Here are the issues that bother me most in 1.1.1. I believe they are all also issues in 1.1.
DEPLOYMENT http://issues.apache.org/jira/browse/GERONIMO-2270 - Redeploy broken when module ID does not include a type (patch available) http://issues.apache.org/jira/browse/GERONIMO-2269 - Redeploy broken when module ID does not include a version and app uses JNDI (patch available) I also just found a deploy problem with web apps with a plan with no environment, but I haven't investigated much yet. SECURITY http://issues.apache.org/jira/browse/GERONIMO-2294 - For a security realm with multiple login modules, we do not handle the JAAS Control Flags correctly (e.g. we do not call the login modules using the correct logic). Code to reproduce available. Alan had claimed a predecessor to this issue; I'm not sure if he's planning on working on this one. http://issues.apache.org/jira/browse/GERONIMO-2295 - For a web app, if the security url-patterns don't exactly match the servlet-mapping url-patterns, we apply no security at all. Code to reproduce available. Alan has claimed this issue. http://issues.apache.org/jira/browse/GERONIMO-1053 - Likely not still a problem (reported against M5), but if it is, it sounds serious. There are a large number of other issues out there in the "security" category, but I don't think they're all as urgent (e.g. GEORNIMO-1747, GERONIMO-2274, GERONIMO-2275, and GERONIMO-2279 probably ought to be addressed in 1.1.2 but I don't think need to hold up 1.1.1). Thanks, Aaron On 8/8/06, Matt Hogstrom <[EMAIL PROTECTED]> wrote:
1.1.1 is in a form that we can get ready to release it. I was talking with Aaron and he mentioned that there were some security issues he was concerned about. I would like to use this thread to identify any issues that should be considered show stoppers and make the decision on how to move forward. Please use this thread to provide that information. What I think we'll need to make an appropriate assessement is: Issue Description How long have we had it? (has it existed in earlier releases and we knew it) Exposure JIRA issue number tracking the issue. Please provide your input as quickly as possible so we can assess how to proceed with 1.1.1. Thanks.
