To unsubscribe, e-mail:
>dev-unsubscr...@struts.apache.org
>> > >>> >> For additional commands, e-mail:
>dev-h...@struts.apache.org
>> > >>> >>
>> > >>> >
>> > >>> >
>> > >>> > ---
>> > >>> > http://www.grobmeier.de
>> > >>> > @grobmeier
>> > >>> > GPG: 0xA5CC90DB
>> > >>> >
>> > >>> >
>> >
>-
>> > >>> > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> > >>> > For additional commands, e-mail:
>dev-h...@struts.apache.org
>> > >>> >
>> > >>> >
>> > >>> 
>> > >>> 
>> > >>>  --
>> > >>>  e: davelnew...@gmail.

Re: [VOTE] Struts 2.3.16

2013-12-06 Thread Rene Gielen 
+0 GA binding

... for now - I'm currently not able to give it a decent test drive, due
to end-of-year madness. I may change my vote if I find some time, though.

Great job Lukasz!

- René

Am 04.12.13 18:18, schrieb Lukasz Lenart:
> The Apache Struts 2.3.16 test build is now available. With this release:
> - merged security fixes from version 2.3.15.1, 2.3.15.2 and 2.3.15.3
> - solved problem with global "error" result in the Convention Plugin
> - the action: and method: prefixes are be by default excluded and
> changed order to first check excludeParams and then acceptedParams in
> ParametersInterceptor
> - restored previous behaviour where both ParamatersInterceptor AND
> ParameterNameAware must accept parameter - there is no more precedence
> - added proper support for multiple ActionMapper's used with
> PrefixBasedActionMapper, see PrefixBasedActionMapper
> - solved problem with creating empty map entries via Ognl,
> - and other small improvements
> 
> Release notes:
> * [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16]
> 
> Distribution:
> * [http://people.apache.org/builds/struts/2.3.16/]
> 
> Maven 2 staging repository:
> * [https://repository.apache.org/content/repositories/staging/]
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
> 
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
> 
> 
> Kind regards
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: New logo

2013-11-24 Thread Rene Gielen 
Am 20.11.13 14:52, schrieb Christian Grobmeier:
> On 12 Nov 2013, at 16:51, Lukasz Lenart wrote:
> 
>> 2013/11/12 Cameron Morris :
>>> I love the look of steampunk and rickety old bridges, but I think it
>>> sends
>>> the wrong message for a project fighting the perception of being old and
>>> legacy.  I'd say the more modern looking the better.  However, some
>>> of the
>>> more modern bridges look so space age it might be hard to tell that they
>>> are bridges if they are made into a small icon.  Perhaps some of these
>>> might spark an idea: http://www.flickr.com/search/?q=modern%20bridge
>>
>> Hmm... you know everything new someday will be old anyway ;-) I'd
>> rather say let's focus on having cool logo and not the message it
>> sends ;-)
> 
> +1 on the cool logo NOW instead of wasting more time.
> 
> Its always funny with us devs. We have a crap logo for years.
> Somebody shows up and contributes a fantastic logo (compared to the
> other one).
> Suddenly all devs become designers and social media communicators.

You are right with our out-of-style old logo, and that things should
change here. But why exactly are we in such a hurry? Going too long with
an old logo does not mean that a new logo should replace the old one as
soon as it is just "better". IMHO we would want to replace it with
something that satisfies us for years. It should be cool and catchy now
and in five years. "Fantastic compared to the other one" is IMO not
enough. Do we want old-time users to be surprised to find better logo
now, or do we want anyone stumbling over our site or a Zeroturnaround
web frameworks survey to think "hey man, nice logo!"?

I'm not a social media designer, and for that reason I need to interact
with a designer. I need inspiration and suggestions to formulate in turn
which directions to go for the next iteration. Since I'm not a designer,
I'm for sure too lame with my own cool logo proposal.

Over all the years I was involved with design tasks, I've seen design
emerge after some iterations in a process similar to what I outlined
above. I have never ever experienced being given a first proposal that
makes it directly to production.

> 
> Personally I am super-happy that we have such a great proposal.
> And if we don't have another option (one of us devs IS a designer AND
> does some work)
> we should definitely consider it.
> 

I'm super happy with the work being done, and I like some of the ideas
incorporated in the first proposals. I like the fact that someone steps
up and is kind enough to donate work and creativity, and I am super
thankful for that - and, to be honest, it makes me bit shy to provide
too much criticism, especially since it is not my profession the actual
work is all about.

I went back and forth many times the last two weeks to think and
re-think if I like the logo, how it might be seen, and what well founded
criticism I could give. In my review I tried to both incorporate what I
as a non-professional know about design, as well as what I as a
"professional design recipient" (read: consumer) feel when I see the logo.

Some of my thoughts:

Most common to me seems a combination of a dedicated logo icon with a
clean writing for the brand, or just an elaborate writing without logo
icon. From time to time you see some font gimmickry to make a pure
writing recognizable. But I have failed so far to come up with a example
for a iconified design building a writing and a font design.

Have a look at those two sites (scroll to bottom on both)
http://devoxx.be/#/sponsors
http://www.gopivotal.com/

There a good bunch of logos, both of companies and open source projects,
that look cool, clean and modern, yet timeless.

If you want to follow newest hipster logo trends, http://gruntjs.com/
might be a source for inspiration. Nevertheless, this seems to be not so
much on the timeless side...

That said and reviewed many times during last week, I'm more in favor
for the combination of an icon symbol combined with with a clean and
modern typographic font for the brand name Struts.

Stepping back a bit when viewing the proposed designs, what strikes me
most is that iconified graphic elements are used to construct a font.
How does this font look like? It does not seem to follow all of the well
established rules for font design. If you color it completely black from
the outline and reduce it to the font shape, it does not look like very
"clean" typography, even a bit clunky. But besides (or even more than?)
graphical details and tasteful colouring, the shape makes the first
impression to a viewer. I doubt that it is a good idea to bind the font
shape of a writing to iconified graphics as building blocks, as this
limits how elaborate the typographic shape itself will look like.
Designing a font is a science by itself, you can find tons of
information on the web. Just for some reading giving an impression:
http://designshack.net/articles/typography/8-rules-for-creating-effective-typography/

As for me, this breaks d

Re: Registering aliases from within a plugin

2013-11-19 Thread Rene Gielen 
Hi Lukasz,

what is the rationale behind refactoring out velocity support to a
plugin? For which Struts version are you targeting this proposal?

Regards,
René

Am 18.11.13 20:38, schrieb Lukasz Lenart:
> Hi,
> 
> As I'm working in extracting Velocity support into a plugin, I have
> faced a small problem: how to register alias to allow override
> VelocityManager by user?
> 
> Right now, it is done via BeanSelectionProvider [1] where each class
> which can be aliased is defined statically and then the provider is
> statically added in Dispatcher [2]. Now I need a way to allow define
> the same but inside the plugin.
> 
> The first idea is to define a new type of configuration file:
> struts-aliases.xml but I would like to have a programmatic way, any
> thoughts?
> 
> [1] 
> https://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java?view=markup#l366
> [2] 
> https://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java?view=markup#l449
> 
> 
> Regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: struts2 pull request: DeprecationInterceptor

2013-10-23 Thread Rene Gielen 
We might be able to add this to the accept list, but I'm not too sure if
we want to do this - a spammer got misuse pull requests. On the other
hands, we did not get too much pull requests so far.

Am 23.10.13 13:51, schrieb Lukasz Lenart:
> ech... is it possible to automise that?
> 
> 2013/10/23 Rene Gielen :
>> It gets into moderation, I had to let it pass manually
>> Am 23.10.2013 13:18 schrieb "Lukasz Lenart" :
>>
>>> I overlooked that the info about pull request goes here ;-) Nice :-)
>>>
>>> 2013/10/23 lukaszlenart :
>>>> GitHub user lukaszlenart opened a pull request:
>>>>
>>>> https://github.com/apache/struts2/pull/10
>>>>
>>>> DeprecationInterceptor
>>>>
>>>>
>>>>
>>>> You can merge this pull request into a Git repository by running:
>>>>
>>>> $ git pull https://github.com/strutsathon/struts2 trunk
>>>>
>>>> Alternatively you can review and apply these changes as the patch at:
>>>>
>>>> https://github.com/apache/struts2/pull/10.patch
>>>>
>>>> 
>>>> commit 2a634cf75bec6bdacf0a7552e81216f12ad91766
>>>> Author: lukaszlenart 
>>>> Date:   2013-10-02T08:58:01Z
>>>>
>>>> Adds Travis support
>>>>
>>>> commit 86f0ef956a1b336e529856c0db9b2fbd76b1cfc3
>>>> Author: lukaszlenart 
>>>> Date:   2013-10-02T09:01:16Z
>>>>
>>>> Adds S2 specific build commands
>>>>
>>>> commit 2c777312f85a70113bae7121e6aab3404c67673e
>>>> Author: lukaszlenart 
>>>> Date:   2013-10-02T09:02:23Z
>>>>
>>>> Adds basic README with build status
>>>>
>>>> commit d3a62ad3f5b0e5a17d0cdcb23383828a04949a1a
>>>> Author: Lukasz Lenart 
>>>> Date:   2013-10-08T06:17:55Z
>>>>
>>>> Removes build status
>>>>
>>>> commit 5f5322931c74210c52398d8f35d44395ba28ff92
>>>> Author: Lukasz Lenart 
>>>> Date:   2013-10-08T06:20:46Z
>>>>
>>>> Delete Travis configuration
>>>>
>>>> commit cf24db02bb87254de7c6991b9815c3edabae3d31
>>>> Author: PIOTR DUSZA 
>>>> Date:   2013-10-14T14:48:38Z
>>>>
>>>> Deprecation Interceptor - In dev mode checks if application
>>>> uses deprecated or unknown constants and displays warning
>>>>
>>>> commit 089853a683443ad82dd486233d221428643511da
>>>> Author: PIOTR DUSZA 
>>>> Date:   2013-10-14T14:49:50Z
>>>>
>>>> Adds DeprecationInterceptor to basicStack and defaultStack
>>>>
>>>> 
>>>>
>>>>
>>>> -
>>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>>
>>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>
>>>
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: struts2 pull request: DeprecationInterceptor

