[GitHub] [tomee] jgallimore merged pull request #610: Added missing dependency for microprofile
jgallimore merged pull request #610: Added missing dependency for microprofile URL: https://github.com/apache/tomee/pull/610 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [tomee] asf-ci commented on issue #610: Added missing dependency for microprofile
asf-ci commented on issue #610: Added missing dependency for microprofile URL: https://github.com/apache/tomee/pull/610#issuecomment-555210788 Can one of the admins verify this patch? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [tomee] asf-ci commented on issue #610: Added missing dependency for microprofile
asf-ci commented on issue #610: Added missing dependency for microprofile URL: https://github.com/apache/tomee/pull/610#issuecomment-555210787 Can one of the admins verify this patch? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [tomee] asf-ci commented on issue #610: Added missing dependency for microprofile
asf-ci commented on issue #610: Added missing dependency for microprofile URL: https://github.com/apache/tomee/pull/610#issuecomment-555210790 Can one of the admins verify this patch? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [tomee] scriptmonkey opened a new pull request #610: Added missing dependency for microprofile
scriptmonkey opened a new pull request #610: Added missing dependency for microprofile URL: https://github.com/apache/tomee/pull/610 Worked with Jon to get this to an acceptable way to fix the micro profile. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [tomee] Daniel-Dos commented on issue #606: TOMEE-2734-Upgrade CXF to 3.3.4
Daniel-Dos commented on issue #606: TOMEE-2734-Upgrade CXF to 3.3.4 URL: https://github.com/apache/tomee/pull/606#issuecomment-554983724 Hi , @rmonson , I will look at the test Jonathan reported later this week. :) I can not build the complete project on my machine, but I will try to do it on some cloud provider that has more power. > This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
Re: JIRA about CVEs
Thanks, Richard!! On Mon, Nov 18, 2019 at 3:44 AM Zowalla, Richard < richard.zowa...@hs-heilbronn.de> wrote: > Did not find anything with the owasp plugin profile. Should be fine (for > now). > > > Am Mittwoch, den 13.11.2019, 08:25 -0600 schrieb Richard Monson-Haefel: > > Excellent! Thanks, Richard! > > On Wed, Nov 13, 2019 at 8:18 AM Zowalla, Richard < > richard.zowa...@hs-heilbronn.de> wrote: > > Ok, John did comment in the JIRA, that the upgrades are already conducted > in previous commits. > I will run an OWASP scan on the code. If this reveals some more vulnerable > dependencies, I will report in the JIRA and provide a PR, if possible. > > Best, > Richard Z. > > Am Mittwoch, den 13.11.2019, 14:08 + schrieb Zowalla, Richard: > > Alright, I will proceed :) > > Best, > Richard > > Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-Haefel: > > If you don't mind, Richard, can you do the upgrades and create a PR? We > can let it run overnight and see how it goes. > > I'm not sure as to what the best policy is for announcing the CVE so that > people know to upgrade. I think we should figure that out after the ci has > run. As an alternative you can run the full test suite on your own machine > (takes about an hour or something like that) and see if you pick up any > errors. I did this yesterday with a different PR but I don't have the > extra cycles to do it again today. > > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard < > richard.zowa...@hs-heilbronn.de> wrote: > > Sounds reasonable to me. If I can assist in upgrading, let me know. > > However, we should publish the link to the ASF CI somewhere, so we can > better monitor the current build status. > > Best, > Richard Z > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel: > > Is this a matter of upgrading and testing or is there more to it than > > that? If that's it we can create a PR with the updates and let the asf ci > > run the tests and look for problems. > > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois < > > francois.courta...