cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF 2.6 branch
Date Fri, 16 Jun 2017 10:00:46 GMT
I've re-enabled the SAML tests that were failing + also backported two
additional CVEs (CVE-2015-5253 and CVE-2017-5656):

The branch now contains fixes for the following security advisories:

 - CVE-2014-3577
 - CVE-2014-3623
 - CVE-2015-5253
 - CVE-2016-8739
 - CVE-2016-6812
 - CVE-2017-5656

Please re-test and let me know if you are happy with it and we can call a
vote next week.

Colm.

On Thu, Jun 15, 2017 at 5:42 PM, Colm O hEigeartaigh <coheigea@apache.org>
wrote:

> OK thanks. I've merged the branch. I also reverted the jibx changes to
> "systests/databinding/pom,xml" and "systests/jaxrs/pom.xml" as otherwise
> they don't build with JDK6. I am going to take a look at some of the
> ignored tests to see why they are not working.
>
> Colm.
>
> On Thu, Jun 15, 2017 at 4:40 PM, Jonathan S. Fisher <exabrial@gmail.com>
> wrote:
>
>> I included the toolchain backport because it literally is the easiest way
>> to
>> get to the goal. Simply put this file in "~/.m2/toolchains.xml":
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <toolchains
>>   xmlns="http://maven.apache.org/TOOLCHAINS/1.1.0"
>>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>   xsi:schemaLocation="http://maven.apache.org/TOOLCHAINS/1.1.0
>> http://maven.apache.org/xsd/toolchains-1.1.0.xsd">
>>   <toolchain>
>>     <type>jdk</type>
>>     <provides>
>>       <version>1.6</version>
>>       <vendor>oracle</vendor>
>>     </provides>
>>     <configuration>
>>
>> <jdkHome>/Library/Java/JavaVirtualMachines/1.6.0.jdk/Content
>> s/Home</jdkHome>
>>     </configuration>
>>   </toolchain>
>> </toolchains>
>>
>> Change the jdkHome path to your JDK 1.6 home if necessary (That's the
>> default on my mac).
>>
>> This worked on CI and the build passed.
>>
>> The alternative is solving a bunch of TLS 1.1/1.2 issues because of https,
>> installing certificates into cacerts, download and install an alternative
>> maven,  among many other things I didn't want to do to mess up my system
>> :/
>>
>>
>>
>>
>>
>> --
>> View this message in context: http://cxf.547215.n5.nabble.co
>> m/CXF-2-6-branch-tp5780961p5781238.html
>> Sent from the cxf-dev mailing list archive at Nabble.com.
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message