2013-10-23 Thread Rene Gielen 
It gets into moderation, I had to let it pass manually
Am 23.10.2013 13:18 schrieb "Lukasz Lenart" :

> I overlooked that the info about pull request goes here ;-) Nice :-)
>
> 2013/10/23 lukaszlenart :
> > GitHub user lukaszlenart opened a pull request:
> >
> > https://github.com/apache/struts2/pull/10
> >
> > DeprecationInterceptor
> >
> >
> >
> > You can merge this pull request into a Git repository by running:
> >
> > $ git pull https://github.com/strutsathon/struts2 trunk
> >
> > Alternatively you can review and apply these changes as the patch at:
> >
> > https://github.com/apache/struts2/pull/10.patch
> >
> > 
> > commit 2a634cf75bec6bdacf0a7552e81216f12ad91766
> > Author: lukaszlenart 
> > Date:   2013-10-02T08:58:01Z
> >
> > Adds Travis support
> >
> > commit 86f0ef956a1b336e529856c0db9b2fbd76b1cfc3
> > Author: lukaszlenart 
> > Date:   2013-10-02T09:01:16Z
> >
> > Adds S2 specific build commands
> >
> > commit 2c777312f85a70113bae7121e6aab3404c67673e
> > Author: lukaszlenart 
> > Date:   2013-10-02T09:02:23Z
> >
> > Adds basic README with build status
> >
> > commit d3a62ad3f5b0e5a17d0cdcb23383828a04949a1a
> > Author: Lukasz Lenart 
> > Date:   2013-10-08T06:17:55Z
> >
> > Removes build status
> >
> > commit 5f5322931c74210c52398d8f35d44395ba28ff92
> > Author: Lukasz Lenart 
> > Date:   2013-10-08T06:20:46Z
> >
> > Delete Travis configuration
> >
> > commit cf24db02bb87254de7c6991b9815c3edabae3d31
> > Author: PIOTR DUSZA 
> > Date:   2013-10-14T14:48:38Z
> >
> > Deprecation Interceptor - In dev mode checks if application
> > uses deprecated or unknown constants and displays warning
> >
> > commit 089853a683443ad82dd486233d221428643511da
> > Author: PIOTR DUSZA 
> > Date:   2013-10-14T14:49:50Z
> >
> > Adds DeprecationInterceptor to basicStack and defaultStack
> >
> > 
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > For additional commands, e-mail: dev-h...@struts.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: [ANN] Struts 2.3.15.3 GA release available - security fix

2013-10-19 Thread Rene Gielen 
I'll step up first - I'll buy you a beer in Antwerp, given you will be
attending Devoxx ;)

Am 19.10.13 17:33, schrieb Lukasz Lenart:
> 2013/10/19 Dave Newton :
>> Definitely.
>>
>> We should do something nice for him. Ideas?
> 
> Wat? ;-)
> 
> 
> Regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [ANN] Struts 2.3.15.3 GA release available - security fix

2013-10-17 Thread Rene Gielen 
Great job, Lukasz!



Lukasz Lenart  schrieb:
>The Apache Struts group is pleased to announce that Struts 2.3.15.3 is
>available as a "General Availability" release.The GA designation is
>our highest quality grade.
>
>Apache Struts 2 is an elegant, extensible framework for creating
>enterprise-ready Java web applications. The framework is designed to
>streamline the full development cycle, from building, to deploying, to
>maintaining applications over time.
>
>This release includes important security fixes:
>- S2-018 - Broken Access Control Vulnerability in Apache Struts2
>- solved problem with action: prefix broken in 2.3.15.2
>
>All developers are strongly advised to update existing Struts 2
>applications to Struts 2.3.15.3
>
>Struts 2.3.15.3 is available in a full distribution, or as separate
>library, source, example and documentation distributions, from the
>releases page.
>* http://struts.apache.org/download.cgi#struts23153
>
>The release is also available from the central Maven repository under
>Group ID "org.apache.struts".
>
>The 2.3.x series of the Apache Struts framework has a minimum
>requirement of the following specification versions:
>* Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
>* Java 2 Standard Platform Edition (J2SE) 5
>
>The release notes are available online at:
>* http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html
>
>Should any issues arise with your use of any version of the Struts
>framework, please post your comments to the user list, and, if
>appropriate, file a tracking ticket.appropriate, file a tracking
>ticket:
>* https://issues.apache.org/jira/browse/WW
>
>
>- The Apache Struts group.
>
>
>Regards
>-- 
>Łukasz
>+ 48 606 323 122 http://www.lenart.org.pl/
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>For additional commands, e-mail: dev-h...@struts.apache.org

-- 
Sent from my mobile phone

Re: [trademark] The term "Strutsathon"

2013-10-14 Thread Rene Gielen 
As a first reaction one might find the trademark discussion Christian
brought up a bit picky, but it isn't.

There has been a lot of traffic on the board list regarding trademark
issues last year, resulting in an enforced policy for PMCs to watch and
protect their and Apache's trademarks. You might have noticed that for
quite a few of subsequent board reports I added a trademark section.
Also, we updated our site to include an updated trademark footer and a
logo containing the copyright sign. This happened all along the lines of
the board requesting the PMCs to observe and enforce trademark
protection guidelines.

So what happened here? Christian coined the term "Strutsathon", and it
proved to attract interest, at least by others re-using it. Being aware
of the issues raised by the board regarding trademarks, Christian found
the term being worth to protect. As the originator of the term, he did a
formal donation to the Struts project so that we can protect it as a
trademark. This is in our best interest, since *we* as the Struts
project want to be in control of Struts related terms. We can happily
donate the right to use them to anybody who likes to. We would not be so
happy if EvilCorp registers an obviously Struts related trademark and
infringes us or our users for "naively" using it. In taking the first
step to formally add a term like this to our trademark assets, we keep
EvilCorp from being evil to us, which IMO a good thing.

While our first and foremost interest is to write, support and publish
great open source software, we as the PMC have to deal with formal
requirements from time to time. Please don't take this easy, as the
board and the membership won't take this easy either.

- René

Am 13.10.13 15:21, schrieb Christian Grobmeier:
> On 13 Oct 2013, at 14:05, Dave Newton wrote:
> 
>> Meh. What does it matter?
> 
> You mean, why should we support Hackathons around Struts?
> Or why should we protect our trademarks?
> 
> The first question is obvious. So more so better.
> 
> The second question: I followed the problems of Hadoop, CouchDB and so on.
> If we generally allow the use of the term Strutsathon we can not ask for
> respecting
> our trademarks if a commercial entity abuses it (in our eyes).
> 
> I believe it should be in the hands of the PMC to keep control of
> Strutsathons and protecting
> the trademark of it is in my opinion a first step.
> 
> Cheers
> Christian
> 
>> On Oct 12, 2013 5:44 PM, "Christian Grobmeier" 
>> wrote:
>>
>>> On 12 Oct 2013, at 21:31, Dave Newton wrote:
>>>
>>> Adding "-athon" is common, I'm not sure I understand why we're
>>> discussing
 it.

