[ANN] Apache Syncope 3.0.9
The Apache Syncope team is pleased to announce the release of Syncope 3.0.9 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope309 Upgrading from 3.0.8? There are some notes about this process: https://s.apache.org/59ey2 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.9
Hi all, after more than 72 hours, the vote for Syncope 3.0.9 [1] *passes* with 6 PMC votes. +1 (PMC / binding) * Samuel Garofalo * Lorenzo Di Cola * Marco Di Sabatino * Fabio Martelli * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/8f8km6sycpq4nxm1vhhmzpxm3zrrzjcn -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.9
I've created a 3.0.9 release, with the following artifacts up for a vote: GIT source tag (f119df8266): https://github.com/apache/syncope/releases/tag/syncope-3.0.9 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.9/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.9/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1090/ Staging site: https://syncope.apache.org/3.0.9/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] Removal of non-JSON JPA support in 4.0
I went ahead and created https://issues.apache.org/jira/browse/SYNCOPE-1827 Regards. On 02/08/24 14:47, Francesco Chicchiriccò wrote: Hi all, now that MariaDB has received its JSON flavor [1], I would like to discuss the possibility to simplify the 4.0 codebase by removing support for non-JSON JPA flavors. Historically, JPA support was provided since the beginning under core/persistence-jpa. At a certain point, some way to leverage the possibility to manipulate JSON strings for user, group and any object attributes was introduced for PostgreSQL first, then MySQL, Oracle and finally MariaDB. The purpose: higher throughput and lower search operation roundtrips. Such "flavors" were implemented under core/persistence-jpa-json. It's been quite some time, however, that all new deployments have been starting directly with one of JSON flavors rather than with their non-JSON, original, counterparts. Hence, I am proposing to keep, for 4.0, only such JSON flavors. Removing the non-JSON flavors will result in simplified code, easier to maintain. One side issue of such a proposal is that Syncope 4.0 will not be able to run on H2 any more. H2 is currently used for several unit tests, integration test profiles, standalone and even in the embedded profile for archetype. To solve this, I've been experimenting with embedded PostgreSQL [2], a nice AL-2.0 project which provides support to run a PostgreSQL instance, without Docker, on all major platforms including GNU / Linux, Mac OS and Windows. I must say it works quite well: I was able to remove H2 from everywhere relevant (hence, I've left it there for fir/build-tools): I think I should be ready to open a PR against master shortly. Incidentally, such work allowed me to discover an issue [3] that I've already fixed for Syncope 3.0. Do you see any relevant reason to keep non-JSON JPA flavors in Syncope 4.0, or any relevant issue in removing H2? Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE-1662 [2] https://github.com/zonkyio/embedded-postgres [3] https://issues.apache.org/jira/browse/SYNCOPE-1825 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] Removal of non-JSON JPA support in 4.0
Hi all, now that MariaDB has received its JSON flavor [1], I would like to discuss the possibility to simplify the 4.0 codebase by removing support for non-JSON JPA flavors. Historically, JPA support was provided since the beginning under core/persistence-jpa. At a certain point, some way to leverage the possibility to manipulate JSON strings for user, group and any object attributes was introduced for PostgreSQL first, then MySQL, Oracle and finally MariaDB. The purpose: higher throughput and lower search operation roundtrips. Such "flavors" were implemented under core/persistence-jpa-json. It's been quite some time, however, that all new deployments have been starting directly with one of JSON flavors rather than with their non-JSON, original, counterparts. Hence, I am proposing to keep, for 4.0, only such JSON flavors. Removing the non-JSON flavors will result in simplified code, easier to maintain. One side issue of such a proposal is that Syncope 4.0 will not be able to run on H2 any more. H2 is currently used for several unit tests, integration test profiles, standalone and even in the embedded profile for archetype. To solve this, I've been experimenting with embedded PostgreSQL [2], a nice AL-2.0 project which provides support to run a PostgreSQL instance, without Docker, on all major platforms including GNU / Linux, Mac OS and Windows. I must say it works quite well: I was able to remove H2 from everywhere relevant (hence, I've left it there for fir/build-tools): I think I should be ready to open a PR against master shortly. Incidentally, such work allowed me to discover an issue [3] that I've already fixed for Syncope 3.0. Do you see any relevant reason to keep non-JSON JPA flavors in Syncope 4.0, or any relevant issue in removing H2? Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE-1662 [2] https://github.com/zonkyio/embedded-postgres [3] https://issues.apache.org/jira/browse/SYNCOPE-1825 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields
Severity: moderate Affected versions: - Apache Syncope 2.1 through 2.1.14 - Apache Syncope 3.0 through 3.0.7 Description: When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. Credit: Basalt IT-Security Team (finder) References: https://syncope.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-38503
[ANN] Apache Syncope 3.0.8
The Apache Syncope team is pleased to announce the release of Syncope 3.0.8 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope308 Upgrading from 3.0.5? There are some notes about this process: https://s.apache.org/2jwk4 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.8
Hi all, after more than 72 hours, the vote for Syncope 3.0.7 [1] *passes* with 3 PMC votes. +1 (PMC / binding) * Lorenzo Di Cola * Samuel Garofalo * Francesco Chicchiriccò +1 (non binding) 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/6d6mfkdhgb0273k5j7xp34qlq3gdx9t0 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.8
I've created a 3.0.8 release, with the following artifacts up for a vote: GIT source tag (1db6b5f52e): https://github.com/apache/syncope/releases/tag/syncope-3.0.8 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.8/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.8/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1089/ Staging site: https://syncope.apache.org/3.0.8/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.7
The Apache Syncope team is pleased to announce the release of Syncope 3.0.7 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope307 Upgrading from 3.0.5? There are some notes about this process: https://s.apache.org/llrmu We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[RESULT] [VOTE] Apache Syncope 3.0.7 2nd attempt
Hi all, after more than 72 hours, the vote for Syncope 3.0.7 [1] *passes* with 6 PMC votes. +1 (PMC / binding) * Lorenzo Di Cola * Andrea Patricelli * Fabio Martelli * Samuel Garofalo * Marco Di Sabatino * Francesco Chicchiriccò +1 (non binding) 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/rr9p25moc2wq57szz96w774w59xf7y5x -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.7 2nd attempt
I've created a 3.0.7 release, with the following artifacts up for a vote: GIT source tag (f0a9c658c7): https://github.com/apache/syncope/releases/tag/syncope-3.0.7 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.7/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.7/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1088/ Staging site: https://syncope.apache.org/3.0.7/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards.
[CANCEL] [VOTE] Apache Syncope 3.0.7
Hi, I need to cancel the ongoing vote process because, after it was started, the following vulnerability disclosure was issued: https://apereo.github.io/2024/05/18/oauth-vuln/ affecting the CAS dependencies and thus WA. Another attempt will start soon. Regards. On 17/05/24 10:56, Francesco Chicchiriccò wrote: I've created a 3.0.7 release, with the following artifacts up for a vote: GIT source tag (c105692b25): https://github.com/apache/syncope/releases/tag/syncope-3.0.7 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.7/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.7/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1087/ Staging site: https://syncope.apache.org/3.0.7/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.7
I've created a 3.0.7 release, with the following artifacts up for a vote: GIT source tag (c105692b25): https://github.com/apache/syncope/releases/tag/syncope-3.0.7 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.7/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.7/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1087/ Staging site: https://syncope.apache.org/3.0.7/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards.
