[GitHub] [manifoldcf-integration-solr-3.x] dependabot[bot] opened a new pull request, #8: Bump jetty from 6.1.9 to 6.1.23
dependabot[bot] opened a new pull request, #8: URL: https://github.com/apache/manifoldcf-integration-solr-3.x/pull/8 Bumps jetty from 6.1.9 to 6.1.23. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.mortbay.jetty:jetty=maven=6.1.9=6.1.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/manifoldcf-integration-solr-3.x/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@manifoldcf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (CONNECTORS-1713) JIRA Repository Connector ignores issue security when ingesting from JIRA 8.20+
[ https://issues.apache.org/jira/browse/CONNECTORS-1713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17552637#comment-17552637 ] Karl Wright commented on CONNECTORS-1713: - [~schuch], are you saying the versions prior to 8.20 would be unsupported? Or is it just that we don't know? If we don't know, I'd say go ahead and make the needed repairs. If we DO know that it would break, we could make the (new) behavior contingent on the results of a version query to JIRA, correct? > JIRA Repository Connector ignores issue security when ingesting from JIRA > 8.20+ > --- > > Key: CONNECTORS-1713 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1713 > Project: ManifoldCF > Issue Type: Bug > Components: JIRA connector >Affects Versions: ManifoldCF 2.22 >Reporter: Markus Schuch >Priority: Major > Attachments: api-docs.png > > > There was obviously a change in the behaviour of the JIRA Server REST API: > The {{GET /rest/user/viewissue/search}} has a parameter {{username}}. > In JIRA 8.13.x the value must be to double quotes ({{username=""}}) to fetch > all users that have browse permission for the issue. > In JIRA 8.20.x the value must be empty ({{username=}}). > I found no information about this change in the JIRA Release Notes. > I raised a question in the Atlassian Dev Community: > https://community.developer.atlassian.com/t/rest-api-change-in-behaviour-of-find-users-with-browse-permission-get-rest-user-viewissue-search/58819 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [manifoldcf] pjfanning commented on pull request #122: upgrade log4j to 2.17.2
pjfanning commented on PR #122: URL: https://github.com/apache/manifoldcf/pull/122#issuecomment-1152079058 this was merged to cvn -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@manifoldcf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [manifoldcf] pjfanning closed pull request #122: upgrade log4j to 2.17.2
pjfanning closed pull request #122: upgrade log4j to 2.17.2 URL: https://github.com/apache/manifoldcf/pull/122 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@manifoldcf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (CONNECTORS-1718) match up dependency versions in pom.xml with build.xml
PJ Fanning created CONNECTORS-1718: -- Summary: match up dependency versions in pom.xml with build.xml Key: CONNECTORS-1718 URL: https://issues.apache.org/jira/browse/CONNECTORS-1718 Project: ManifoldCF Issue Type: Improvement Reporter: PJ Fanning Some of the version numbers in pom.xml are out of date compared with build.xml. This seems to be the cause of the travis-ci build maven job failing. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Comment Edited] (CONNECTORS-1713) JIRA Repository Connector ignores issue security when ingesting from JIRA 8.20+
[ https://issues.apache.org/jira/browse/CONNECTORS-1713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17552585#comment-17552585 ] Markus Schuch edited comment on CONNECTORS-1713 at 6/10/22 6:40 AM: With CONNECTORS-1493 we have already experienced the situation the other way round. Here we had to put the quotes in the query to make it still work. [~kwri...@metacarta.com] are you okay with me adjusting the query to adapt to JIRA Server Versions (8.20+) and thus no longer support older versions? was (Author: schuchm): With CONNECTORS-1493 we have already experienced the situation the other way round. Here we had to put the quotes in the query to make it still work. [~kwri...@metacarta.com] are you okay with me adjusting the query to adapt to JIRA Server Versions? (8.20+) > JIRA Repository Connector ignores issue security when ingesting from JIRA > 8.20+ > --- > > Key: CONNECTORS-1713 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1713 > Project: ManifoldCF > Issue Type: Bug > Components: JIRA connector >Affects Versions: ManifoldCF 2.22 >Reporter: Markus Schuch >Priority: Major > Attachments: api-docs.png > > > There was obviously a change in the behaviour of the JIRA Server REST API: > The {{GET /rest/user/viewissue/search}} has a parameter {{username}}. > In JIRA 8.13.x the value must be to double quotes ({{username=""}}) to fetch > all users that have browse permission for the issue. > In JIRA 8.20.x the value must be empty ({{username=}}). > I found no information about this change in the JIRA Release Notes. > I raised a question in the Atlassian Dev Community: > https://community.developer.atlassian.com/t/rest-api-change-in-behaviour-of-find-users-with-browse-permission-get-rest-user-viewissue-search/58819 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (CONNECTORS-1713) JIRA Repository Connector ignores issue security when ingesting from JIRA 8.20+