>>>
>>> Please read my initial email. Besides adding it as a trademark, I
>>> suggest
>>> to create some pages to support community driven Strutsathons
>>>
>>>
>>>
>>>
>>> On Oct 12, 2013 10:50 AM, "Frans Thamura"  wrote:

 Lukaz, your way will.inspiring.people to start the same way
>
> And good for all of us.
>
> F
> On Oct 12, 2013 9:48 PM, "Christian Grobmeier" 
> wrote:
>
> On 12 Oct 2013, at 16:20, Lukasz Lenart wrote:
>>
>> I must say "I'm sorry Christian!". I supposed ask you first before I
>>
>>> have used the name Strutshaton. I'm really sorry, I thought about
>>> that
>>> but forget :(
>>>
>>>
>> Don't worry!
>>
>> I think it was great you have chosen the term and you should keep it.
>> I see a good opportunity to improve our community work when we manage
>> to establish the term Strutsathon.
>>
>> I have to say "Thank you" for the good idea to organize another
>>
> Strutsathon
>
>> in Warsaw.
>>
>>
>>
>> Thanks & kind regards
>>> -- 
>>> Łukasz
>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>
>>> 2013/10/12 Christian Grobmeier :
>>>
>>> Hello folks,

 as you know I previously invented the term "Strutsathon" for the
 first
 Strutsathon in Augsburg:
 http://strutsathon.opensource.io/ 

>>>
>>
 Now I saw Lukasz is using the term for one in Warsaw. I sense a
 pattern
 and
 hope there will be more Strutsathons to follow!

 As I invented the term "Strutsathon" I believe I have some
 ownership
 in
 it,
 despite the fact I use the ASF trademark "Struts".
 If I have any rights on it, I donate it to the project.

 Then I believe we should add this term to our trademark
 information on
 the
 bottom of every page:

 "Copyright © 2000-2013 The Apache Software Foundation. All Rights
 Reserved.
 Apache Struts, Struts, Strutsathon, Apache, the Apache feather
 logo,

>>> and
>
>> the
 Apache Struts project logos are trademarks of The

Re: [VOTE] [FAST TRACK] Struts 2.3.15.2

2013-09-18 Thread Rene Gielen 
+1 GA (binding)

Am 18.09.13 11:07, schrieb Lukasz Lenart:
> The Struts 2.3.15.2 test build is now available. It includes the
> latest security patches which fix two possible vulnerabilities.
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-018
> * https://cwiki.apache.org/confluence/display/WW/S2-019
> 
> Please note that currently these bulletins and the release notes are
> only visible to logged-in users with the struts-committer role. This
> is a needed requirement to control disclosure until the actual release
> is announced.
> 
> Release notes:
> * [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.15.2]
> 
> Distribution:
> * [http://people.apache.org/builds/struts/2.3.15.2/]
> 
> Maven 2 staging repository:
> * [https://repository.apache.org/content/repositories/orgapachestruts-071/]
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after
> 24 hours (at least three binding +1s and more +1s than -1s),  the
> release may be submitted for mirroring and announced to the usual
> channels.
> 
> The website download link will include the mirroring timestamp
> parameter [1], which limits the selection of mirrors to those that
> have been refreshed since the indicated time and date. (After 24
> hours, we *must* remove the timestamp parameter from the website link,
> to avoid unnecessary server load.) In the case of a fast-track
> release, the email announcement will not link directly to
> , but to , so that we can control use of
> the timestamp parameter.
> 
> [1] 
> http://apache.org/dev/mirrors.html#use|http://apache.org/dev/mirrors.html#use
> 
> - The Apache Struts group.
> 
> 
> Regards
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Svn to Git migration

2013-09-18 Thread Rene Gielen 
+1

Am 18.09.13 11:38, schrieb Lukasz Lenart:
> When 2.3.15.2 will be officially out, I want to send request to Infra
> for Svn to Git migration
> 
> 2013/9/17 Christian Grobmeier :
>> thats fine :-) Now as we have that agreement, let's keep us moving :)
>>
>> Am 17.09.13 22:48, schrieb Rene Gielen:
>>> I just wanted to get this clarified. Seems like we have an agreement :-)
>>> Am 17.09.2013 21:14 schrieb "Christian Grobmeier" :
>>>
>>>> Am 17.09.13 21:06, schrieb Johannes Geppert:
>>>>>> -1 for moving trunk only. We don't want to lose history, and we would
>>>>>> not want two repositories for one project (Struts 2). Once we moved to
>>>>>> git, the full struts2 svn tree should either be switched to read-only
>>>>>> or/and later be removed.
>>>>>
>>>>> Sure you are right the history should not be lost.
>>>>> What I mean is not to migrate the struts1, archive, sandbox
>>>>> and site into the new struts.git repository.
>>>>
>>>> You speak of different things.
>>>>
>>>> This is not to migrate:
>>>> http://svn.apache.org/repos/asf/struts/
>>>> and I believe Jo is against migrating the content of all of that. I
>>>> agree with him.
>>>>
>>>> We need to migrate this:
>>>>
>>>> http://svn.apache.org/repos/asf/struts/struts2/
>>>> including branches (there are non in short time), tags and trunk.
>>>>
>>>> I bet you are on the same page here.
>>>>
>>>>
>>>>>
>>>>> Johannes
>>>>>
>>>>> #
>>>>> web: http://www.jgeppert.com
>>>>> twitter: http://twitter.com/jogep
>>>>>
>>>>>
>>>>>
>>>>> 2013/9/13 Rene Gielen 
>>>>>
>>>>>> +1 for git flow as the way to go, including excellent tooling - command
>>>>>> line extensions, Atlassian Sourcetree support and even a IDEA plugin
>>>>>> (https://github.com/OpherV/gitflow4idea) help to make this an elegant
>>>>>> abstract and reliable workflow.
>>>>>>
>>>>>> -1 for moving trunk only. We don't want to lose history, and we would
>>>>>> not want two repositories for one project (Struts 2). Once we moved to
>>>>>> git, the full struts2 svn tree should either be switched to read-only
>>>>>> or/and later be removed.
>>>>>>
>>>>>> +1 for dealing with ../branches/STRUTS_3_X etc as hierarchical feature
>>>>>> branches from which single feature branches will be forked for actual
>>>>>> development - at least for now. I want to investigate further on this
>>>>>> one, but basically there should not be a problem if we start like this.
>>>>>>
>>>>>> - René
>>>>>>
>>>>>> Am 12.09.13 21:48, schrieb Johannes Geppert:
>>>>>>> +1 for starting with the Git migration process.
>>>>>>>
>>>>>>> What about only migrating the current svn struts2/trunk to git and
>>>> leave
>>>>>>> the rest in the svn repository?
>>>>>>>
>>>>>>> If we need sometime also the site in git we can request a separate git
>>>>>>> repository like struts-site.git.
>>>>>>>
>>>>>>> Johannes
>>>>>>>
>>>>>>> #
>>>>>>> web: http://www.jgeppert.com
>>>>>>> twitter: http://twitter.com/jogep
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 2013/9/11 Lukasz Lenart 
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I'd like to start discussion about the migration process - there are
>>>>>>>> few things we must clarify, at least:
>>>>>>>> - Git structure
>>>>>>>> - development flow
>>>>>>>>
>>>>>>>> I think we should have just one repo: git.apache.org/struts.git and
>>>>>>>> diverse versions internally via branches - so the current S2 source
>>>>>>>> become t

Convention plugin and archetypes

2013-09-18 Thread Rene Gielen 
Hi folks,

one of the key facts that people don't get about Struts 2 is that XML is
not needed for configuration. While I think that the Convention plugin
needs to be moved (and be the default) for Struts NEXT, we could do
something now to help our users.

My suggestion is to rearrange the maven archetypes, such that blank is
convention driven by default. Convention archetype could be dropped in
favor for a struts2-xml-config-archetype.

wdyt?

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: We are live :-)

2013-09-17 Thread Rene Gielen 
Great job, guys. Clean and catchy, yet informative.

Am 17.09.13 21:46, schrieb Ken McWilliams:
> Congratulations. It looks great.
> 
> 
> On Tue, Sep 17, 2013 at 1:11 PM, Christian Grobmeier 
> wrote:
> 
>> Hey all,
>>
>> we have a new main site, I just pulled the trigger :-)
>>
>> http://struts.apache.org
>>
>> Thanks to all who corrected a lot of things when I was piled under work
>> the past days. Keep on doing that. It's only for our own best to keep on
>> improving the docs on all pages of our main site.
>>
>> Cheers
>> Christian
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> For additional commands, e-mail: dev-h...@struts.apache.org
>>
>>
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Svn to Git migration

2013-09-17 Thread Rene Gielen 
I just wanted to get this clarified. Seems like we have an agreement :-)
Am 17.09.2013 21:14 schrieb "Christian Grobmeier" :