@thalesgroup.com> wrote: > > > Hello, > > > Could you take this JIRA entry ( > > https://issues.apache.org/jira/browse/TOMEE-2737) into account please ? > > > Best Regard. > > > > > > > This message and any attachments are intended solely for the addressees > > and may contain confidential information. Any unauthorized use or > > disclosure, either whole or partial, is prohibited. > > E-mails are susceptible to alteration. Our company shall not be liable for > > the message if altered, changed or falsified. If you are not the intended > > recipient of this message, please delete it and notify the sender. > > Although all reasonable efforts have been made to keep this transmission > > free from viruses, the sender will not be liable for damages caused by a > > transmitted virus. > > > > > > -- > > > > > -- > > > > > -- > > > -- Richard Monson-Haefel https://twitter.com/rmonson https://www.linkedin.com/in/monsonhaefel/
[GitHub] [tomee] rmonson commented on issue #606: TOMEE-2734-Upgrade CXF to 3.3.4
rmonson commented on issue #606: TOMEE-2734-Upgrade CXF to 3.3.4 URL: https://github.com/apache/tomee/pull/606#issuecomment-554958280 @Daniel-Dos you are doing great just keep going and let us know when you get stuck! Take a close look at the tests that failed and see if that helps you track down the issue. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
Re: JIRA about CVEs
Did not find anything with the owasp plugin profile. Should be fine (for now). Am Mittwoch, den 13.11.2019, 08:25 -0600 schrieb Richard Monson-Haefel: > Excellent! Thanks, Richard! > > On Wed, Nov 13, 2019 at 8:18 AM Zowalla, Richard < > richard.zowa...@hs-heilbronn.de> wrote: > > Ok, John did comment in the JIRA, that the upgrades are already > > conducted in previous commits. > > I will run an OWASP scan on the code. If this reveals some more > > vulnerable dependencies, I will report in the JIRA and provide a > > PR, if possible. > > > > Best, > > Richard Z. > > > > Am Mittwoch, den 13.11.2019, 14:08 + schrieb Zowalla, Richard: > > > Alright, I will proceed :) > > > Best,Richard > > > Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson- > > > Haefel: > > > > If you don't mind, Richard, can you do the upgrades and create > > > > a PR? We can let it run overnight and see how it goes. > > > > I'm not sure as to what the best policy is for announcing the > > > > CVE so that people know to upgrade. I think we should figure > > > > that out after the ci has run. As an alternative you can run > > > > the full test suite on your own machine (takes about an hour or > > > > something like that) and see if you pick up any errors. I did > > > > this yesterday with a different PR but I don't have the extra > > > > cycles to do it again today. > > > > > > > > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard < > > > > richard.zowa...@hs-heilbronn.de> wrote: > > > > > Sounds reasonable to me. If I can assist in upgrading, let me > > > > > know. > > > > > > > > > > However, we should publish the link to the ASF CI somewhere, > > > > > so we can better monitor the current build status. > > > > > > > > > > Best, > > > > > Richard Z > > > > > > > > > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard > > > > > Monson-Haefel: > > > > > > Is this a matter of upgrading and testing or is there more > > > > > > to it thanthat? If that's it we can create a PR with the > > > > > > updates and let the asf cirun the tests and look for > > > > > > problems. > > > > > > > > > > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois < > > > > > > francois.courta...@thalesgroup.com> wrote: > > > > > > Hello, > > > > > > Could you take this JIRA entry ( > > > > > > https://issues.apache.org/jira/browse/TOMEE-2737) into > > > > > > account please ? > > > > > > Best Regard. > > > > > > > > > > > > > > > > > > This message and any > > > > > > attachments are intended solely for the addresseesand may > > > > > > contain confidential information. Any unauthorized use > > > > > > ordisclosure, either whole or partial, is prohibited.E- > > > > > > mails are susceptible to alteration. Our company shall not > > > > > > be liable forthe message if altered, changed or falsified. > > > > > > If you are not the intendedrecipient of this message, > > > > > > please delete it and notify the sender.Although all > > > > > > reasonable efforts have been made to keep this > > > > > > transmissionfree from viruses, the sender will not be > > > > > > liable for damages caused by atransmitted virus. > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > > > > > -- > > > > > > -- smime.p7s Description: S/MIME cryptographic signature