[ https://issues.apache.org/jira/browse/CONNECTORS-1713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17552585#comment-17552585 ] Markus Schuch commented on CONNECTORS-1713: --- With CONNECTORS-1493 we have already experienced the situation the other way round. Here we had to put the quotes in the query to make it still work. [~kwri...@metacarta.com] are you okay with me adjusting the query to adapt to JIRA Server Versions? (8.20+) > JIRA Repository Connector ignores issue security when ingesting from JIRA > 8.20+ > --- > > Key: CONNECTORS-1713 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1713 > Project: ManifoldCF > Issue Type: Bug > Components: JIRA connector >Affects Versions: ManifoldCF 2.22 >Reporter: Markus Schuch >Priority: Major > Attachments: api-docs.png > > > There was obviously a change in the behaviour of the JIRA Server REST API: > The {{GET /rest/user/viewissue/search}} has a parameter {{username}}. > In JIRA 8.13.x the value must be to double quotes ({{username=""}}) to fetch > all users that have browse permission for the issue. > In JIRA 8.20.x the value must be empty ({{username=}}). > I found no information about this change in the JIRA Release Notes. > I raised a question in the Atlassian Dev Community: > https://community.developer.atlassian.com/t/rest-api-change-in-behaviour-of-find-users-with-browse-permission-get-rest-user-viewissue-search/58819 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Comment Edited] (CONNECTORS-1713) JIRA Repository Connector ignores issue security when ingesting from JIRA 8.20+
[ https://issues.apache.org/jira/browse/CONNECTORS-1713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17552583#comment-17552583 ] Markus Schuch edited comment on CONNECTORS-1713 at 6/10/22 6:32 AM: No information was provided by the atlassian developer community after roughly one week. After reading the API docs again, i start to believe we probably use the API out of specification. The docmentation says _*no users returned if left blank*_ about the {{username}} query parameter: !api-docs.png! https://docs.atlassian.com/software/jira/docs/api/REST/8.22.3/#user-findUsersWithBrowsePermission I think it may be the case, that atlassian did not intend to provide an API to retrieve any user with browse permission for an issue. The username filter seems to be mandatory in the spec. But it is not even clear, how the filter is suposed to work. Is it exact matching of usernames only? I don't know... was (Author: schuchm): No information was provided by the atlassian developer community after roughly one week. After reading the API docs again, i start to believe we probably use the API out of specification. The docmentation says _*no users returned if left blank*_ about the {{username}} query parameter: !api-docs.png! https://docs.atlassian.com/software/jira/docs/api/REST/8.22.3/#user-findUsersWithBrowsePermission I think it may be the case, that atlassian did not intend to provide an API to retrieve any user with browse permission for an issue. The username filter seems to be mandatory in the spec. But it is not even clear, how the filter works. > JIRA Repository Connector ignores issue security when ingesting from JIRA > 8.20+ > --- > > Key: CONNECTORS-1713 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1713 > Project: ManifoldCF > Issue Type: Bug > Components: JIRA connector >Affects Versions: ManifoldCF 2.22 >Reporter: Markus Schuch >Priority: Major > Attachments: api-docs.png > > > There was obviously a change in the behaviour of the JIRA Server REST API: > The {{GET /rest/user/viewissue/search}} has a parameter {{username}}. > In JIRA 8.13.x the value must be to double quotes ({{username=""}}) to fetch > all users that have browse permission for the issue. > In JIRA 8.20.x the value must be empty ({{username=}}). > I found no information about this change in the JIRA Release Notes. > I raised a question in the Atlassian Dev Community: > https://community.developer.atlassian.com/t/rest-api-change-in-behaviour-of-find-users-with-browse-permission-get-rest-user-viewissue-search/58819 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Comment Edited] (CONNECTORS-1713) JIRA Repository Connector ignores issue security when ingesting from JIRA 8.20+