> Am 17.09.13 21:06, schrieb Johannes Geppert:
> >> -1 for moving trunk only. We don't want to lose history, and we would
> >> not want two repositories for one project (Struts 2). Once we moved to
> >> git, the full struts2 svn tree should either be switched to read-only
> >> or/and later be removed.
> >
> > Sure you are right the history should not be lost.
> > What I mean is not to migrate the struts1, archive, sandbox
> > and site into the new struts.git repository.
>
> You speak of different things.
>
> This is not to migrate:
> http://svn.apache.org/repos/asf/struts/
> and I believe Jo is against migrating the content of all of that. I
> agree with him.
>
> We need to migrate this:
>
> http://svn.apache.org/repos/asf/struts/struts2/
> including branches (there are non in short time), tags and trunk.
>
> I bet you are on the same page here.
>
>
> >
> > Johannes
> >
> > #####
> > web: http://www.jgeppert.com
> > twitter: http://twitter.com/jogep
> >
> >
> >
> > 2013/9/13 Rene Gielen 
> >
> >> +1 for git flow as the way to go, including excellent tooling - command
> >> line extensions, Atlassian Sourcetree support and even a IDEA plugin
> >> (https://github.com/OpherV/gitflow4idea) help to make this an elegant
> >> abstract and reliable workflow.
> >>
> >> -1 for moving trunk only. We don't want to lose history, and we would
> >> not want two repositories for one project (Struts 2). Once we moved to
> >> git, the full struts2 svn tree should either be switched to read-only
> >> or/and later be removed.
> >>
> >> +1 for dealing with ../branches/STRUTS_3_X etc as hierarchical feature
> >> branches from which single feature branches will be forked for actual
> >> development - at least for now. I want to investigate further on this
> >> one, but basically there should not be a problem if we start like this.
> >>
> >> - René
> >>
> >> Am 12.09.13 21:48, schrieb Johannes Geppert:
> >>> +1 for starting with the Git migration process.
> >>>
> >>> What about only migrating the current svn struts2/trunk to git and
> leave
> >>> the rest in the svn repository?
> >>>
> >>> If we need sometime also the site in git we can request a separate git
> >>> repository like struts-site.git.
> >>>
> >>> Johannes
> >>>
> >>> #
> >>> web: http://www.jgeppert.com
> >>> twitter: http://twitter.com/jogep
> >>>
> >>>
> >>>
> >>> 2013/9/11 Lukasz Lenart 
> >>>
> >>>> Hi,
> >>>>
> >>>> I'd like to start discussion about the migration process - there are
> >>>> few things we must clarify, at least:
> >>>> - Git structure
> >>>> - development flow
> >>>>
> >>>> I think we should have just one repo: git.apache.org/struts.git and
> >>>> diverse versions internally via branches - so the current S2 source
> >>>> become the base and then we will transfer it to 2.5 and 3 in the
> >>>> future.
> >>>>
> >>>> As a flow I like git-flow [1] - well known and used
> >>>>
> >>>> [1] https://github.com/nvie/gitflow
> >>>>
> >>>>
> >>>> Regards
> >>>> --
> >>>> Łukasz
> >>>> + 48 606 323 122 http://www.lenart.org.pl/
> >>>>
> >>>> PS. It'll be implemented after cleaning up current pipeline :-)
> >>>>
> >>>> -
> >>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >>>> For additional commands, e-mail: dev-h...@struts.apache.org
> >>>>
> >>>>
> >>>
> >>
> >>
> >> --
> >> René Gielen
> >> http://twitter.com/rgielen
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >> For additional commands, e-mail: dev-h...@struts.apache.org
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Docs: Working on Struts main

2013-09-17 Thread Rene Gielen 
+1
Am 17.09.2013 10:53 schrieb "Lukasz Lenart" :

> It just came up to my mind - it's almost over a week when the new site
> is available via staging and people were commenting and suggesting
> changes all the time :-) No one disagreed or was against it, so I'd
> like to hit the [Publish Site] today's afternoon - at least allow
> Christian to do it :-)
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> 2013/9/17 Lukasz Lenart :
> > Done!
> >
> > Can we start with silence consensus process to push the new site to
> production?
> >
> >
> > Regards
> > --
> > Łukasz
> > + 48 606 323 122 http://www.lenart.org.pl/
> >
> > 2013/9/15 Rene Gielen :
> >> Am 15.09.13 10:46, schrieb Lukasz Lenart:
> >>> 2013/9/14 bphill...@ku.edu :
> >>>> For the Documentation menu items why not use Struts 2 and Struts 1 as
> menu
> >>>> choices instead of Struts 2.3.x and Struts 1.3.x.  When we release
> Struts
> >>>> 2.4 we'll have to change those.  The page those menu items link to
> (which
> >>>> right now is not working) can specify the current version (e.g.
> 2.3.15.1).
> >>>
> >>> Let it stay as is for now. I want to remove all those docs per branch
> >>> we have right now and just expose docs related to the latest release,
> >>> e.g. /docs - there be no more 2.3.x and 1.3.x. Draft docs will be
> >>> removed as we should stick with Confluence or Apache CMS in the
> >>> future.
> >>>
> >>
> >> Staying with current link targets is good for now, I agree. But naming
> >> the menu items just Documentation/Struts 2 and Documentation/Struts 1,
> >> as Bruce suggested, is IMO a good way to go
> >>
> >>>
> >>> Regards
> >>>
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >> For additional commands, e-mail: dev-h...@struts.apache.org
> >>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Cleaning up struts/branches

2013-09-17 Thread Rene Gielen 
Sounds good to me, +1


2013/9/17 Lukasz Lenart 

> 2013/9/14 Philip Luppens :
> > On Sat, Sep 14, 2013 at 11:13 AM, Lukasz Lenart  >wrote:
> >
> >> Hi,
> >>
> >> Before moving to GIT I'd like to clean up struts2/branches. As already
> >> mentioned, most of them are fast-track release branches (branch from
> >> the latest tag), which suppose to be removed just after fast-track
> >> release process was done.
> >>
> >> This the list wit my comments
> >> STRUTS_2_0_X/ - fast-track release branch, svn del
> >> STRUTS_2_1_X/ - fast-track release branch, svn del
> >> STRUTS_2_2_1_1/ - fast-track release branch, svn del
> >> STRUTS_2_2_3_X/ - fast-track release branch, svn del
> >> STRUTS_2_3_14_2_X/ - fast-track release branch, svn del
> >> STRUTS_2_3_14_X/ - fast-track release branch, svn del
> >> STRUTS_2_3_15_X/ - fast-track release branch, svn del
> >> STRUTS_2_3_4_X/ - fast-track release branch, svn del
> >> STRUTS_2_3_X/ - fast-track release branch, svn del
> >> STRUTS_3_X/ - my attempt to start with S3, outdated, svn del
> >> able/ - no idea what's that
> >>
> >
> > It was supposed to become a new full development stack started by Patrick
> > Lightbody, if I remember correctly. Didn't get far enough to get some
> > traction. Can be deleted, imho.
>
> So, all the branches can be deleted ;-) If no objections I will do it next
> week.
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Docs: Working on Struts main

2013-09-15 Thread Rene Gielen 
Am 15.09.13 10:46, schrieb Lukasz Lenart:
> 2013/9/14 bphill...@ku.edu :
>> For the Documentation menu items why not use Struts 2 and Struts 1 as menu
>> choices instead of Struts 2.3.x and Struts 1.3.x.  When we release Struts
>> 2.4 we'll have to change those.  The page those menu items link to (which
>> right now is not working) can specify the current version (e.g. 2.3.15.1).
> 
> Let it stay as is for now. I want to remove all those docs per branch
> we have right now and just expose docs related to the latest release,
> e.g. /docs - there be no more 2.3.x and 1.3.x. Draft docs will be
> removed as we should stick with Confluence or Apache CMS in the
> future.
> 

Staying with current link targets is good for now, I agree. But naming
the menu items just Documentation/Struts 2 and Documentation/Struts 1,
as Bruce suggested, is IMO a good way to go

> 
> Regards
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Svn to Git migration

2013-09-13 Thread Rene Gielen 
Lukasz,

Please clarify - is it the idea to leave site, struts1 etc in San (agreed)
or to move struts2/TRUNK *only*, that is not moving struts2/branches and
struts2/tags? For the latter, I'm absolutely -1 - it's my strong opinion
that we should move the full struts 2 scm repo tree, thus working in git
only for all struts 2+ related development.