Re: String value length
On 16/02/24 19:36, GCHQDeveloper29 wrote: Hi Francesco, Thank you for your timely response. I have tried to insert the following snippet into my spring-orm.xml file (before the and after the for "org.apache.syncope.core.persistence.jpa.entity.group.JPAGPlainAttrUniqueValue", however it still appears to be creating as a VARCHAR(255) on postgresql as if the overrides are being ignored - if I have been a fool please do let me know. Hi, as you have correctly reported before, the column whose mapping you want to change is declared as field in AbstractPlainAttrValue, so you need to add something like: right before the first element in the file (see the declared XSD for more information). As already said, please double check which ORM file you are effectively using: there are different ones in fact for: * PostgreSQL with JSONB support * MySQL with JSON support * Oracle, default or with JSON support * SQL server if you are not in any of these 4 cases, then the default spring-orm.xml will apply. HTH Regards. On Friday, 16 February 2024 at 14:49, Francesco Chicchiriccò wrote: On 16/02/24 15:40, GCHQDeveloper29 wrote: Currently, string value'd schema are limited to 255 characters in length due to OpenJPA defaults. It would be beneficial to either have this length as adjustable, increased or converted to a Lob. The relevant code is within core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/AbstractPlainAttrValue.java Hi, you should be able to tweak any column definition by adjusting your local ORM file. The actual file to change is the one indicated by the persistence.domain[0].orm property, e.g. spring-orm.xml by default. The OpenJPA settings will in fact get metadata definitions both from Java annotations (which are in fact immutable) and ORM xml file, with the latter taking precedence over the former. HTH Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: String value length
On 16/02/24 15:40, GCHQDeveloper29 wrote: Currently, string value'd schema are limited to 255 characters in length due to OpenJPA defaults. It would be beneficial to either have this length as adjustable, increased or converted to a Lob. The relevant code is within core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/AbstractPlainAttrValue.java Hi, you should be able to tweak any column definition by adjusting your local ORM file. The actual file to change is the one indicated by the persistence.domain[0].orm property, e.g. spring-orm.xml by default. The OpenJPA settings will in fact get metadata definitions both from Java annotations (which are in fact immutable) and ORM xml file, with the latter taking precedence over the former. HTH Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.6
The Apache Syncope team is pleased to announce the release of Syncope 3.0.6 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope306 Upgrading from 3.0.5? There are some notes about this process: https://s.apache.org/0ytql We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[RESULT] [VOTE] Apache Syncope 3.0.6
Hi all, after more than 72 hours, the vote for Syncope 3.0.6 [1] *passes* with 4 PMC votes. +1 (PMC / binding) * Samuel Garofalo * Lorenzo Di Cola * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/4oh9jpvn7877yk2h4jvoxx5fhsyw8khr -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.6
I've created a 3.0.6 release, with the following artifacts up for a vote: GIT source tag (f9912ceea5): https://github.com/apache/syncope/releases/tag/syncope-3.0.6 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.6/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.6/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1086/ Staging site: https://syncope.apache.org/3.0.6/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
RE: JDK 21 Is Now GA, a New VS Code Extension, and an Annotation Processing Heads-up
K-8316681: Rewrite URLEncoder.encode to use small reusable buffers > > [18] https://jdk.java.net/22/ > [19] https://jdk.java.net/22/release-notes > [20] https://github.com/openjdk/jdk/compare/jdk-22%2B12...jdk-22%2B20 > > > ## New Jextract Early-Access Builds > > Jextract mechanically generates Java bindings from native library headers. New Jextract EA builds are now available (Build 21-jextract+1-2 (2023/9/25)) [21], those EA builds are based on JDK 21 and are intended for expert users. > > [21] https://jdk.java.net/jextract/ > > > ## Topics of Interest: > > Java 21… and Beyond - Brian Goetz Devoxx 2023 Keynote > https://inside.java/2023/10/14/java-21-and-beyond/ > > JDK 21 Security Enhancements > https://seanjmullan.org/blog/2023/09/22/jdk21 > > With Java 21, Your Code Runs Even Faster but How is that Possible? > https://inside.java/2023/10/06/devoxx-your-code-runs-even-faster/ > > My Favorite JDK 21 Feature: Javadoc Search URL > https://stuartmarks.wordpress.com/2023/09/22/my-favorite-jdk-21-feature-javadoc-search-url/ > > Upgrading from Java 17 to 21 #RoadTo21 > https://inside.java/2023/08/27/roadto21-upgrade/ > > Java 21 API Changes #RoadTo21 > https://inside.java/2023/09/10/roadto21-api/ > > Java 21 Security #RoadTo21 > https://inside.java/2023/09/13/roadto21-security/ > > Java 21 Tool Enhancements: Better Across the Board #RoadTo21 > https://inside.java/2023/09/06/roadto21-performance/ > > Java 21 JVM and GC Improvements #RoadTo21 > https://inside.java/2023/09/03/roadto21-performance/ > > Java 21 Brings Full Pattern Matching #RoadTo21 > https://inside.java/2023/09/17/roadto21-pattern-matching/ > > Java 21 new feature: Virtual Threads #RoadTo21 > https://inside.java/2023/08/30/roadto21-virtualthreads/ > > G1: Java's Default Garbage Collector > https://inside.java/2023/10/15/g1/ > > New candidate JEP: 457: Class-File API (Preview) > https://openjdk.org/jeps/457 > > Using JAXB in Custom Ant Tasks on Recent Java Versions > https://jaitechwriteups.blogspot.com/2023/10/using-jaxb-in-custom-ant-tasks-on.html > > Java Records are "Trusted" and Consequently Faster > http://minborgsjavapot.blogspot.com/2023/09/java-records-are-trusted-and.html > > JVMLS 2023 Keynote > https://inside.java/2023/09/14/jvmls-keynote/ > > JVMLS - Project Leyden > https://inside.java/2023/09/07/project-leyden/ > > JVMLS - Value Objects in Valhalla > https://inside.java/2023/09/05/value-objects-in-valhalla/ > > Complete JVMLS 2023 playlist > https://www.youtube.com/playlist?list=PLX8CzqL3ArzW90jKUCf4H6xCKpStxsOzp > > Teaching Old Streams New Tricks > https://inside.java/2023/10/11/devoxx-teaching-old-streams-new-tricks/ > > Support Markdown in javadoc Comments > https://mail.openjdk.org/pipermail/javadoc-dev/2023-October/006455.html > > Brian Goetz Answers Your Java Questions > https://inside.java/2023/10/20/ama-brian/ > > > ## October 2023 Critical Patch Update Released > > As part of the October 2023 CPU, Oracle released OpenJDK 21.0.1, JDK 21.0.1, JDK 17.0.9 LTS, 11.0.21 LTS, 8u391, and 8u391-perf. > > > ~ > > PS: Don't forget to update me about your plans related to Java 21. > > Until next time! > > > --David > -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.5
The Apache Syncope team is pleased to announce the release of Syncope 3.0.5 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope305 Upgrading from 3.0.4? There are some notes about this process: https://s.apache.org/3pjc8 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.5
Hi all, after 72 hours, the vote for Syncope 3.0.5 [1] *passes* with 5 PMC votes. +1 (PMC / binding) * Samuel Garofalo * Lorenzo Di Cola * Marco Di Sabatino * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/jo9590r477mzxd90k7bgw3pzr5q4f1t5 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.5
I've created a 3.0.5 release, with the following artifacts up for a vote: GIT source tag (3d845010d1): https://github.com/apache/syncope/releases/tag/syncope-3.0.5 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.5/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.5/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1084/ Staging site: https://syncope.apache.org/3.0.5/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.4
The Apache Syncope team is pleased to announce the release of Syncope 3.0.4 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope304 Upgrading from 3.0.3? There are some notes about this process: https://s.apache.org/a0bl5 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.4
Hi all, after 72 hours, the vote for Syncope 3.0.4 [1] *passes* with 6 PMC votes. +1 (PMC / binding) * Marco Di Sabatino * Samuel Garofalo * Fabio Martelli * Andrea Patricelli * Lorenzo Di Cola * Francesco Chicchiriccò +1 (non binding) 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/nrmfhcxfj4fw9k41sd4ns4vskvc8ofgw -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.4
I've created a 3.0.4 release, with the following artifacts up for a vote: GIT source tag (eff73b0772): https://github.com/apache/syncope/releases/tag/syncope-3.0.4 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.4/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.4/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1083/ Staging site: https://syncope.apache.org/3.0.4/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 2.1.14
The Apache Syncope team is pleased to announce the release of Syncope 2.1.14 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope2114 Upgrading from 2.1.13? There are some notes about this process: https://s.apache.org/uhxpz We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 2.1.14
