geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Bartel <j...@mortbay.com>
Subject Re: Release 1.0 New Build Available
Date Sun, 18 Dec 2005 21:48:09 GMT
I think a security issue is worth delaying a release for. It sounds like
it should be simple to fix.

Jan



Aaron Mulder wrote:
> Another major problem:
> 
> If you deploy a WAR with security settings an no geronimo-web.xml, all
> supposedly secure content is unprotected!  Try deploying this with no
> plan: http://cvs.apache.org/repository/geronimo/wars/geronimo-ldap-demo-1.0-SNAPSHOT.war
> and then visiting
> http://localhost:8080/geronimo-ldap-demo-1.0-SNAPSHOT and clicking the
> links to "secure" and "forbidden".  Both links work, with no login
> prompt.  Instead, IMO, you should get a login prompt and (since no
> realm was configured) all logins should fail.
> 
> -1 to releasing without the fix.  :)  I'm sorry, this is the stuff
> that's supposed to be flushed out during the "release candidate"
> phase.  We never had one since we were trying to get 1.0 out the door
> in 30 seconds or less, but now we're having one, and I think we ought
> to use it.  I'd rather release a solid 1.0 in a week instead of a
> broken one now.
> 
> Aaron
> 
> On 12/18/05, Dain Sundstrom <dain-Q37MRGjfpkc@public.gmane.org> wrote:
> 
>>-1 to all "fixes"
>>
>>We're never going to get this release out at this rate.  Let's list
>>these as known issues and plan for a 1.0.1 release in two weeks.
>>
>>-dain
>>
>>On Dec 18, 2005, at 10:51 AM, Jeff Genender wrote:
>>
>>
>>>Cool...I have a clustering GBean fix...so since we need to rebuild I
>>>would like to slide mine in too.
>>>
>>>Aaron Mulder wrote:
>>>
>>>>I'd like to put one more fix in here -- sorry, but I just got back to
>>>>my internet connection.  Right now if you put a username or password
>>>>of blank in the database pool portlet, the deployment fails.  This is
>>>>of course required for connections to the embedded Derby instance,
>>>>and
>>>>I have the fix ready.
>>>>
>>>>Thanks,
>>>>    Aaron
>>>>
>>>>On 12/18/05, Dave Colasurdo <davecola-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org>
wrote:
>>>>
>>>>>Can we also address part 2 (shutdown error) of GERONIMO-1371?  It
>>>>>fails
>>>>>consistently when issuing a startup followed by a shutdown..
>>>>>Anyone have any insight here?  If we don't fix it, we should add
>>>>>this to
>>>>>the Release notes as a "known issue".
>>>>>
>>>>>BTW, looking through the release notes... I assume "Specific Issues,
>>>>>Features and Improvements for Version 1.0" is a list of things that
>>>>>already have been fixed in 1.0.  We may want to make this a bit
>>>>>clearer.
>>>>>  "Specific Issues, Features and Improvements *fixed* for Version
>>>>>1.0"
>>>>>
>>>>>Hmm.. Should there be a section in the release notes for common
>>>>>known
>>>>>issues (JIRAs) or do you feel that a link to JIRA is sufficient?
>>>>>The
>>>>>"Significant Missing Features" section info is much broader and
>>>>>not at a
>>>>>JIRA granularity.
>>>>>
>>>>>
>>>>>Thanks
>>>>>-Dave-
>>>>>
>>>>>Dave Colasurdo wrote:
>>>>>
>>>>>>Matt Hogstrom wrote:
>>>>>>
>>>>>>
>>>>>>>Deferring to 1.1
>>>>>>>GERONIMO-1371 - Geronimo startup/shutdown issues
>>>>>>>
>>>>>>
>>>>>>Any chance of incorporating part 1 of JIRA 1371?  It is simply
>>>>>>adding an
>>>>>> @echo off to startup.bat (and a "launching new window"
>>>>>>message).
>>>>>>
>>>>>>While not a functional problem, it sure will make a big
>>>>>>difference as to a user's first impression of geronimo..
>>>>>>
>>>>>>Have attached the patch to the JIRA..
>>>>>>
>>>>>>Here is the output with the fix:
>>>>>>
>>>>>>C:\matt_spin_121805\geronimo-1.0\bin>startup
>>>>>>Using GERONIMO_BASE:   c:\matt_spin_121805\geronimo-1.0
>>>>>>Using GERONIMO_HOME:   c:\matt_spin_121805\geronimo-1.0
>>>>>>Using GERONIMO_TMPDIR: c:\matt_spin_121805\geronimo-1.0\var\temp
>>>>>>Using JRE_HOME:        c:\j2sdk1.4.2_08
>>>>>>
>>>>>>Launching Geronimo in a new window
>>>>>>
>>>>>>
>>>>>>Here is the output Without the fix:
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0\bin>startup
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0\bin>if "Windows_NT" ==
>>>>>>"Windows_NT"
>>>>>>setlocal
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0\bin>set
>>>>>>CURRENT_DIR=c:\matt_spin_121805\geronim
>>>>>>o-1.0\bin
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0\bin>if not "" == "" goto gotHome
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0\bin>set
>>>>>>GERONIMO_HOME=c:\matt_spin_121805\geron
>>>>>>imo-1.0\bin
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0\bin>if exist
>>>>>>"c:\matt_spin_121805\geronimo-1.0\
>>>>>>bin\bin\geronimo.bat" goto okHome
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0\bin>cd ..
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0>set
>>>>>>GERONIMO_HOME=c:\matt_spin_121805\geronimo-
>>>>>>1.0
>>>>>>
>>>>>>c:\matt_spin_121805\geronimo-1.0>cd c:\matt_spin_121805
>>>>>>\geronimo-1.0\bin
>>>>>>
>>>>>>C:\matt_spin_121805\geronimo-1.0\bin>if exist
>>>>>>"c:\matt_spin_121805\geronimo-1.0\
>>>>>>bin\geronimo.bat" goto okHome
>>>>>>
>>>>>>C:\matt_spin_121805\geronimo-1.0\bin>set
>>>>>>EXECUTABLE=c:\matt_spin_121805\geronimo
>>>>>>-1.0\bin\geronimo.bat
>>>>>>
>>>>>>C:\matt_spin_121805\geronimo-1.0\bin>if exist
>>>>>>"c:\matt_spin_121805\geronimo-1.0\
>>>>>>bin\geronimo.bat" goto okExec
>>>>>>
>>>>>>C:\matt_spin_121805\geronimo-1.0\bin>set CMD_LINE_ARGS=
>>>>>>
>>>>>>C:\matt_spin_121805\geronimo-1.0\bin>if """" == """" goto
>>>>>>doneSetArgs
>>>>>>
>>>>>>C:\matt_spin_121805\geronimo-1.0\bin>call
>>>>>>"c:\matt_spin_121805\geronimo-1.0\bin\
>>>>>>geronimo.bat" start
>>>>>>Using GERONIMO_BASE:   c:\matt_spin_121805\geronimo-1.0
>>>>>>Using GERONIMO_HOME:   c:\matt_spin_121805\geronimo-1.0
>>>>>>Using GERONIMO_TMPDIR: c:\matt_spin_121805\geronimo-1.0\var\temp
>>>>>>Using JRE_HOME:        c:\j2sdk1.4.2_08
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>
>>
> 


Mime
View raw message