Cheers,
René
Am 13.09.2013 17:53 schrieb "Lukasz Lenart" :

> 2013/9/12 Johannes Geppert :
> > +1 for starting with the Git migration process.
> >
> > What about only migrating the current svn struts2/trunk to git and leave
> > the rest in the svn repository?
> >
> > If we need sometime also the site in git we can request a separate git
> > repository like struts-site.git.
>
> Exactly, that's the idea :-)
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Docs: Working on Struts main

2013-09-13 Thread Rene Gielen 
http://struts.staging.apache.org/
Am 13.09.2013 18:35 schrieb "Paul Benedict" :

> Where can I see the "new" website before it goes live?
>
>
> On Fri, Sep 13, 2013 at 2:22 AM, Rene Gielen 
> wrote:
>
> > As this a major change, a formal vote might be a valid option.
> >  Am 12.09.2013 11:26 schrieb "Lukasz Lenart" :
> >
> > > Can we go live?
> > >
> > > 2013/9/11 Lukasz Lenart :
> > > > I think we can go live with the new website even now - it looks much
> > > > better the old one and the rest can be improved in meantime.
> > > >
> > > > 2013/9/10 Christian Grobmeier :
> > > >> Am 10.09.13 18:11, schrieb Rene Gielen:
> > > >>> If I'd use [Publish Site] now in the Bookmarklet, the site gets -
> > well
> > > -
> > > >>> published. So better nobody would hit this unless we are sure to
> > > launch the
> > > >>> reworked site. Also, we are currently not able to publish "small
> > > changes"
> > > >>> such as release announcements without rolling out the full new
> site.
> > I
> > > just
> > > >>> want to make sure anybody is aware of this (as long as I'm not
> > missing
> > > >>> something here).
> > > >> Ah yes, thats right. Luckily the old page is already much worse then
> > the
> > > >> half completed one now.
> > > >> We have a lot of outdated links and information there. If somebody
> > reads
> > > >> that he would be totally done.
> > > >> If it is really an emergency problem we can branch the trunk,
> rollback
> > > >> things on trunk and push a change.
> > > >> Not nice and well thought, but would work in case of fire.
> > > >>
> > > >>
> > > >>> - René
> > > >>>
> > > >>>
> > > >>> 2013/9/10 Christian Grobmeier 
> > > >>>
> > > >>>> Am 10.09.13 14:40, schrieb Lukasz Lenart:
> > > >>>>> 2013/9/10 Rene Gielen :
> > > >>>>>> You guys are aware that we cannot publish to live anymore now?
> We
> > > would
> > > >>>>>> rollout the new site then.
> > > >>>> If you mean that "view diff" gives a "no result", this was prior
> the
> > > >>>> changes. I thought it was a hickup at infra.
> > > >>>> I have tried that via the cms bookmarklet. Or did you mean
> something
> > > else?
> > > >>>>> What you mean by that?
> > > >>>>>
> > > >>>>>
> > > >>>>> Regards
> > > >>>>
> > > >>>>
> > -
> > > >>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > > >>>> For additional commands, e-mail: dev-h...@struts.apache.org
> > > >>>>
> > > >>>>
> > > >>
> > > >>
> > > >>
> -
> > > >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > > >> For additional commands, e-mail: dev-h...@struts.apache.org
> > > >>
> > >
> > > -
> > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > > For additional commands, e-mail: dev-h...@struts.apache.org
> > >
> > >
> >
>
>
>
> --
> Cheers,
> Paul
>

Re: Docs: Working on Struts main

2013-09-13 Thread Rene Gielen 
As this a major change, a formal vote might be a valid option.
 Am 12.09.2013 11:26 schrieb "Lukasz Lenart" :

> Can we go live?
>
> 2013/9/11 Lukasz Lenart :
> > I think we can go live with the new website even now - it looks much
> > better the old one and the rest can be improved in meantime.
> >
> > 2013/9/10 Christian Grobmeier :
> >> Am 10.09.13 18:11, schrieb Rene Gielen:
> >>> If I'd use [Publish Site] now in the Bookmarklet, the site gets - well
> -
> >>> published. So better nobody would hit this unless we are sure to
> launch the
> >>> reworked site. Also, we are currently not able to publish "small
> changes"
> >>> such as release announcements without rolling out the full new site. I
> just
> >>> want to make sure anybody is aware of this (as long as I'm not missing
> >>> something here).
> >> Ah yes, thats right. Luckily the old page is already much worse then the
> >> half completed one now.
> >> We have a lot of outdated links and information there. If somebody reads
> >> that he would be totally done.
> >> If it is really an emergency problem we can branch the trunk, rollback
> >> things on trunk and push a change.
> >> Not nice and well thought, but would work in case of fire.
> >>
> >>
> >>> - René
> >>>
> >>>
> >>> 2013/9/10 Christian Grobmeier 
> >>>
> >>>> Am 10.09.13 14:40, schrieb Lukasz Lenart:
> >>>>> 2013/9/10 Rene Gielen :
> >>>>>> You guys are aware that we cannot publish to live anymore now? We
> would
> >>>>>> rollout the new site then.
> >>>> If you mean that "view diff" gives a "no result", this was prior the
> >>>> changes. I thought it was a hickup at infra.
> >>>> I have tried that via the cms bookmarklet. Or did you mean something
> else?
> >>>>> What you mean by that?
> >>>>>
> >>>>>
> >>>>> Regards
> >>>>
> >>>> -
> >>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >>>> For additional commands, e-mail: dev-h...@struts.apache.org
> >>>>
> >>>>
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >> For additional commands, e-mail: dev-h...@struts.apache.org
> >>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Svn to Git migration

2013-09-13 Thread Rene Gielen 
+1 for git flow as the way to go, including excellent tooling - command
line extensions, Atlassian Sourcetree support and even a IDEA plugin
(https://github.com/OpherV/gitflow4idea) help to make this an elegant
abstract and reliable workflow.

-1 for moving trunk only. We don't want to lose history, and we would
not want two repositories for one project (Struts 2). Once we moved to
git, the full struts2 svn tree should either be switched to read-only
or/and later be removed.

+1 for dealing with ../branches/STRUTS_3_X etc as hierarchical feature
branches from which single feature branches will be forked for actual
development - at least for now. I want to investigate further on this
one, but basically there should not be a problem if we start like this.

- René

Am 12.09.13 21:48, schrieb Johannes Geppert:
> +1 for starting with the Git migration process.
> 
> What about only migrating the current svn struts2/trunk to git and leave
> the rest in the svn repository?
> 
> If we need sometime also the site in git we can request a separate git
> repository like struts-site.git.
> 
> Johannes
> 
> #
> web: http://www.jgeppert.com
> twitter: http://twitter.com/jogep
> 
> 
> 
> 2013/9/11 Lukasz Lenart 
> 
>> Hi,
>>
>> I'd like to start discussion about the migration process - there are
>> few things we must clarify, at least:
>> - Git structure
>> - development flow
>>
>> I think we should have just one repo: git.apache.org/struts.git and
>> diverse versions internally via branches - so the current S2 source
>> become the base and then we will transfer it to 2.5 and 3 in the
>> future.
>>
>> As a flow I like git-flow [1] - well known and used
>>
>> [1] https://github.com/nvie/gitflow
>>
>>
>> Regards
>> --
>> Łukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
>>
>> PS. It'll be implemented after cleaning up current pipeline :-)
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> For additional commands, e-mail: dev-h...@struts.apache.org
>>
>>
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: svn commit: r1521940 - in /struts/struts2/trunk: apps/jboss-blank/ archetypes/ archetypes/struts2-archetype-angularjs/ archetypes/struts2-archetype-blank/ archetypes/struts2-archetype-convention/

2013-09-12 Thread Rene Gielen 
Johannes,

Could you please remove the IDEA .iml files you committed?

Thanks
René
Am 11.09.2013 19:06 schrieb :