Hi all, after 72 hours, the vote for Syncope 2.1.14 [1] *passes* with 3 PMC + 2 non-PMC votes. +1 (PMC / binding) * Andrea Patricelli * Marco Di Sabatino * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola * Samuel Garofalo 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/crgmsgr19bbk0fzzxgm4lx2xqmnbk5xj -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.3
The Apache Syncope team is pleased to announce the release of Syncope 3.0.3 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope303 Upgrading from 3.0.2? There are some notes about this process: https://s.apache.org/fto4b We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.3
Hi all, after 72 hours, the vote for Syncope 3.0.3 [1] *passes* with 3 PMC + 2 non-PMC votes. +1 (PMC / binding) * Andrea Patricelli * Marco Di Sabatino * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola * Samuel Garofalo 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/3r6786ndn4rr6ktznk6bt6xftys71p46 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 2.1.14
I've created a 2.1.14 release, with the following artifacts up for a vote: Please note that GIT links are not from gitbox.apache.org as usual, but from GitHub mirror due to current incident https://status.apache.org/incidents/y1t4w1bx0bc9 GIT source tag (2bc40ed425): https://github.com/apache/syncope/releases/tag/syncope-2.1.14 List of changes: https://github.com/apache/syncope/blob/syncope-2.1.14/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/2.1.14/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1082/ Staging site (not a typo, it is the same as for 3.0.3 being under vote): https://syncope.apache.org/3.0.3/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.3
I've created a 3.0.3 release, with the following artifacts up for a vote: Please note that GIT links are not from gitbox.apache.org as usual, but from GitHub mirror due to current incident https://status.apache.org/incidents/y1t4w1bx0bc9 GIT source tag (7350b35933): https://github.com/apache/syncope/releases/tag/syncope-3.0.3 List of changes: https://github.com/apache/syncope/blob/syncope-3.0.3/CHANGES Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.3/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1081/ Staging site: https://syncope.apache.org/3.0.3/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
TAC supporting Berlin Buzzwords
Hi All, The ASF Travel Assistance Committee is supporting taking up to six (6) people to attend Berlin Buzzwords In June this year. This includes Conference passes, and travel & accommodation as needed. Please see our website at https://tac.apache.org for more information and how to apply. Applications close on 15th April. Good luck to those that apply. Gavin McDonald (VP TAC) -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.2
The Apache Syncope team is pleased to announce the release of Syncope 3.0.2 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope302 Upgrading from 3.0.1? There are some notes about this process: https://s.apache.org/ool4w We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.2
Hi all, after 72 hours, the vote for Syncope 3.0.2 [1] *passes* with 5 PMC + 2 non-PMC votes. +1 (PMC / binding) * Andrea Patricelli * Marco Di Sabatino * Jean-Baptiste Onofré * Fabio Martelli * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola * Samuel Garofalo 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/rk8ygq2v7nzvwgjjg1op6vvjmylhwbf7 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.2
I've created a 3.0.2 release, with the following artifacts up for a vote: GIT source tag (182c219da9): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=182c219da9 List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=182c219da9 Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.2/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1079/ Staging site: https://syncope.apache.org/3.0.2/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Releasing 3.0.2
Hi all, unless there are objections, I'd proceed tomorrow morning CET with release process for 3.0.2. The number of resolved issues on JIRA [1] is not particularly high but some are quite relevant as SYNCOPE-1723, which will introduce a breaking change, as explained in previous email. Regards. [1] https://issues.apache.org/jira/issues/?jql=project%20%3D%20SYNCOPE%20AND%20status%20in%20(Resolved%2C%20Closed)%20AND%20fixVersion%20%3D%203.0.2 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[WARNING] Reproducible Builds: breaking changes ahead
Hi all, as reported by SYNCOPE-1723 [1], our releases up to 3.0.1 are not compliant with reproducible builds. You can read more details from the report [2]. With help from Hervé Boutemy we have prepared some changes [3] that should solve such an issue but will affect the way people is ordinarily building their Syncope-based Maven projects. Up to 3.0.1, in fact, the typical build command is the one reported by [4] e.g. mvn clean verify \ -Dconf.directory=/opt/syncope/conf \ -Dbundles.directory=/opt/syncope/bundles \ -Dlog.directory=/opt/syncope/log Once [3] will be merged, instead, this command will become a bare mvn clean verify but with need to specify the following system properties, either if run as a standalone application or deployed within a JavaEE container: * -Dsyncope.conf.dir=/opt/syncope/conf * -Dsyncope.connid.location=file:/opt/syncope/bundles * -Dsyncope.log.dir=/opt/syncope/log As you could see from [3], standalone, archetype and docker images were changed altogether to work in this way; docs were updated as well. Such a change is planned for next release 3.0.2; naturally, we will also need to include a proper message in its release notes. Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE-1723 [2] https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/syncope/syncope-3.0.0.diffoscope [3] https://github.com/apache/syncope/pull/405 [4] https://syncope.apache.org/docs/3.0/reference-guide.html#customization -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.1
The Apache Syncope team is pleased to announce the release of Syncope 3.0.0 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope301 Upgrading from 3.0.0? There are some notes about this process: https://s.apache.org/i629t We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.1
Hi all, after 72 hours, the vote for Syncope 3.0.1 [1] *passes* with 5 PMC + 1 non-PMC votes. +1 (PMC / binding) * Fabio Martelli * Andrea Patricelli * Jean-Baptiste Onofré * Marco Di Sabatino * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/s0vk67yjrm5jfqd1n3d0v1o3zpchdclz -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.1
I've created a 3.0.1 release, with the following artifacts up for a vote: GIT source tag (e1d0c5b32d): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=e1d0c5b32d List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=e1d0c5b32d Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.1/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1076/ Staging site: https://syncope.apache.org/3.0.1/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] Settings for next major release
Hi, I went ahead and: * created branch 3_0_X from master [2] * created new Jenkins job to deploy from 3_0_X [3] * requested Infra to create Buildbot worker for 3_0_X (to build the docs) [4] * advanced version to 4.0.0-SNAPSHOT on master branch [5] * created issue to track work for JDK and dependency upgrades on master branch [6] Regards. On 24/11/22 11:14, Francesco Chicchiriccò wrote: Hi all, after releasing 3.0.0, I would propose to copy the current master branch to 3_0_X and then to set the master branch to: * Spring Boot 3.0.x * CXF 4.0.0-SNAPSHOT * CAS 7.0.x * JDK 17 Globally, these dependencies will also mark the final move from javax.* to jakarta.* namespace. About Syncope version, I was thinking to set 4.0.0-SNAPSHOT: even though there are no major feature changes already planned for 4.0 Notturno [1], such a massive dependency upgrade should be enough to justify the step from 3.0 to 4.0 (and might fit into semantic versioning as well). WDYT? Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap#Roadmap-4.0.0(Notturno) [2] https://github.com/apache/syncope/commit/c52167669d90be4f8c564dea65b6fa00f41d86ed [3] https://ci-builds.apache.org/job/Syncope/job/Syncope-3_0_X-deploy [4] https://issues.apache.org/jira/browse/INFRA-24039 [5] https://github.com/apache/syncope/commit/1151ebc65544ad3b0ea178de4d75d955bc86211f [6] https://issues.apache.org/jira/browse/SYNCOPE-1717 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 2.1.13
The Apache Syncope team is pleased to announce the release of Syncope 2.1.13 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope2113 Upgrading from 2.1.12? There are some notes about this process: https://s.apache.org/18gy2 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 2.1.13
Hi all, after 72 hours, the vote for Syncope 2.1.13 [1] *passes* with 5 PMC + 2 non-PMC votes. +1 (PMC / binding) * Andrea Patricelli * Fabio Martelli * Marco Di Sabatino * Jean-Baptiste Onofré * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola * Samuel Garofalo 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/h2671nkqqsg4p9tyrs850pdjn8fbdvzx -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 2.1.13
I've created a 2.1.13 release, with the following artifacts up for a vote: GIT source tag (2d7958221b): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=2d7958221b List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=2d7958221b Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/2.1.13/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1075/ Staging site: https://syncope.apache.org/2.1.13/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: 2.1.13 release?