[ https://issues.apache.org/jira/browse/CONNECTORS-1713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17552583#comment-17552583 ] Markus Schuch edited comment on CONNECTORS-1713 at 6/10/22 6:31 AM: No information was provided by the atlassian developer community after roughly one week. After reading the API docs again, i start to believe we probably use the API out of specification. The docmentation says _*no users returned if left blank*_ about the {{username}} query parameter: !api-docs.png! https://docs.atlassian.com/software/jira/docs/api/REST/8.22.3/#user-findUsersWithBrowsePermission I think it may be the case, that atlassian did not intend to provide an API to retrieve any user with browse permission for an issue. The username filter seems to be mandatory in the spec. But it is not even clear, how the filter works. was (Author: schuchm): No information was provided by the atlassian developer community after roughly one week. After reading the API docs again, i start to believe we probably use the API out of specification. The docmentation says _*no users returned if left blank*_ about the {{username}} query parameter: !api-docs.png! I think it may be the case, that atlassian did not intend to provide an API to retrieve any user with browse permission for an issue. The username filter seems to be mandatory in the spec. But it is not even clear, how the filter works. > JIRA Repository Connector ignores issue security when ingesting from JIRA > 8.20+ > --- > > Key: CONNECTORS-1713 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1713 > Project: ManifoldCF > Issue Type: Bug > Components: JIRA connector >Affects Versions: ManifoldCF 2.22 >Reporter: Markus Schuch >Priority: Major > Attachments: api-docs.png > > > There was obviously a change in the behaviour of the JIRA Server REST API: > The {{GET /rest/user/viewissue/search}} has a parameter {{username}}. > In JIRA 8.13.x the value must be to double quotes ({{username=""}}) to fetch > all users that have browse permission for the issue. > In JIRA 8.20.x the value must be empty ({{username=}}). > I found no information about this change in the JIRA Release Notes. > I raised a question in the Atlassian Dev Community: > https://community.developer.atlassian.com/t/rest-api-change-in-behaviour-of-find-users-with-browse-permission-get-rest-user-viewissue-search/58819 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (CONNECTORS-1713) JIRA Repository Connector ignores issue security when ingesting from JIRA 8.20+
[ https://issues.apache.org/jira/browse/CONNECTORS-1713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17552583#comment-17552583 ] Markus Schuch commented on CONNECTORS-1713: --- No information was provided by the atlassian developer community after roughly one week. After reading the API docs again, i start to believe we probably use the API out of specification. The docmentation says _*no users returned if left blank*_ about the {{username}} query parameter: !api-docs.png! I think it may be the case, that atlassian did not intend to provide an API to retrieve any user with browse permission for an issue. The username filter seems to be mandatory in the spec. But it is not even clear, how the filter works. > JIRA Repository Connector ignores issue security when ingesting from JIRA > 8.20+ > --- > > Key: CONNECTORS-1713 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1713 > Project: ManifoldCF > Issue Type: Bug > Components: JIRA connector >Affects Versions: ManifoldCF 2.22 >Reporter: Markus Schuch >Priority: Major > Attachments: api-docs.png > > > There was obviously a change in the behaviour of the JIRA Server REST API: > The {{GET /rest/user/viewissue/search}} has a parameter {{username}}. > In JIRA 8.13.x the value must be to double quotes ({{username=""}}) to fetch > all users that have browse permission for the issue. > In JIRA 8.20.x the value must be empty ({{username=}}). > I found no information about this change in the JIRA Release Notes. > I raised a question in the Atlassian Dev Community: > https://community.developer.atlassian.com/t/rest-api-change-in-behaviour-of-find-users-with-browse-permission-get-rest-user-viewissue-search/58819 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (CONNECTORS-1713) JIRA Repository Connector ignores issue security when ingesting from JIRA 8.20+
[ https://issues.apache.org/jira/browse/CONNECTORS-1713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Markus Schuch updated CONNECTORS-1713: -- Attachment: api-docs.png > JIRA Repository Connector ignores issue security when ingesting from JIRA > 8.20+ > --- > > Key: CONNECTORS-1713 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1713 > Project: ManifoldCF > Issue Type: Bug > Components: JIRA connector >Affects Versions: ManifoldCF 2.22 >Reporter: Markus Schuch >Priority: Major > Attachments: api-docs.png > > > There was obviously a change in the behaviour of the JIRA Server REST API: > The {{GET /rest/user/viewissue/search}} has a parameter {{username}}. > In JIRA 8.13.x the value must be to double quotes ({{username=""}}) to fetch > all users that have browse permission for the issue. > In JIRA 8.20.x the value must be empty ({{username=}}). > I found no information about this change in the JIRA Release Notes. > I raised a question in the Atlassian Dev Community: > https://community.developer.atlassian.com/t/rest-api-change-in-behaviour-of-find-users-with-browse-permission-get-rest-user-viewissue-search/58819 -- This message was sent by Atlassian Jira (v8.20.7#820007)