> Author: jogep
> Date: Wed Sep 11 17:06:05 2013
> New Revision: 1521940
>
> URL: http://svn.apache.org/r1521940
> Log:
> WW-4197 Update Archetypes READMEs
>
> Added:
> struts/struts2/trunk/apps/jboss-blank/struts2-jboss-blank.iml
>
> struts/struts2/trunk/archetypes/struts2-archetype-dbportlet/struts2-archetype-dbportlet.iml
>
> struts/struts2/trunk/archetypes/struts2-archetype-portlet/struts2-archetype-portlet.iml
>
> struts/struts2/trunk/archetypes/struts2-archetype-starter/struts2-archetype-starter.iml
> struts/struts2/trunk/archetypes/struts2-archetypes.iml
> struts/struts2/trunk/plugins/gxp/struts2-gxp-plugin.iml
> struts/struts2/trunk/plugins/struts2-plugins.iml
> Modified:
> struts/struts2/trunk/archetypes/struts2-archetype-angularjs/README.txt
> struts/struts2/trunk/archetypes/struts2-archetype-blank/README.txt
> struts/struts2/trunk/archetypes/struts2-archetype-convention/README.txt
> struts/struts2/trunk/archetypes/struts2-archetype-dbportlet/README.txt
> struts/struts2/trunk/archetypes/struts2-archetype-portlet/README.txt
> struts/struts2/trunk/archetypes/struts2-archetype-starter/README.txt
>
> Added: struts/struts2/trunk/apps/jboss-blank/struts2-jboss-blank.iml
> URL:
> http://svn.apache.org/viewvc/struts/struts2/trunk/apps/jboss-blank/struts2-jboss-blank.iml?rev=1521940&view=auto
>
> ==
> --- struts/struts2/trunk/apps/jboss-blank/struts2-jboss-blank.iml (added)
> +++ struts/struts2/trunk/apps/jboss-blank/struts2-jboss-blank.iml Wed Sep
> 11 17:06:05 2013
> @@ -0,0 +1,62 @@
> +
> + org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true"
> type="JAVA_MODULE" version="4">
> +  
> +
> +  
> +
> +   url="file://$MODULE_DIR$/src/main/webapp/WEB-INF/web.xml" />
> +
> +
> +  
> +   relative="META-INF" />
> +
> +
> +  
> +  
> +
> +  
> +  
> +
> +  
> +
> +  
> +
> +  
> +   inherit-compiler-output="false">
> +
> +
> +
> +   isTestSource="false" />
> +   isTestSource="false" />
> +   isTestSource="true" />
> +  
> +
> +
> +
> +
> +
> + scope="TEST" />
> +
> +
> +
> +
> +
> +
> +
> +
> +
> +
> +
> +
> +
> + level="project" />
> + level="project" />
> + />
> + level="project" />
> + level="project" />
> +
> +
> + level="project" />
> +  
> +
> +
>
> Modified:
> struts/struts2/trunk/archetypes/struts2-archetype-angularjs/README.txt
> URL:
> http://svn.apache.org/viewvc/struts/struts2/trunk/archetypes/struts2-archetype-angularjs/README.txt?rev=1521940&r1=1521939&r2=1521940&view=diff
>
> ==
> --- struts/struts2/trunk/archetypes/struts2-archetype-angularjs/README.txt
> (original)
> +++ struts/struts2/trunk/archetypes/struts2-archetype-angularjs/README.txt
> Wed Sep 11 17:06:05 2013
> @@ -16,12 +16,12 @@ USAGE
>  - the webapp war name   ->  myWebApp
>
>
> -  mvn archetype:generate -B -DgroupId=com.mycompany.mysystem \
> +mvn archetype:generate -B -DgroupId=com.mycompany.mysystem \
>
> -DartifactId=myWebApp \
>
> -DarchetypeGroupId=org.apache.struts \
>
> -DarchetypeArtifactId=struts2-archetype-angularjs \
>
> -DarchetypeVersion= \
> -
> -DremoteRepositories=http://people.apache.org/repo/m2-snapshot-repository
> +
> -DremoteRepositories=http://struts.apache.org
>
>  IMPORTANT:
>  ==
>
> Modified:
> struts/struts2/trunk/archetypes/struts2-archetype-blank/README.txt
> URL:
> http://svn.apache.org/viewvc/struts/struts2/trunk/archetypes/struts2-archetype-blank/README.txt?rev=1521940&r1=1521939&r2=1521940&view=diff
>
> ==
> --- struts/struts2/trunk/archetypes/struts2-archetype-blank/README.txt
> (original)
> +++ struts/struts2/trunk/archetypes/struts2-archetype-blank/README.txt Wed
> Sep 11 17:06:05 2013
> @@ -16,13 +16,12 @@ USAGE
>  - the webapp war name   ->  myWebApp
>
>
> -  mvn archetype:create -DgroupId=com.myCompany.mySystem \
> -   -DartifactId=myWebApp \
> -   -DarchetypeGroupId=org.apache.struts \
> -   -DarchetypeArtifactId=struts2-archetype-blank \
> -   -DarchetypeVersion= \
> -   -DremoteRepositories=
> http://people.apache.org/repo/m2-snapshot-repository
> -
> +mvn archetype:generate -B -DgroupId=com.mycompany.mysystem \
> +
> -DartifactId=myWebApp \
> +
> -DarchetypeGroupId=org.apache.struts \
> +
> -DarchetypeArtifactId=struts2-archetype-blank \
> +
> -DarchetypeVersion= \
> +
> -DremoteRepositories=http://struts.apache.o

Re: Docs: Working on Struts main

2013-09-10 Thread Rene Gielen 
If I'd use [Publish Site] now in the Bookmarklet, the site gets - well -
published. So better nobody would hit this unless we are sure to launch the
reworked site. Also, we are currently not able to publish "small changes"
such as release announcements without rolling out the full new site. I just
want to make sure anybody is aware of this (as long as I'm not missing
something here).

- René


2013/9/10 Christian Grobmeier 

> Am 10.09.13 14:40, schrieb Lukasz Lenart:
> > 2013/9/10 Rene Gielen :
> >> You guys are aware that we cannot publish to live anymore now? We would
> >> rollout the new site then.
> If you mean that "view diff" gives a "no result", this was prior the
> changes. I thought it was a hickup at infra.
> I have tried that via the cms bookmarklet. Or did you mean something else?
> > What you mean by that?
> >
> >
> > Regards
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Docs: Working on Struts main

2013-09-10 Thread Rene Gielen 
You guys are aware that we cannot publish to live anymore now? We would
rollout the new site then.


2013/9/10 Lukasz Lenart 

> Uh... uh... osm :-)
>
> 2013/9/10 Christian Grobmeier :
> > Am 10.09.13 14:18, schrieb Lukasz Lenart:
> >> OSM! :-)
> >>
> >> I'd just move social buttons to dedicated row, just below IRC channel.
> >>
> >>
> >> Thanks!
> > Good idea, its done!
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > For additional commands, e-mail: dev-h...@struts.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: Docs: Working on Struts main

2013-09-09 Thread Rene Gielen 
While this isn't a full review, some first impressions:

- Landing page: Key Technologies section (left bottom div) is redundant
given the Technology Primer link in the hero bar. I would rather
recommend to place the most important announcement (such as security
announcement / latest release info) here

- Apache Struts / Releases: Let's call it Downloads - effectively it is
the link page not only for releases, but also snapshot downloads and so
on. Interestingly, this also the name of the page!

- First steps: While we want to add a First Steps section within this
menu, it effectively covers all the documentation - so Documentation
would be the menu name following the principle of least surprise.

so far for now,
René


Am 09.09.13 11:44, schrieb Christian Grobmeier:
> Hello folks,
> 
> given our recent discussions on the documentation I have started to
> rework the Struts main page.
> 
> Please find it here:
> http://svn.apache.org/repos/asf/struts/site/branches/next/
> 
> I have already pinned a lot of my "visions" here and would like to
> invite you to check it out and help making it good.
> 
> I was very radical and removed everything which looked outdated, reached
> to far or was "not necessary" these day in my opinion. For example, the
> main page is much smaller now. I reduced the struts 1 noise. I reduced
> the technologies primer, because if I would have read that, I would
> never have contributed to Struts. in addtion, a lot was aimed for Struts
> 1. There is still to much in it.
> 
> I added new pages, like "You at Struts" and did some reorganizations on
> the menu. You could say, I touched almost everything.
> 
> Instead of discussing what I removed, I would like to discuss what is
> missing.
> 
> The current struts main page (struts.apache.org) is full of wrong links
> to f. e. sun, technology references which are said mandatory but are not
> (like SOAP) and even has a lot of 404. When I read through it, my
> feeling was Struts is a bad place - but it's not.
> 
> That all said I really believe we need to improve this page a lot
> quickly. After a day of working on it, please chime in and help if you
> have some time.
> 
> Cheers
> Christian
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Something to think about maybe

2013-09-09 Thread Rene Gielen 
As you might know, we had a hackathon this weekend in Augsburg, Germany
(http://strutsathon.opensource.io/) where we experimented a bit with
available options and requierements.

One of the outcomes was that we may want to start with a "real" user
guide that helps to get started and addresses common learning topics.
Meanwhile the Confluence docs could stay in place, still containing
detailed reference information (which the user guide may link to) and
technical information such as security bulletins etc.

Thus we could address the general issue of ramping up users to be
productive with Struts 2 without the need to throw away confluence for
now. Once we have both a reliable lifecycle management for SCM authored
content and the intended content itself in place, we can rethink our
next steps with / without confluence.

For the technical side, two smart guys who joined us at the hackathon
started to address this together with Christian and me with research on
how Markdown based authored content could be built in our maven
environment and how Snippets could be integrated seamlessly here as well.

Some work is already open for review now / in near future:
https://github.com/organizations/opensourceio

- René

Am 09.09.13 11:32, schrieb Lukasz Lenart:
> 2013/9/4 Steven Benitez :
>> I know it's the plan to move to Git, but that can't happen soon enough.
>> Subversion is like a big cloud of sadness.
>>
>> On the bright side, it would be great to get a concerted effort at creating
>> new documentation. I'd be happy to help.
> 
> One thing to think of when migrating to a new mechanism (i.e. Markdown
> and Jekyll) - security. Right now in Confluence I'm able limit access
> to some pages by specifying access rights - it's very useful mechanism
> when we're preparing a Security Bulletin and Release Notes which
> shouldn't be publicly available before patch is ready and we are
> releasing new version.
> 
> 
> Regards
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Setting up environment locally

2013-09-04 Thread Rene Gielen 
Am 04.09.13 14:52, schrieb Christian Grobmeier:
> Am 04.09.13 14:47, schrieb shekher awasthi:
>> Hi Lukas,
>>
>> I have maven as well Eclipse in place, should i just build them and than i
>> am ready to start (Confused :()
> 
> With eclipse i think you should do:
> 
> mvn eclipse:eclipse

Although I'm also working with IDEA only nowadays, I'm pretty sure that
it is better to chose "Import existing Maven Project" in a current
Eclipse release rather than having mvn eclipse:eclipse generate an
eclipse setup.