Hi Colm, there is actually no valid reason to hold on 2.1.13, it's been quite some time from 2.1.12, with various dependency upgrades and a few issues fixed [1]. I seem to have some availability to work on such a release this Friday 9th: would this work? Regards. [1] https://issues.apache.org/jira/issues/?jql=statusCategory%20%3D%20done%20AND%20project%20%3D%2012313120%20AND%20fixVersion%20%3D%2012352175%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC On 06/12/22 10:28, Colm O hEigeartaigh wrote: Hi, I'm wondering is there a release date planned for 2.1.13? The request being to have a released version with the commons text CVE fix. Thanks, Colm. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] Settings for next major release
Hi all, after releasing 3.0.0, I would propose to copy the current master branch to 3_0_X and then to set the master branch to: * Spring Boot 3.0.x * CXF 4.0.0-SNAPSHOT * CAS 7.0.x * JDK 17 Globally, these dependencies will also mark the final move from javax.* to jakarta.* namespace. About Syncope version, I was thinking to set 4.0.0-SNAPSHOT: even though there are no major feature changes already planned for 4.0 Notturno [1], such a massive dependency upgrade should be enough to justify the step from 3.0 to 4.0 (and might fit into semantic versioning as well). WDYT? Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap#Roadmap-4.0.0(Notturno) -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.0
The Apache Syncope team is pleased to announce the release of Syncope 3.0.0 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope300 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.0
Hi all, after 72 hours, the vote for Syncope 3.0.0 [1] *passes* with 5 PMC + 2 non-PMC votes. +1 (PMC / binding) * Fabio Martelli * Andrea Patricelli * Jean-Baptiste Onofré * Marco Di Sabatino * Francesco Chicchiriccò +1 (non binding) * Samuel Garofalo * Lorenzo Di Cola 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/02s3op8x83vmcsd282c33zktcsd8qcwc -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.0
I've created a 3.0-0 release, with the following artifacts up for a vote: GIT source tag (5e7d1667df): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=5e7d1667df List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=5e7d1667df Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.0/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1074/ Staging site: https://syncope.apache.org/3.0.0/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.0-M2
The Apache Syncope team is pleased to announce the release of Syncope 3.0.0-M2 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope300M2 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[RESULT] [VOTE] Apache Syncope 3.0.0-M2
Hi all, after 72 hours, the vote for Syncope 3.0.0-M2 [1] *passes* with 4 PMC + 2 non-PMC votes. +1 (PMC / binding) * Fabio Martelli * Marco Di Sabatino * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola * Samuel Garofalo 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/n15k768899ocp8mcf2zm0814r5p8wz99 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.0-M2
I've created a 3.0-0-M2 release, with the following artifacts up for a vote: GIT source tag (690dbfcaab): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=690dbfcaab List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=690dbfcaab Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.0-M2/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1073/ Staging site: https://syncope.apache.org/3.0.0-M2/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: Recent Apache Commons text CVE
Hi Colm, that class is used exclusively for the db content bootstrap process, which is run only on empty database. The input is given through the Domain Content XML file (typically, MasterContent.xml), which can be configured to be loaded either from classpath or conf.dir. Nevertheless, the library was upgraded on both active git branches 2_1_X and master, and also included in last release. Library version can be also set for override on project based on old releases, via maven property. Regards. Il lun 24 ott 2022, 13:41 Colm O hEigeartaigh ha scritto: > Hi, > > Regarding the recent Apache Commons Text advisory > (https://blogs.apache.org/security/entry/cve-2022-42889), Syncope uses > the StringSubstitutor API here: > > > https://github.com/apache/syncope/blob/7309dd303f2fe9238df4b69776f6284a87549599/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/ContentLoaderHandler.java > > Can you confirm please that all of the input used with > StringSubstitutor in this class can be classified as "trusted input"? > > Thanks, > > Colm. >
[ANN] Apache Syncope 3.0.0-M1
The Apache Syncope team is pleased to announce the release of Syncope 3.0.0-M1 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope300M1 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.0-M1
Hi all, after 72 hours, the vote for Syncope 3.0.0-M1 [1] *passes* with 5 PMC + 3 non-PMC votes. +1 (PMC / binding) * Fabio Martelli * Marco Di Sabatino * Jean-Baptiste Onofré * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola * Misagh Moayyed * Samuel Garofalo 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/jpskx22mrplfgl5mkswk2kxgkmkc0thf -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.0-M1
I've created a 3.0-0-M1 release, with the following artifacts up for a vote: GIT source tag (680fc58faf): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=680fc58faf List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=680fc58faf Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.0-M1/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1072/ Staging site: https://syncope.apache.org/3.0.0-M1/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: About SYNCOPE-1696
Hi Andrea,
I agree with you, option (2) looks definitely better, especially because, if I
am not mistaking, the library [1] does not support yet Elasticsearch 8.x, which
we are using on master branch.
Regards.
On 29/09/22 17:14, Andrea Patricelli wrote:
Hi all,
About SYNCOPE-1696 I found this log4j2 appender [1] that seems to be a kind of
"fork" extension (not mentioned in the official doc), but still quite active
project.
Now I see two ways to proceed:
1. Use the library and all its features OOTB. As far as I understood
this extension "simply" performs HTTP calls to ES to write data and
allows to log on ES transparently like
log.info("Hello, World!");
.
2. Configure a custom audit appender as the Syslog or Rewrite one,
which directly uses the ES client to write on Elasticsearch.
Though solution 1 seems to be a good way to proceed, it is not so widely used
because the most common way to direct logs on ES is to use Logstash and
Filebeat. But on the other hand requires only some configuration, without
writing too much code.
Solution 2 is a bit more "raw" and requires a bit more work, but we would use
the same ES client instantiated by the extension and have more control on the overall
solution and maintenance.
I would lean for solution 2, following the implementation to index users, any
objs and groups by using a custom appender to place under elasticsearch
extension, but would like to know your opinion.
Best regards,
Andrea
[1] https://github.com/rfoltyns/log4j2-elasticsearch
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Audit view improvements
On 12/09/22 16:01, Andrea Patricelli wrote: On 12/09/22 15:51, Francesco Chicchiriccò wrote: On 12/09/22 15:43, Andrea Patricelli wrote: Hi all, since audit, in some Syncope installations is (and must be) critically important and very often helps to understand the history of critical user data, I would like to suggest some improvements to the view in console: In the history section the diff should be between before and after, but now is always between before and now. The main goal here is to see who changed what in that specific audit event. This makes sense. Maybe even better if one can choose across which versions the diff shall be computed. Agree! ATM the history shows only a part of the events that can occur on the user, for example events coming from pull aren't shown as well. What do you mean? Events originated by Console / REST are audited under LOGIC, events originated by Pull are audited under PULL: when you enable both, you get audit for both. Yes, both are audited by the configured appenders, but only LOGIC events are visible in console. Some little but necessary changes are needed to the code to PULL events to the view, too. Ah, I see, you mean to adjust the Console code to get both LOGIC and PULL, or even not specifying anything, just the user key - which would require some minor changes on the REST side too. I'd suggest to open an issue to improve, at least, user, group and any object audit accessibility in console. WDYT Best regards, Andrea -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: Audit view improvements
On 12/09/22 15:43, Andrea Patricelli wrote: Hi all, since audit, in some Syncope installations is (and must be) critically important and very often helps to understand the history of critical user data, I would like to suggest some improvements to the view in console: In the history section the diff should be between before and after, but now is always between before and now. The main goal here is to see who changed what in that specific audit event. This makes sense. Maybe even better if one can choose across which versions the diff shall be computed. ATM the history shows only a part of the events that can occur on the user, for example events coming from pull aren't shown as well. What do you mean? Events originated by Console / REST are audited under LOGIC, events originated by Pull are audited under PULL: when you enable both, you get audit for both. I'd suggest to open an issue to improve, at least, user, group and any object audit accessibility in console. WDYT Best regards, Andrea -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: About PR #363 and SYNCOPE-1665
On 07/09/22 18:03, Andrea Patricelli wrote: Hi, I've resumed the work on the issue. Hope to finish by friday or monday. Glad to hear this, Andrea! I think we can start planning for 3.0.0-M1 right afterwards. Regards. On 05/09/22 09:14, Andrea Patricelli wrote: Hi Francesco, no ATM I had no chance to work on it. The plan is to resume and finish the job this week. I'll update you on Wednesday in order to have an idea about the status of the work. Best regards, Andrea On 05/09/22 08:44, Francesco Chicchiriccò wrote: Hi Andrea, any update in the last two weeks, since your e-mail below? It would be nice to have such an improvement onboard for next 3.0.0-M1. Regards. On 23/08/22 09:53, Francesco Chicchiriccò wrote: On 22/08/22 16:34, Andrea Patricelli wrote: Hi, yes you're right. Basically the solution has been provided, but the PR needs some refactoring and to reuse already existing console modules like StatusPanel. This unfortunately is not trivial, because extracting some console classes into common is a waterfall of changes and refactorings that takes some time, and did not have the chance to finish this work, yet. At this point I see three solutions: 1. Keep this "embryonal" work as the actual solution and only make some graphical refinements. 2. Continue the work on using console modules, moving classes to common, etc. Hopefully I can resume and finish the work next week. 3. Move the issue to the next release since this is mainly an improvement and not a critical bugfix or new core feature. Thanks Andrea, no need to rush: I don't expect next release for Syncope 3.0 before a couple of weeks. Regards. On 22/08/22 16:05, Francesco Chicchiriccò wrote: Hi Andrea, I see that your PR #363 was not updated lately. I see also that SYNCOPE-1665 is set for Syncope 3.0.0 so I was wondering if you could provide an update about such work, thanks. Regards. [1] https://github.com/apache/syncope/pull/363 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: About PR #363 and SYNCOPE-1665
