cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject [CANCEL] [VOTE] CXF 2.7.5/2.6.8 - take 2
Date Thu, 09 May 2013 16:07:59 GMT
Argh….   Security issue.

Yep.  I'm canceling this vote again.   I also found an spring-dm related deadlock issue while
doing some of my own testing this morning that I'm going to try fixing.   I'll likely wait
until tomorrow morning to rebuild mostly because I'm busy today, but I also would like some
time for folks to do a bit more testing.   We've been finding a bunch of issues which is concerning
me.   I'm going to leave the staging repo there for people to test with if they want.

Dan



On May 8, 2013, at 10:35 AM, Colm O hEigeartaigh <coheigea@apache.org> wrote:

> -1. Unfortunately I have discovered another blocker.
> 
> A fix I made to the WSS4JInInterceptor for CXF 2.7.4 to populate the
> SecurityContext from a JAAS Subject had the side-effect of always choosing
> the first Principal from the WSS4J result list, whereas the old behaviour
> was to choose the last. So if something is encrypted in the security header
> first, it will take this principal.
> 
> I've merged a fix to use the old behaviour, but also to avoid using a
> Decryption Principal.
> 
> Colm.
> 
> 
> On Wed, May 8, 2013 at 3:46 PM, Willem jiang <willem.jiang@gmail.com> wrote:
> 
>> +1
>> 
>> 
>> --
>> Willem Jiang
>> 
>> Red Hat, Inc.
>> FuseSource is now part of Red Hat
>> Web: http://www.fusesource.com | http://www.redhat.com
>> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
>> (English)
>>          http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>> Twitter: willemjiang
>> Weibo: 姜宁willem
>> 
>> 
>> 
>> 
>> On Wednesday, May 8, 2013 at 8:57 AM, Daniel Kulp wrote:
>> 
>>> 
>>> We've resolved over 40 issues since 2.7.4. Not a lot, but it includes an
>> OSGi fix that is blocking a Camel issues which may also be causing issues
>> with the ServiceMix release. This also affects CXF 2.6.x which affects
>> Camel 2.10.x/ServiceMix 4.5.1 so I decided to do a 2.6.x release as well.
>>> 
>>> This second build fixes the 3 issues in JAX-RS that were identified as
>> well as an issue in StaxUtils when using the in-jdk parser and an issue in
>> the WS-Discovery service.
>>> 
>>> 
>>> 
>>> List of issues:
>>> 2.6.8
>>> 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310511&version=12324276
>>> 2.7.5
>>> 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310511&version=12324277
>>> 
>>> The Maven staging areas are at:
>>> 2.6.8
>>> https://repository.apache.org/content/repositories/orgapachecxf-172/
>>> 2.7.5
>>> https://repository.apache.org/content/repositories/orgapachecxf-018/
>>> 
>>> The distributions are in the org/apache/cxf/apache-cxf/ directory of the
>> Maven staging areas.
>>> 
>>> This releases are tagged at:
>>> http://svn.apache.org/repos/asf/cxf/tags/cxf-2.6.8
>>> http://svn.apache.org/repos/asf/cxf/tags/cxf-2.7.5
>>> 
>>> This vote will be open for at least 72 hours.
>>> 
>>> 
>>> --
>>> Daniel Kulp
>>> dkulp@apache.org - http://dankulp.com/blog
>>> Talend Community Coder - http://coders.talend.com
>> 
>> 
>> 
>> 
> 
> 
> -- 
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message