> 
> to create eclipse related files. Please note, I have migrated away from
> Eclipse because IntelliJ is a lot better meanwhile. Just saying.
> 
>> Not sure how to proceed from there, like how i can use that code base to
>> debug it. May be my question is silly but as of now i am not able to
>> visualize that.
> It's not silly, only recently i mentioned this is being a huge problem
> in this project.
> 
> That said, maybe the easiest way is to set up an own little project (use
> mvn archetypes to generate it) and then open classpath settings in
> eclipse. Instead of using included jars, select the checked out project
> as dependency.
> 
> HTH!
> 
> Christian
> 
>>
>> Struts has so many modules and not sure how to start :(
>>
>> Thanks
>> -S
>>
>>
>> On Wed, Sep 4, 2013 at 5:52 PM, Lukasz Lenart wrote:
>>
>>> 2013/9/4 shekher awasthi :
 Hi All,

 I am trying to set up struts2 environment locally so that i can debug
 source code.idea is to get insight how its working and how flow is going
>>> on
 so that if possible i can contribute in future.

 I tried to find information about setting it up but did not get any
 information.
 Can anyone help me to do that.

 I have already taken struts2 source code checkout on my local machine
>>> So you need Apache Maven to build the packages and IDE which support
>>> Maven based projects, ie. IntelliJ IDEA
>>>
>>>
>>> Regards
>>> --
>>> Łukasz
>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: dev-h...@struts.apache.org
>>>
>>>
> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Spring Plugin Documentation

2013-08-11 Thread Rene Gielen 
Am 11.08.13 22:31, schrieb Steven Benitez:
> http://struts.apache.org/release/2.3.x/docs/spring-plugin.html still
> appears as it did before this email. Is there a delay before changes are
> reflected on the page?
>

Yes, the process of generating static exports from Confluence Wiki has
changed, and we have not yet a working solution for publishing such
exorts periodically.

Pleas use Confluence as the cannonical source of draft docs:
https://cwiki.apache.org/confluence/display/WW/Spring+Plugin

- René

> 
> On Sat, Aug 10, 2013 at 5:15 AM, Rene Gielen  wrote:
> 
>> Am 10.08.13 07:42, schrieb Steven Benitez:
>>> Never mind, this looks to be driven by Confluence and I don't have
>>> permission to make changes. Can someone update this document accordingly?
>>>
>>
>> Fixed. If you want to help fixing Confluence docs, you need to file a
>> CLA. Then we could give you edit rights.
>>
>>>
>>> On Sat, Aug 10, 2013 at 1:35 AM, Steven Benitez <
>> steven.beni...@gmail.com>wrote:
>>>
>>>> The Spring plugin docs don't indicate that "no" is a valid setting for
>>>> "struts.objectFactory.spring.autoWire".
>>>>
>>>> http://struts.apache.org/release/2.3.x/docs/spring-plugin.html
>>>>
>>>> I'm not sure what process creates these docs, where the source code for
>>>> the docs is at, how I could fix this and create a pull request or patch.
>>>>
>>>> Any pointers on how I can help fix up documentation?
>>>>
>>>> Thanks,
>>>> Steven
>>>>
>>>
>>
>>
>> --
>> René Gielen
>> http://twitter.com/rgielen
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> For additional commands, e-mail: dev-h...@struts.apache.org
>>
>>
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Spring Plugin Documentation

2013-08-10 Thread Rene Gielen 
Am 10.08.13 07:42, schrieb Steven Benitez:
> Never mind, this looks to be driven by Confluence and I don't have
> permission to make changes. Can someone update this document accordingly?
> 

Fixed. If you want to help fixing Confluence docs, you need to file a
CLA. Then we could give you edit rights.

> 
> On Sat, Aug 10, 2013 at 1:35 AM, Steven Benitez 
> wrote:
> 
>> The Spring plugin docs don't indicate that "no" is a valid setting for
>> "struts.objectFactory.spring.autoWire".
>>
>> http://struts.apache.org/release/2.3.x/docs/spring-plugin.html
>>
>> I'm not sure what process creates these docs, where the source code for
>> the docs is at, how I could fix this and create a pull request or patch.
>>
>> Any pointers on how I can help fix up documentation?
>>
>> Thanks,
>> Steven
>>
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: FYI

2013-08-05 Thread Rene Gielen 
Am 06.08.13 07:39, schrieb Lukasz Lenart:
> 2013/8/5 Dave Newton :
>> I expect most of you already saw (or assumed) this, but just in case:
>>
>> https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2013-08-05
>>
>> Oh OGNL.
> 
> Last time guys from Atlassian contacted with us directly, so I assume
> if this issue affects Struts, they inform us again :-)

That's true, so no worries guys! Double evaluation also sounds like one
of our older issues.

> 
> 
> Regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: username\password prompt

2013-07-29 Thread Rene Gielen 
-DskipAssembly is the way to go as long as Confluence requires a login
to use the web service interface and you don't have one. Also, if you
don't need the full docs in your local build the docs assembly phase is
really one you would like to skip given the time it takes.

If you want to add a permanent hint to skip the assembly, you could
define a profile (maybe called struts-localbuild) in your
$USER_HOME/.m2/settings.xml, like so:



struts-localbuild

 true




struts-localbuild



Am 29.07.13 08:43, schrieb Serdyn du Toit:
>> You can also start build with -DskipAssembly to skip the whole assembly
> module.
> 
> Thanks, worked :)  I can now build the Jar without Maven prompting for
> anything.
> 
> I raised an issue here: https://issues.apache.org/jira/browse/WW-4157
> 
> I guess one can also just set skipAssembly permanently in the main pom.xml
> properties.  But not really knowing Maven very well I don't really know
> what someone would automatically expect eg "mvn install" to do and not do.
>  I mean I just wanted the Jar built - and that works 100% using
> skipAssembly.
> 
> Many thanks guys - appreciated :)
> Serdyn du Toit
> 
> 
> 
> On Mon, Jul 29, 2013 at 7:55 AM, Lukasz Lenart wrote:
> 
>> 2013/7/28 Serdyn du Toit :
>>> [INFO]
>>> [INFO] --- exec-maven-plugin:1.2:java (cwiki-docs) @ struts2-assembly ---
>>> Enter username:
>>>
>>> Enter password:
>>>
>>> Jul 28, 2013 10:28:26 PM
>>> org.apache.cxf.service.factory.ReflectionServiceFactory
>>> Bean buildServiceFromClass
>>> INFO: Creating Service {http://soap.rpc.confluence.atlassian.com}Service
>>> from cl
>>> ass org.apache.cxf.jaxws.support.DummyImpl
>>
>> Right ... not so good :\
>>
>> This is needed to prepare a new release as right now we directly hit
>> Confluence to export docs. Can you register an issue for that? It
>> would be better to docs export to release phase. It isn't needed for
>> normal builds.
>>
>> You can also start build with -DskipAssembly to skip the whole assembly
>> module.
>>
>>
>> Regards
>> --
>> Łukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> For additional commands, e-mail: dev-h...@struts.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[ANN] Struts 2.3.15.1 GA (fast track | security | critical)

2013-07-16 Thread Rene Gielen 
The Apache Struts group is pleased to announce that Struts 2.3.15.1 is
available as a "General Availability" release. The GA designation is
our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

Two security issues were solved with this release, one of which is rated
critical - see [1] and [2] for detailed information:
* Remote code execution vulnerability when using short-circuit
navigation parameter prefixes
* Open redirect vulnerability when using short-circuit redirect
parameter prefixes

All developers are strongly advised to immediately update existing
Struts 2 applications to Struts 2.3.15.1.

Struts 2.3.15.1 is available in a full distribution or as separate
library, source, example and documentation distributions, from the
releases page. The release is also available through the central Maven
repository under Group ID "org.apache.struts". The release notes are
available online [3].

The 2.3.x series of the Apache Struts framework has a minimum
requirement of the following specification versions: Servlet API 2.4,
JSP API 2.0, and Java 5.

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.


- The Apache Struts Team.

[1] http://struts.apache.org/release/2.3.x/docs/s2-016.html
[2] http://struts.apache.org/release/2.3.x/docs/s2-017.html
[3] http://struts.apache.org/release/2.3.x/docs/version-notes-23151.html

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Not calling ParameterNameAware.acceptableParameterName when implemented - since xwork 2.3.7

2013-07-16 Thread Rene Gielen 
Am 13.07.13 22:38, schrieb Przemysław Celej:
> Hi,
> 
> [...]
> 
> Please consider writing "version notes" more carefully when you doing
> such changes, I'm sure that most developers who rely on
> ParameterNameAware inteface doesn't know that in recent versions of
> Struts this behaviour has changed.
> 

No need to consider - we *always* try to carefully write version notes.
Nevertheless, it doesn't always work perfectly. As Lukasz pointed out,
later version notes corrected this missing point.