Hi Andrea, any update in the last two weeks, since your e-mail below? It would be nice to have such an improvement onboard for next 3.0.0-M1. Regards. On 23/08/22 09:53, Francesco Chicchiriccò wrote: On 22/08/22 16:34, Andrea Patricelli wrote: Hi, yes you're right. Basically the solution has been provided, but the PR needs some refactoring and to reuse already existing console modules like StatusPanel. This unfortunately is not trivial, because extracting some console classes into common is a waterfall of changes and refactorings that takes some time, and did not have the chance to finish this work, yet. At this point I see three solutions: 1. Keep this "embryonal" work as the actual solution and only make some graphical refinements. 2. Continue the work on using console modules, moving classes to common, etc. Hopefully I can resume and finish the work next week. 3. Move the issue to the next release since this is mainly an improvement and not a critical bugfix or new core feature. Thanks Andrea, no need to rush: I don't expect next release for Syncope 3.0 before a couple of weeks. Regards. On 22/08/22 16:05, Francesco Chicchiriccò wrote: Hi Andrea, I see that your PR #363 was not updated lately. I see also that SYNCOPE-1665 is set for Syncope 3.0.0 so I was wondering if you could provide an update about such work, thanks. Regards. [1] https://github.com/apache/syncope/pull/363 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] Remove Camel Provisioning Manager
FYI I went ahead and opened https://github.com/apache/syncope/pull/371 with purpose of following up with action after discussion here. About 2_1_X , I don't think we should change anything. Regards. On 25/08/22 09:24, Andrea Patricelli wrote: Hi all, Even if I agree with Misagh, I can confirm that even customers that were interested in the camel extension finally decided not to use it in favour of extending the default one. So agree on removing this feature on master. Just to know, we're going to upgrade camel deps and support it on branch 2.1.X right? Best regards, Andrea Il mer 24 ago 2022, 13:16 Francesco Chicchiriccò ha scritto: Hi all, working for SYNCOPE-1692, which involves some changes in the provisioning process, I've realized that the Camel Provisioning Manager extension [1], while featuring some very smart code has probably never been used in any production deployment, at least none that I am aware of. Over time, the cost of managing such (possibly unused) extension has become quite relevant, hence I am proposing to remove it from the master branch, so that next 3.0.0 release will not contain it anymore. Thoughts? Regards. [1] https://github.com/apache/syncope/tree/master/ext/camel -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] Remove Camel Provisioning Manager
On 24/08/22 15:58, Misagh Moayyed wrote: In general, I am in favor of this approach, but just to be on the safe side, would it make sense to deprecate the feature first? Just in case someone out there is using it, or would keeping the code around cause complications and maintenance issues? Good point. I think, however, that since we'd be doing that in a major release (e.g. 3.0) it could be enough to add a specific section in the release notes so that in case anyone exists that is running Syncope 2.1.x with Camel Provisioning Manager, they are made aware that this will need to be replaced, in case of upgrade to 3.0.0. There are quite some breaking changes in such upgrade, the Camel Provisioning Manager would be just one more. Regards. On Wed, Aug 24, 2022 at 4:16 AM Francesco Chicchiriccò wrote: Hi all, working for SYNCOPE-1692, which involves some changes in the provisioning process, I've realized that the Camel Provisioning Manager extension [1], while featuring some very smart code has probably never been used in any production deployment, at least none that I am aware of. Over time, the cost of managing such (possibly unused) extension has become quite relevant, hence I am proposing to remove it from the master branch, so that next 3.0.0 release will not contain it anymore. Thoughts? Regards. [1] https://github.com/apache/syncope/tree/master/ext/camel -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] Remove Camel Provisioning Manager
Hi all, working for SYNCOPE-1692, which involves some changes in the provisioning process, I've realized that the Camel Provisioning Manager extension [1], while featuring some very smart code has probably never been used in any production deployment, at least none that I am aware of. Over time, the cost of managing such (possibly unused) extension has become quite relevant, hence I am proposing to remove it from the master branch, so that next 3.0.0 release will not contain it anymore. Thoughts? Regards. [1] https://github.com/apache/syncope/tree/master/ext/camel -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: About PR #363 and SYNCOPE-1665
On 22/08/22 16:34, Andrea Patricelli wrote: Hi, yes you're right. Basically the solution has been provided, but the PR needs some refactoring and to reuse already existing console modules like StatusPanel. This unfortunately is not trivial, because extracting some console classes into common is a waterfall of changes and refactorings that takes some time, and did not have the chance to finish this work, yet. At this point I see three solutions: 1. Keep this "embryonal" work as the actual solution and only make some graphical refinements. 2. Continue the work on using console modules, moving classes to common, etc. Hopefully I can resume and finish the work next week. 3. Move the issue to the next release since this is mainly an improvement and not a critical bugfix or new core feature. Thanks Andrea, no need to rush: I don't expect next release for Syncope 3.0 before a couple of weeks. Regards. On 22/08/22 16:05, Francesco Chicchiriccò wrote: Hi Andrea, I see that your PR #363 was not updated lately. I see also that SYNCOPE-1665 is set for Syncope 3.0.0 so I was wondering if you could provide an update about such work, thanks. Regards. [1] https://github.com/apache/syncope/pull/363 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
About PR #363 and SYNCOPE-1665
Hi Andrea, I see that your PR #363 was not updated lately. I see also that SYNCOPE-1665 is set for Syncope 3.0.0 so I was wondering if you could provide an update about such work, thanks. Regards. [1] https://github.com/apache/syncope/pull/363 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] LiveSync
On 18/08/22 09:34, Andrea Patricelli wrote: Hi all, I've read the wiki and have only a question ATM: why do we need new mapping, couldn't we rely on the existing mapping and enable/disable livesync by resource and/or provision and/or mapped attributes? I am not sure things will end up being implemented as you suggest (e.g. extends External Resource definition with optional LiveSync capabilities) rather than keeping LiveSync distinct from External Resources. The former will probably be simpler to code; from the other side, the latter could be cleaner as an ordinary, pull-based External Resource might or might not be needed when using LiveSync. As always, code will help addressing the right solution. Regards. On 17/08/22 09:22, Francesco Chicchiriccò wrote: Hi all, I have put some considerations about LiveSync in [1]: feel free to comment and / or amend / complete. Anyone stepping in for implementation? Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+LiveSync -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] LiveSync
On 18/08/22 10:14, Valerio Crescia wrote: Hi all, I am really interested in implementing this new feature in syncope and would like to write my thesis on this work. This sounds great, Valerio! Happy to help and mentor if needed. Regards. On 2022/08/17 07:22:38 Francesco Chicchiriccò wrote: > Hi all, > I have put some considerations about LiveSync in [1]: feel free to comment and / or amend / complete. > > Anyone stepping in for implementation? > > Regards. > > [1] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+LiveSync -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] LiveSync
Hi all, I have put some considerations about LiveSync in [1]: feel free to comment and / or amend / complete. Anyone stepping in for implementation? Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+LiveSync -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 3.0.0-M0
The Apache Syncope team is pleased to announce the release of Syncope 3.0.0-M0 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning, reconciliation and reporting needs (as with earlier releases), access management and API management. The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope300M0 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[ANN] Apache Syncope 2.1.12
The Apache Syncope team is pleased to announce the release of Syncope 2.1.12 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope2112 Upgrading from 2.1.11? There are some notes about this process: https://s.apache.org/he0xc We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 3.0.0-M0
Hi all, after 72 hours, the vote for Syncope 2.1.12 [1] *passes* with 3 PMC + 1 non-PMC votes. +1 (PMC / binding) * Marco Di Sabatino * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/4dqr2ch9zc51hdlpjcthzrxjl2wlntbj -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[RESULT] [VOTE] Apache Syncope 2.1.12
Hi all, after 72 hours, the vote for Syncope 2.1.12 [1] *passes* with 3 PMC + 1 non-PMC votes. +1 (PMC / binding) * Marco Di Sabatino * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/lfdl48151rpxnv8wft7hm7swvo6g3q8z -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 3.0.0-M0
I've created a 3.0-0-M0 release, with the following artifacts up for a vote: GIT source tag (23df3585ff): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=23df3585ff List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=23df3585ff Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/3.0.0-M0/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1071/ Staging site: https://syncope.apache.org/3.0.0-M0/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 2.1.12
I've created a 2.1.12 release, with the following artifacts up for a vote: GIT source tag (27127447f1): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=27127447f1 List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob_plain;f=CHANGES;hb=27127447f1 Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/2.1.12/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1070/ Staging site: https://syncope.apache.org/2.1.12/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] 3.0.0-M0 (finally!)
