archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Lamy <ol...@apache.org>
Subject Re: [VOTE] Apache Archiva 2.2.2
Date Tue, 25 Apr 2017 11:58:15 GMT
I will try some debugging as well on the archiva instance.
I think yes you will have to cut an other release.
Perso I don't mind you use a new tag (2.2.3) as you prefer.
But first find the issue :-)


On 25 April 2017 at 19:01, Martin Stockhammer <martin_s@apache.org> wrote:

> Yes, you are right. This should be fixed. Currently I don't know why the
> host name doesn't match, but will try to reproduce. Had no reverse proxy
> environment to check this thoroughly.
> But that means I need to create a new version, right?
>
> Cheers
>
> Martin
>
>
>
>
>
>
> Am 25. April 2017 09:51:06 MESZ schrieb Olivier Lamy <olamy@apache.org>:
>>
>> Hi
>> Yes it's behind a reverse proxy
>> logs says
>>
>> 2017-04-25 07:39:21,524 [qtp1564314458-63] WARN
>> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>> [] - Referer Header Host does not match refererUrl=https://archiva-
>> repository.apache.org/archiva/index.html?request_lang=en, targetUrl=
>> http://archiva-repository.apache.org, archiva-repository.apache.org
>>
>> The security.properties contains
>>
>> rest.baseUrl=https://archiva-repository.apache.org  (I tried with https
>> as well)
>>
>> The referer header has value: https://archiva-
>> repository.apache.org/archiva/index.html?request_lang=en
>>
>> Activating debug:
>>
>> 2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG
>> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>> [] - Referer Header URL found: https://archiva-repository.
>> apache.org/archiva/index.html?request_lang=en
>>
>> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN
>> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>> [] - Referer Header Host does not match refererUrl=https://archiva-
>> repository.apache.org/archiva/index.html?request_lang=en, targetUrl=
>> http://archiva-repository.apache.org, archiva-repository.apache.org
>>
>> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN
>> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
>> [] - HTTP Header check failed. Assuming CSRF attack.
>>
>>
>> Well I can disable that but I'd like to not have too many users
>> complaining :-)
>>
>> On 25 April 2017 at 16:54, Martin Stockhammer <martin_s@apache.org>
>> wrote:
>>
>>> Hi,
>>>
>>> It's behind a reverse proxy or something similar?
>>> I think it's the request url. It is determined automatically. But you
>>> can set a redback configuration property.
>>> In security.properties set
>>> rest.baseUrl=http://archiva-repository.apache.org
>>>
>>> Cheers
>>>
>>> Martin
>>>
>>>
>>> Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy <olamy@apache.org>:
>>>>
>>>> Hi Martin,
>>>> Thanks for your effort with the release!!
>>>> Works fine locally, all sigs are ok!
>>>> I installed the version for https://archiva-repository.apache.org/archiva/
>>>> but I have a problem as cannot log anymore because some REST resources are
>>>> marked as 403.
>>>> In this particular case:
>>>> https://archiva-repository.apache.org/archiva/restServices/archivaServices/commonServices/getAllI18nResources
>>>> Any idea?
>>>>
>>>> On 24 April 2017 at 05:01, Martin <martin_s@apache.org> wrote:
>>>>
>>>>  Hi,
>>>>>
>>>>>  I think I now have everything ready and I'd like to release Apache Archiva
>>>>>  2.2.2
>>>>>
>>>>>  Note this vote include some parent poms, and redback core.
>>>>>
>>>>>  We fixed these issues:
>>>>>  https://issues.apache.org/jira/secure/ReleaseNote.jspa?
>>>>>  projectId=12316920&version=12335832
>>>>>
>>>>>  The staging repository is available here:
>>>>>  https://archiva-repository.apache.org/archiva/repository/
>>>>>  archiva-releases-stage/
>>>>>
>>>>>  Dist artifacts here: https://dist.apache.org/repos/dist/dev/archiva/
>>>>>
>>>>>  Vote open for 72H
>>>>>  [+1]
>>>>>  [0]
>>>>>  [-1]
>>>>>
>>>>>  Greetings
>>>>>  --
>>>>>  Martin Stockhammer
>>>>
>>>>
>>>>
>>>>
>>>>
>>> --
>>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>>>
>>
>>
>>
>> --
>> Olivier Lamy
>> http://twitter.com/olamy | http://linkedin.com/in/olamy
>>
>
> --
> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>



-- 
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message