But you or anybody using Struts 2 (or any other Apache software) in
production environments can help. For each release, we ask for test
driving the candidates and we cast a public vote on it's quality.
Everyone is invited to vote, or to report issues. In addition, we would
love to have more acceptance and regression tests in place, but somebody
has to invest the time. So if you or others feel the need to improve in
this point, we would happily accept any help :)

Thanks,
René

> 
> Thank you.
> 
> [1]
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.struts.xwork/xwork-core/2.3.4.1/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?av=f#280
> 
> [2]
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.struts.xwork/xwork-core/2.3.7/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java/#282
> 
> [3] http://struts.apache.org/release/2.3.x/docs/version-notes-237.html
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] [CLOSED] [FAST TRACK] Struts 2.3.15.1

2013-07-15 Thread Rene Gielen 
The vote has closed with following result:

5 +1 GA (binding)

I'm going to release 2.3.15.1 as soon as possible.

Thanks,
René

Am 15.07.13 00:15, schrieb Rene Gielen:
> The Struts 2.3.15.1 test build is now available. It includes the latest
> security patches which fix two possible vulnerabilities.
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-016
> * https://cwiki.apache.org/confluence/display/WW/S2-017
> 
> Please note that currently these bulletins and the release notes are
> only visible to logged-in users with the struts-committer role. This is
> a needed requirement to control disclosure until the actual release is
> announced.
> 
> Release notes:
> * [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.15.1]
> 
> Distribution:
> * [http://people.apache.org/builds/struts/2.3.15.1/]
> 
> Maven 2 staging repository:
> * [https://repository.apache.org/content/repositories/orgapachestruts-143/]
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after 24
> hours (at least three binding +1s and more +1s than -1s),  the release
> may be submitted for mirroring and announced to the usual channels.
> 
> The website download link will include the mirroring timestamp parameter
> [1], which limits the selection of mirrors to those that have been
> refreshed since the indicated time and date. (After 24 hours, we *must*
> remove the timestamp parameter from the website link, to avoid
> unnecessary server load.) In the case of a fast-track release, the email
> announcement will not link directly to , but to
> , so that we can control use of the timestamp parameter.
> 
> [1]
> <[http://apache.org/dev/mirrors.html#use|http://apache.org/dev/mirrors.html#use]>
> 
> - The Apache Struts group.
> 
> 

-- 
René Gielen
IT-Neering.net
Saarstrasse 100, 52062 Aachen, Germany
Tel: +49-(0)241-4010770
Fax: +49-(0)241-4010771
Cel: +49-(0)163-2844164
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] [FAST TRACK] Struts 2.3.15.1

2013-07-15 Thread Rene Gielen 
+1 GA, binding

- René

Am 15.07.13 00:15, schrieb Rene Gielen:
> The Struts 2.3.15.1 test build is now available. It includes the latest
> security patches which fix two possible vulnerabilities.
> 
> For details and the rationale behind these changes, please consult the
> corresponding security bulletins:
> * https://cwiki.apache.org/confluence/display/WW/S2-016
> * https://cwiki.apache.org/confluence/display/WW/S2-017
> 
> Please note that currently these bulletins and the release notes are
> only visible to logged-in users with the struts-committer role. This is
> a needed requirement to control disclosure until the actual release is
> announced.
> 
> Release notes:
> * [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.15.1]
> 
> Distribution:
> * [http://people.apache.org/builds/struts/2.3.15.1/]
> 
> Maven 2 staging repository:
> * [https://repository.apache.org/content/repositories/orgapachestruts-143/]
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> This is a "fast-track" release vote. If we have a positive vote after 24
> hours (at least three binding +1s and more +1s than -1s),  the release
> may be submitted for mirroring and announced to the usual channels.
> 
> The website download link will include the mirroring timestamp parameter
> [1], which limits the selection of mirrors to those that have been
> refreshed since the indicated time and date. (After 24 hours, we *must*
> remove the timestamp parameter from the website link, to avoid
> unnecessary server load.) In the case of a fast-track release, the email
> announcement will not link directly to , but to
> , so that we can control use of the timestamp parameter.
> 
> [1]
> <[http://apache.org/dev/mirrors.html#use|http://apache.org/dev/mirrors.html#use]>
> 
> - The Apache Struts group.
> 
> 

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[VOTE] [FAST TRACK] Struts 2.3.15.1

2013-07-14 Thread Rene Gielen 
The Struts 2.3.15.1 test build is now available. It includes the latest
security patches which fix two possible vulnerabilities.

For details and the rationale behind these changes, please consult the
corresponding security bulletins:
* https://cwiki.apache.org/confluence/display/WW/S2-016
* https://cwiki.apache.org/confluence/display/WW/S2-017

Please note that currently these bulletins and the release notes are
only visible to logged-in users with the struts-committer role. This is
a needed requirement to control disclosure until the actual release is
announced.

Release notes:
* [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.15.1]

Distribution:
* [http://people.apache.org/builds/struts/2.3.15.1/]

Maven 2 staging repository:
* [https://repository.apache.org/content/repositories/orgapachestruts-143/]

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

This is a "fast-track" release vote. If we have a positive vote after 24
hours (at least three binding +1s and more +1s than -1s),  the release
may be submitted for mirroring and announced to the usual channels.

The website download link will include the mirroring timestamp parameter
[1], which limits the selection of mirrors to those that have been
refreshed since the indicated time and date. (After 24 hours, we *must*
remove the timestamp parameter from the website link, to avoid
unnecessary server load.) In the case of a fast-track release, the email
announcement will not link directly to , but to
, so that we can control use of the timestamp parameter.

[1]
<[http://apache.org/dev/mirrors.html#use|http://apache.org/dev/mirrors.html#use]>

- The Apache Struts group.


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Struts annotations limited to specific methods

2013-06-28 Thread Rene Gielen 
This sounds a bit like "inversion of control". As for me, I'd rather not
like to have my model (which is to validate) to have knowledge about the
business side validation is triggered from. When I develop from the action
perpective, I know if the current method is better off triggering
validation or not. This is why I like to place @Validation /
@SkipValidation at the action method rather than enlisting this method name
somewhere else. But that's just me...

BTW - I wonder if it's time to rethink validation for Struts 3. JSR 303 ff
has become really mature and has some pretty advanced features (e.g.
validation groups). How about deprecating XWork validation in favor of JSR
303 integration? BTW, since 303 was among others inspired by XWork
validation due to Jason Careira being on the initial EG, it wouldn't be too
much of a break with our traditions :)

- René


2013/6/28 Maurizio Cucchiara 

> Hi Paul,
> actually there is one way: using @SkipValidation combined with @Validation
> Or maybe I miss the point. Is there something better in your approach?
>
> On 28 June 2013 05:38, Paul Benedict  wrote:
>
> > I was thinking it would be a good idea to add "String[] actions" on the
> > validations. When empty, it means all methods; otherwise only the methods
> > the validation should be executing with.
> >
> > I don't think there's a current way to do this except through XML.
> >
> > Thoughts?
>
>
>
>
> Twitter :http://www.twitter.com/m_cucchiara
> G+  :https://plus.google.com/107903711540963855921
> Linkedin:http://www.linkedin.com/in/mauriziocucchiara
> VisualizeMe: http://vizualize.me/maurizio.cucchiara?r=maurizio.cucchiara
>
> Maurizio Cucchiara
>

Re: IMPORTANT: Major Confluence Upgrade Coming Soon. Please review test instance now.

2013-06-27 Thread Rene Gielen 
Will hopefully being able to check tomorrow

Am 27.06.13 22:11, schrieb Lukasz Lenart:
> Can you take a look on that [1]? I don't know how to setup
> SiteExporter to get it running :\
> 
> [1] https://issues.apache.org/jira/browse/WW-4130
> 
> 
> Regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

[ANN] New Struts Committer -Bruce Phillips

2013-06-24 Thread Rene Gielen 
Please join us in welcoming Bruce Phillips as a new Struts committer.

Bruce has done a great job in keeping our docs alive, including the
authoring of various Getting Started and Tutorial examples.

Welcome, bphillips@ ... great to have you on board now!

- René

-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: IMPORTANT: Major Confluence Upgrade Coming Soon. Please review test instance now.

2013-06-19 Thread Rene Gielen 
Am 19.06.13 10:02, schrieb Lukasz Lenart:
> 2013/6/19 Rene Gielen :
>> CSS for warning / tips / infos is terrible. Editing seems to be more
>> painful, though there is some change for adaption.
> 
> Gavin re-ran the export and now editing pages is ok.

I tested today, so I guess this was the *ok* experience. Not sure if I
agree on that, but well ... adaption ... blah

> 
>> It looks like we are not exactly in a hurry (we aren't using autoexport
>> but wget, right?) - but looking into alternatives which might fix better
>> in the build and release cycle seems to become more and more important.
> 
> autoexport exports each page into cwiki.a.o/WW/ from where wget gets
> all the docs - so it will affect as badly :\

this is a bummer!
OK, we're officially having a problem now I guess.

> 
> 
> Regards
> 


-- 
René Gielen
http://twitter.com/rgielen

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

  1   2   3   4   5   >