Howdy! It's almost 7 months since the e-mail below but I believe we are very close now, after quite some polishing work, especially with WA. FYI I've published some draft release notes at https://cwiki.apache.org/confluence/display/SYNCOPE/Maggiore I think we can go on with first milestone release, see if things are ok and contact Sally for some media coverage. Regards. On 2022/01/23 17:58:14 Francesco Chicchiriccò wrote: > Hi all, > I am glad to report that we should be able to start out soon with our very > first release from master branch, which I'd suggest to name as Syncope > 3.0.0-M0. > > The work to get to this point comes from afar [1]: feature-wise I believe we > have all onboard, though code could get some refinements and naturally bug > fixes. > > I invite you to have a look at: > > 1. draft website: https://syncope.apache.org/3.0.0-SNAPSHOT/ > > 2. documentation: > * https://syncope.apache.org/3.0.0-SNAPSHOT/docs/3.0/getting-started.html > * https://syncope.apache.org/3.0.0-SNAPSHOT/docs/3.0/reference-guide.html > > 3. REST reference: > https://syncope.apache.org/3.0.0-SNAPSHOT/rest/3.0/index.html > > > Still missing: > > 1. some decent release notes (with a considerable "What's new" section) at > https://cwiki.apache.org/confluence/display/SYNCOPE/Maggiore > > 2. proper upgrade process > > 3. media coverage as we did for Syncope 2.0 [2] [3] [4] with help from Sally > Khudairi > > > Thanks to everyone involved and also to whom will help with remaining items. > Regards. > > [1] > https://issues.apache.org/jira/browse/SYNCOPE-1659?jql=project%20%3D%20SYNCOPE%20AND%20fixVersion%20%3D%203.0.0 > [2] > https://blogs.apache.org/foundation/entry/the_apache_software_foundation_announces98 > [3] https://thenewstack.io/apache-syncope-embraces-id-management-cloud-iot/ > [4] > https://www.opensourceforu.com/2016/09/apache-syncope-2-0-brings-identity-management-iot-world/ > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > >
[ANN] Apache Syncope 2.1.11
The Apache Syncope team is pleased to announce the release of Syncope 2.1.11 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope2111 Upgrading from 2.1.10? There are some notes about this process: https://s.apache.org/b9qvq We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[RESULT] [VOTE] Apache Syncope 2.1.11
Hi all, after 72 hours, the vote for Syncope 2.1.11 [1] *passes* with 4 PMC + 1 non-PMC votes. +1 (PMC / binding) * Fabio Martelli * Marco Di Sabatino * Andrea Patricelli * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread/r2b1c7ng6fy7hpj78gv129kjh8nvgfyx -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: What should be the value of any.search.dao property in. the persistence.properties
Hi, most of your attachments are stripped down, so I can't really tell anything about your current configuration. One important thing is that there is no automatic transition from standard persistence to JSONB, so you either must start with an empty database or you need to provide a way to migrate existing data. Regards. On 19/03/22 22:14, Vinay Kavala wrote: Sure Francesco. Thanks for the response. However, after enabling all the configurations as mentioned in the document, I still do not see any plainattrs being stored in a JSONB column on the syncopeuser table. How do I verify if my configuration changes are working fine? below are my changes for your reference. 1. added the below dependency in the core/pom.xml 2. updated the persistence.properties with below values 3. Updated domains/Master.properties with the below changes Master.url=jdbc:postgresql://localhost:5432/syncope*?stringtype=unspecified* Master.orm=META-INF/*spring-orm-pgjsonb*.xml Master.audit.sql=*audit_pgjsonb*.sql the necessary dependencies are downloaded into my local machine 4. Replaced the below files under respective locations 5. restarted the syncope core server *Couple of questions:* 1. Do I need to do anything else apart from the above configuration? 2. what happens to the existing user/group/anyobject data? (I have enabled the JSONB configuration on an existing syncope core installation, built as a Maven Project) 1. does all the plain attributes associated to those objects gets automatically stored in a respective JSONB column? 3. how do I verify that my configuration is working? Very much looking forward to the response. Thanks in Advance for your Support, Vinay 6. 7. 8. -- *From:* Francesco Chicchiriccò *Sent:* Friday, March 18, 2022 7:56 AM *To:* dev@syncope.apache.org *Subject:* Re: What should be the value of any.search.dao property in. the persistence.properties [CAUTION: EXTERNAL SENDER] Hi Vinay, with Elasticsearch enabled, you benefit from a general search performance improvement, even compared with JSONB. JSONB support will be anyway beneficial for create, reads and updates. Hope this clarifies. Regards. P.S. please send your questions to user@ ML On 2022/03/17 23:19:48 Vinay Kavala wrote: > Thanks Andrea for the clarification! > > However, if we intend to use ElasticsearchAnySearchDAO for searching Users, Groups and AnyObjects, what is the advantage of enabling JSONB? Where will it improve the performance of the system? > Can you clarify please? > > Thanks, > Vinay > > From: Andrea Patricelli > Sent: Thursday, March 17, 2022 11:30 AM > To: dev@syncope.apache.org ; Vinay Kavala > Subject: Re: What should be the value of any.search.dao property in. the persistence.properties > > [CAUTION: EXTERNAL SENDER] > > > Hi Vinay, > > You should anyway use this > > any.search.dao=org.apache.syncope.core.persistence.jpa.dao.ElasticsearchAnySearchDAO > > since queries are performed on ES, in order to have the best > performances while searching. > > On the other end, if you set to PGJPAJSONAnySearchDAO, instead, you're > just telling to Syncope not to use ES to perform searches, but go > directly on db through JSON-based queries, anyway faster than the basic > queries. > > Best regards, > Andrea > > On 14/03/22 18:49, Vinay Kavala wrote: > > Hi Team, > > > > I have enabled Elastic Search on my local syncope instance and it was working fine with the prescribed changes. Now I am planning to implement JSONB usage as well and am following the documentation provided in the syncope docs athttps://syncope.apache.org/docs/2.1/reference-guide.html#postgresql-jsonb > > > > > > I have a question now for the any.search.dao property in. the persistence.properties file wh
Re: What should be the value of any.search.dao property in. the persistence.properties
Hi Vinay, with Elasticsearch enabled, you benefit from a general search performance improvement, even compared with JSONB. JSONB support will be anyway beneficial for create, reads and updates. Hope this clarifies. Regards. P.S. please send your questions to user@ ML On 2022/03/17 23:19:48 Vinay Kavala wrote: > Thanks Andrea for the clarification! > > However, if we intend to use ElasticsearchAnySearchDAO for searching Users, > Groups and AnyObjects, what is the advantage of enabling JSONB? Where will it > improve the performance of the system? > Can you clarify please? > > Thanks, > Vinay > > From: Andrea Patricelli > Sent: Thursday, March 17, 2022 11:30 AM > To: dev@syncope.apache.org ; Vinay Kavala > > Subject: Re: What should be the value of any.search.dao property in. the > persistence.properties > > [CAUTION: EXTERNAL SENDER] > > > Hi Vinay, > > You should anyway use this > > any.search.dao=org.apache.syncope.core.persistence.jpa.dao.ElasticsearchAnySearchDAO > > since queries are performed on ES, in order to have the best > performances while searching. > > On the other end, if you set to PGJPAJSONAnySearchDAO, instead, you're > just telling to Syncope not to use ES to perform searches, but go > directly on db through JSON-based queries, anyway faster than the basic > queries. > > Best regards, > Andrea > > On 14/03/22 18:49, Vinay Kavala wrote: > > Hi Team, > > > > I have enabled Elastic Search on my local syncope instance and it was > > working fine with the prescribed changes. Now I am planning to implement > > JSONB usage as well and am following the documentation provided in the > > syncope docs > > athttps://syncope.apache.org/docs/2.1/reference-guide.html#postgresql-jsonb > > > > > > I have a question now for the any.search.dao property in. the > > persistence.properties file what should be the value of it? > > > > > > #any.search.dao=org.apache.syncope.core.persistence.jpa.dao.ElasticsearchAnySearchDAO > > any.search.dao=org.apache.syncope.core.persistence.jpa.dao.PGJPAJSONAnySearchDAO > > > > > > I currently commented out the ElasticSearchDao entry and enabled the > > JSONAnySearchDAO. Is this correct? or what should be the value for it? > > > > I am seeing few issues in my local when I start up the server, not sure if > > it is related to the same.. just wanted to confirm what is the correct > > value for it. > > > > Thanks, > > Vinay > > > > > -- > Andrea Patricelli > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope > >
[VOTE] Apache Syncope 2.1.11
I've created a 2.1.11 release, with the following artifacts up for a vote: GIT source tag (326c221): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=326c221 List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob;f=CHANGES;hb=326c221 Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/2.1.11/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1069/ Staging site: http://syncope.apache.org/2.1.11/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: Time for 2.1.11
The problems mentioned below should be gone now, and the number of outstanding issues fixed [1] raised up to 16 meanwhile. Unless there is any objection, I would start the release process tomorrow morning CET. Regards. On 10/03/22 17:10, Andrea Patricelli wrote: Hi all, I've just found a problem related to this [1] issue, thus I had to re-open it. Going to fix it ASAP. Best regards, Andrea [1] https://issues.apache.org/jira/browse/SYNCOPE-1656 On 10/03/22 16:04, Francesco Chicchiriccò wrote: HI all, I believe it is time to cut 2.1.11, with 14 outstanding issues fixed [1] and > 5 months since 2.1.10. Unless there is any objection, I would start the release process tomorrow morning CET. Regards. [1] https://issues.apache.org/jira/issues/?jql=statusCategory%20%3D%20done%20AND%20project%20%3D%2012313120%20AND%20fixVersion%20%3D%2012350677%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Time for 2.1.11
HI all, I believe it is time to cut 2.1.11, with 14 outstanding issues fixed [1] and > 5 months since 2.1.10. Unless there is any objection, I would start the release process tomorrow morning CET. Regards. [1] https://issues.apache.org/jira/issues/?jql=statusCategory%20%3D%20done%20AND%20project%20%3D%2012313120%20AND%20fixVersion%20%3D%2012350677%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] 3.0.0-M0 (finally!)
