Re: [VOTE] Release Apache Sling File System Resource Provider 2.1.8, File System Resource Provider 1.4.8

2017-07-18 Thread Daniel Klco
+1 On Sun, Jul 16, 2017 at 3:30 PM, Karl Pauls wrote: > +1 > > regards, > > Karl > > On Sunday, July 16, 2017, Carsten Ziegeler wrote: > > > +1 > > > > > > > > -- > > Carsten Ziegeler > > Adobe Research Switzerland > > cziege...@apache.org

[jira] [Updated] (SLING-7015) Add Utility Method to ModelFactory to help proper model creation from child resources in a request context

2017-07-18 Thread Justin Edelson (JIRA)
[ https://issues.apache.org/jira/browse/SLING-7015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Edelson updated SLING-7015: -- Fix Version/s: Sling Models Impl 1.4.4 Sling Models API 1.3.6 > Add Utility

[jira] [Updated] (SLING-7015) Add Utility Method to ModelFactory to help proper model creation from child resources in a request context

2017-07-18 Thread Justin Edelson (JIRA)
[ https://issues.apache.org/jira/browse/SLING-7015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Edelson updated SLING-7015: -- Attachment: SLING-7015.diff Proposed change attached > Add Utility Method to ModelFactory to

[jira] [Closed] (SLING-7011) fsresource: Detect FileVault .xml JCR XML files

2017-07-18 Thread Stefan Seifert (JIRA)
[ https://issues.apache.org/jira/browse/SLING-7011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seifert closed SLING-7011. - > fsresource: Detect FileVault .xml JCR XML files >

[jira] [Closed] (SLING-7007) fsresource: Support URL-encoded file names

2017-07-18 Thread Stefan Seifert (JIRA)
[ https://issues.apache.org/jira/browse/SLING-7007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seifert closed SLING-7007. - > fsresource: Support URL-encoded file names > -- > >

[RESULT] [VOTE] Release Apache File System Resource Provider 2.1.8, File System Resource Provider 1.4.8

2017-07-18 Thread Stefan Seifert
Hi, The vote has passed with the following result : +1 (binding): Stefan Seifert, Carsten Ziegeler, Karl Pauls I will copy this release to the Sling dist directory and promote the artifacts to the central Maven repository. stefan

CVE-2016-5394 : Apache Sling XSS vulnerability

2017-07-18 Thread Bertrand Delacretaz
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Sling XSS Protection API 1.0.8 Description: The encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to

CVE-2016-6798 : Apache Sling XXE vulnerability

2017-07-18 Thread Bertrand Delacretaz
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Sling XSS Protection API 1.0.0 Description: The method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE [0] attacks in all scripts which use this method to validate user

[VOTE] Release Apache Sling Service User Mapper 1.3.4, Resource Resolver 1.5.28, JCR Base 3.0.4, and JCR Resource 3.0.4

2017-07-18 Thread Karl Pauls
I would like to call a vote on the following releases, Service User Mapper 1.3.4 We solved 1 issue in this release: https://issues.apache.org/jira/projects/SLING/versions/12340608 Resource Resolver 1.5.28 We solved 1 issue in this release:

[jira] [Updated] (SLING-4752) New resource query API

2017-07-18 Thread Karl Pauls (JIRA)
[ https://issues.apache.org/jira/browse/SLING-4752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-4752: -- Fix Version/s: (was: JCR Resource 3.0.4) JCR Resource 3.0.6 > New resource query

[jira] [Updated] (SLING-6402) Remove loginAdministrative() usage from jcr base

2017-07-18 Thread Karl Pauls (JIRA)
[ https://issues.apache.org/jira/browse/SLING-6402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-6402: -- Fix Version/s: (was: JCR Base 3.0.4) JCR Base 3.0.6 > Remove

[jira] [Updated] (SLING-4752) New resource query API

2017-07-18 Thread Karl Pauls (JIRA)
[ https://issues.apache.org/jira/browse/SLING-4752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-4752: -- Fix Version/s: (was: Resource Resolver 1.5.28) (was: Resource Resolver

[jira] [Updated] (SLING-6943) Don't call into service registry from within a synchronized block

2017-07-18 Thread Karl Pauls (JIRA)
[ https://issues.apache.org/jira/browse/SLING-6943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-6943: -- Fix Version/s: (was: Resource Resolver 1.5.28) (was: Resource Resolver

[jira] [Updated] (SLING-6943) Don't call into service registry from within a synchronized block

2017-07-18 Thread Karl Pauls (JIRA)
[ https://issues.apache.org/jira/browse/SLING-6943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-6943: -- Fix Version/s: Resource Resolver 1.5.20 > Don't call into service registry from within a synchronized

[jira] [Updated] (SLING-4752) New resource query API

2017-07-18 Thread Karl Pauls (JIRA)
[ https://issues.apache.org/jira/browse/SLING-4752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Pauls updated SLING-4752: -- Fix Version/s: Resource Resolver 1.5.20 > New resource query API > -- > >