Hi all, I am glad to report that we should be able to start out soon with our very first release from master branch, which I'd suggest to name as Syncope 3.0.0-M0. The work to get to this point comes from afar [1]: feature-wise I believe we have all onboard, though code could get some refinements and naturally bug fixes. I invite you to have a look at: 1. draft website: https://syncope.apache.org/3.0.0-SNAPSHOT/ 2. documentation: * https://syncope.apache.org/3.0.0-SNAPSHOT/docs/3.0/getting-started.html * https://syncope.apache.org/3.0.0-SNAPSHOT/docs/3.0/reference-guide.html 3. REST reference: https://syncope.apache.org/3.0.0-SNAPSHOT/rest/3.0/index.html Still missing: 1. some decent release notes (with a considerable "What's new" section) at https://cwiki.apache.org/confluence/display/SYNCOPE/Maggiore 2. proper upgrade process 3. media coverage as we did for Syncope 2.0 [2] [3] [4] with help from Sally Khudairi Thanks to everyone involved and also to whom will help with remaining items. Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE-1659?jql=project%20%3D%20SYNCOPE%20AND%20fixVersion%20%3D%203.0.0 [2] https://blogs.apache.org/foundation/entry/the_apache_software_foundation_announces98 [3] https://thenewstack.io/apache-syncope-embraces-id-management-cloud-iot/ [4] https://www.opensourceforu.com/2016/09/apache-syncope-2-0-brings-identity-management-iot-world/ -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [NOTICE] - Moving and Upgrading of Buildbot Jobs
Thanks Gav. Regards. On 29/12/21 10:29, Gavin McDonald wrote: Oh! Never mind - I see this was done in https://issues.apache.org/jira/browse/INFRA-22364 I will now turn off the old jobs! Gav... On 2021/12/29 09:21:51 Gavin McDonald wrote: Me again, As I got no reply from Syncope to the below, I will be performing the migration shortly. Gav... On 2021/08/15 08:44:51 Gavin McDonald wrote: Hi All. This NOTICE goes out via BCC to all affected projects and to the main bui...@apache.org mailing list. Please have replies CC the builds list. https://ci.apache.org is currently on version 0.8 and is to be turned off soon. https://ci2.apache.org is version 3.2 and is the direct replacement. If you project has Buildbot jobs they are listed here: https://cwiki.apache.org/confluence/display/INFRA/Buildbot+0.8+-%3E+3.2+Migration Infra will perform the migration for you over the next 2 weeks. Starting Monday. Your $project.conf code will be updated to be compatible with Buildbot 3.2 (from 0.8) Unless you state otherwise - your config will be moved to a new SVN [1] or GIT [2] area depending on whether you primarily use SVN or GIT. [1] - https://svn.apache.org/repos/infra/infrastructure/buildbot2 [2] - https://github.com/apache/infrastructure-bb2 An INFRA ticket will be created for each project migration and your dev list will be kept in the loop. For those of you with nightly builds that use ci.apache.org/projects/* - please note that this service is deprecated and will NOT be available going forward. Instead, your jobs should be changed to upload to https://nightlies.apache.org/$project/* instead. Please request if you want your existing content migrated over otherwise we will not do so. After migration: Once everybody is off of the old Buildbot 0.8 - we will change ci.apache.org to point to the new 3.2 instance. We will also put in a redirect for ci.apache.org/projects/$project/* to point to your new location at nightlies.apache.org/$project/* Please let us know if you have any questions. Either Drew Foulks or myself will perform your migration. Kind Regards. -- *Gavin McDonald* Systems Administrator ASF Infrastructure Team -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Link GitHub commit msgs to JIRA tickets
Hi, FYI I have opened [1] which would allow to make GitHub auto-link commit messages to JIRA tickets - see [2] for example. Regards. [1] https://issues.apache.org/jira/browse/INFRA-22496 [2] https://github.com/apache/flink/commits/master -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: Thank you! JDK 18 Early Access build 20 is now available
nalizing-the-foreign-apis/> * Resource Scope Dependencies o https://inside.java/2021/10/12/panama-scope-dependencies/ <https://inside.java/2021/10/12/panama-scope-dependencies/> ***October 2021 Critical Patch Update Released* * As part of the October 2021, we released JDK 17.0.1 LTS, JDK 11.0.13 LTS, JDK 8u311 and JDK 7u321 as well as OpenJDK 17.0.1 (publicly available). Rgds,Rory -- Rgds, Rory O'Donnell Quality Engineering Manager Oracle EMEA, Dublin, Ireland -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 2.1.10
The Apache Syncope team is pleased to announce the release of Syncope 2.1.10 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope2110 Upgrading from 2.1.9? There are some notes about this process: https://s.apache.org/lc4y9 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[RESULT] [VOTE] Apache Syncope 2.1.10
Hi all, after 72 hours, the vote for Syncope 2.1.10 [1] *passes* with 5 PMC + 2 non-PMC votes. +1 (PMC / binding) * Jean-Baptiste Onofré * Andrea Patricelli * Fabio Martelli * Marco Di Sabatino * Francesco Chicchiriccò +1 (non binding) * Misagh Moayyed * Lorenzo Di Cola 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread.html/rf90fdc61175ecd1f16b5ea48e68835b55f699940d398f8a6e8b2fa16%40%3Cdev.syncope.apache.org%3E On 08/10/21 09:47, Francesco Chicchiriccò wrote: I've created a 2.1.10 release, with the following artifacts up for a vote: GIT source tag (d47a976): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=0761b43 List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob;f=CHANGES;hb=0761b43 Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/2.1.10/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1068/ Staging site: http://syncope.apache.org/2.1.10/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[VOTE] Apache Syncope 2.1.10
I've created a 2.1.10 release, with the following artifacts up for a vote: GIT source tag (d47a976): https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=0761b43 List of changes: https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob;f=CHANGES;hb=0761b43 Staging artifacts: https://dist.apache.org/repos/dist/dev/syncope/2.1.10/ Maven staging repo: https://repository.apache.org/content/repositories/orgapachesyncope-1068/ Staging site: http://syncope.apache.org/2.1.10/index.html PGP release keys (signed using 273DF287): http://www.apache.org/dist/syncope/KEYS Vote will be open for 72 hours. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here's my +1 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Migrate Syncope Buildbot 0.8 jobs to Buildbot 3.2
FYI, in the context of https://lists.apache.org/thread.html/r351aaa0f46fb0d0fc5e648d5c9b7c8b3c46c48eef897632ecde95d90%40%3Cdev.uima.apache.org%3E I've opened https://issues.apache.org/jira/browse/INFRA-22364 Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] Adjusting GitHub tags
I've got a few positive reactions on the PR, merged then got an error that "A repository cannot have more than 20 topics", so I had to remove some. Nevertheless, the new tags are on display now. Regards. On 13/09/21 07:38, Francesco Chicchiriccò wrote: Hi there, in preparation to our (hopefully upcoming) very first milestone release from master branch, I am proposing to adjust our GitHub tags as in the following PR: https://github.com/apache/syncope/pull/288 Please have a look. Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] Adjusting GitHub tags
Hi there, in preparation to our (hopefully upcoming) very first milestone release from master branch, I am proposing to adjust our GitHub tags as in the following PR: https://github.com/apache/syncope/pull/288 Please have a look. Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: [DISCUSS] Netbeans plugin removal from 3.0.0
FYI: https://issues.apache.org/jira/browse/SYNCOPE-1638 Regards. On 10/08/21 15:41, Francesco Chicchiriccò wrote: Hi all, as already happened for other components like as Eclipse IDE plugin, CLI, GUI Installer, deb packages, here I am with proposal to remove the Netbeans IDE plugin, starting with upcoming release 3.0.0. Motivations are quite the same as for other components: no actual reported usage. In addition, SYNCOPE-1403 [1] (which would make the plugin quite useful) has been out for some time with no volunteer. FTR, in case of revamp, it will not be difficult to up-port the code from branch 2_1_X. Any objection to removal? Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE-1403 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[DISCUSS] Netbeans plugin removal from 3.0.0
Hi all, as already happened for other components like as Eclipse IDE plugin, CLI, GUI Installer, deb packages, here I am with proposal to remove the Netbeans IDE plugin, starting with upcoming release 3.0.0. Motivations are quite the same as for other components: no actual reported usage. In addition, SYNCOPE-1403 [1] (which would make the plugin quite useful) has been out for some time with no volunteer. FTR, in case of revamp, it will not be difficult to up-port the code from branch 2_1_X. Any objection to removal? Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE-1403 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: Some docs improvements
On 26/05/21 13:38, Colm O hEigeartaigh wrote: Hi Francesco, 1. The docs (https://syncope.apache.org/docs/2.1/getting-started.html#moving-forward) state that the "secretKey" value is only needed if adminPasswordAlgorithm or password.cipher.algorithm is "AES", implying that it could be left blank if you are not using AES. However, I see CipherAlgorithm.AES in the source code in several places (e.g. ./core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java), which implies that secretKey should always be required. Which is correct? That's correct, docs need to be adjusted. OK I can do this. Is it possible though to state exactly what reversible encryption is used for in Syncope? This kind of information might be needed for compliance purposes. AES (the only CipherAlgorithm capable of reversible encryption) is used: * (as any other CipherAlgorithm defined) for admin and User authentication * (as any other CipherAlgorithm defined) for Binary Plain Attribute values * in case cleartext version of user password is not available, during propagation to External Resources - typically, when propagation is not triggered as consequence of a REST operation * for Linked Accounts' password values * to securely store Access Token's cached authorities * within DefaultPasswordRule and HaveIBeenPwnedPasswordRule, to check password value against defined policies secretKey is a random string, whose value is bootstrapped during Maven project generation from archetype, and filtered by Maven into security.properties If the provided value is less than 16 characters length, it gets padded before usage at https://github.com/apache/syncope/blob/master/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java#L151-L161 I think this implementation is a bit problematic. Because the "secretKey" is alphanumeric there is no way for a customer to generate a truely random AES key. It would be a lot better if we supported storing the key in a hex or base-64 encoded form. Then we can just tell customers they can create a random key via e.g. openssl rand -hex 32 Secondly, it would be more secure if we didn't specify any value by default in security.properties, but used SecureRandom to generate a value if none exists on start-up + write this out instead. I think we can change things on master without worrying too much about breaking existing deployments (but not on other branches). I am not sure to figure out where to store the generate random value on startup (in case it was not provided) so that next runs will find it. anonymousKey is a random string, whose value is bootstrapped during Maven project generation from archetype, and filtered by Maven into security.properties Together with anonynousUser (whose value is 'anonymous' by default), it is used for non security-sensitive REST calls, as an alternative to leaving some endpoints accessible without any authentication. Again, should we instead leave it empty by default + generate a secure value without having this hard-coded value? Same thoughts as above. Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: Some docs improvements
Hi Colm, thanks for looking at the docs. Please note that documents built by buildbot are published at https://ci.apache.org/projects/syncope/2_1_X/ when built from branch 2_1_X and at https://ci.apache.org/projects/syncope/master/ when built from master. The docs published at https://syncope.apache.org/docs/2.1/ are instead manually built from the latest tag, as part of the release process. At present, when a change to docs is pushed, buildbot can be triggered manually via IRC on the #syncope channel via syncope-bot: force build syncope-master-docs or syncope-bot: force build syncope-2_1_X-docs buildbot will run anyway once a day on all configured jobs. See my replies below. Regards. On 25/05/21 12:58, Colm O hEigeartaigh wrote: Hi, There are a few things I noticed relating to the docs that could be clarified: 1. The docs (https://syncope.apache.org/docs/2.1/getting-started.html#moving-forward) state that the "secretKey" value is only needed if adminPasswordAlgorithm or password.cipher.algorithm is "AES", implying that it could be left blank if you are not using AES. However, I see CipherAlgorithm.AES in the source code in several places (e.g. ./core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java), which implies that secretKey should always be required. Which is correct? That's correct, docs need to be adjusted. 2. I think we need to give clearer guidance about how to change secretKey. How should a user generate a random 256 bit AES key, and then encode it for this parameter? (e.g. possibly using openssl -rand). secretKey is a random string, whose value is bootstrapped during Maven project generation from archetype, and filtered by Maven into security.properties If the provided value is less than 16 characters length, it gets padded before usage at https://github.com/apache/syncope/blob/master/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java#L151-L161 3. Both docs give minimal information on what "anonymousKey" is used for. What is it used for and how should a user generate a new value for it? anonymousKey is a random string, whose value is bootstrapped during Maven project generation from archetype, and filtered by Maven into security.properties Together with anonynousUser (whose value is 'anonymous' by default), it is used for non security-sensitive REST calls, as an alternative to leaving some endpoints accessible without any authentication. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
[ANN] Apache Syncope 2.1.9
The Apache Syncope team is pleased to announce the release of Syncope 2.1.9 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads Read the full change log available here: https://s.apache.org/syncope219 Upgrading from 2.1.8? There are some notes about this process: https://s.apache.org/4ofso We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team
[RESULT] [VOTE] Apache Syncope 2.1.9
Hi all, after 72 hours, the vote for Syncope 2.1.9 [1] *passes* with 5 PMC + 2 non-PMC votes. +1 (PMC / binding) * Jean-Baptiste Onofré * Andrea Patricelli * Fabio Martelli * Marco Di Sabatino * Francesco Chicchiriccò +1 (non binding) * Misagh Moayyed * Lorenzo Di Cola 0 -1 Thanks to everyone participating. I will now copy this release to Syncope' dist directory, promote the artifacts to the central Maven repository and publish to DockerHub. Best regards. [1] https://lists.apache.org/thread.html/r2ee3dd2c4449420de25071f45e3aadff460c462bc65ca8e33d331554%40%3Cdev.syncope.apache.org%3E On 2021/04/07 07:24:21, Francesco Chicchiriccò wrote: > I've created a 2.1.9 release, with the following artifacts up for a vote: > > GIT source tag (d47a976): > https://gitbox.apache.org/repos/asf?p=syncope.git;a=tag;h=d47a976 > > List of changes: > https://gitbox.apache.org/repos/asf?p=syncope.git;a=blob;f=CHANGES;hb=d47a976 > > Staging artifacts: > https://dist.apache.org/repos/dist/dev/syncope/2.1.9/ > > Maven staging repo: > https://repository.apache.org/content/repositories/orgapachesyncope-1067/ > > Staging site: > http://syncope.apache.org/2.1.8/index.html > > PGP release keys (signed using 273DF287): > http://www.apache.org/dist/syncope/KEYS > > Vote will be open for 72 hours. > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Here's my +1 > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > >
