Re: 1.1.1 - Ready or not ? Soliciting input

Tue, 08 Aug 2006 09:39:22 -0700

Are these issues "newly" broken in 1.1.1 or are they issues that also exist with 1.1? From looking at the JIRAs all list 1.1 or earlier as being affected with the exception of GERONIMO-2270.
I don't see a reason to hold up 1.1.1 unless we have introduced some new blocking issues in the 1.1.1 release. 

Joe


Aaron Mulder wrote:

Here are the issues that bother me most in 1.1.1.  I believe they are
all also issues in 1.1.

DEPLOYMENT

http://issues.apache.org/jira/browse/GERONIMO-2270
- Redeploy broken when module ID does not include a type (patch available)

http://issues.apache.org/jira/browse/GERONIMO-2269
- Redeploy broken when module ID does not include a version and app
uses JNDI (patch available)

I also just found a deploy problem with web apps with a plan with no
environment, but I haven't investigated much yet.

SECURITY

http://issues.apache.org/jira/browse/GERONIMO-2294
- For a security realm with multiple login modules, we do not handle
the JAAS Control Flags correctly (e.g. we do not call the login
modules using the correct logic).  Code to reproduce available. Alan
had claimed a predecessor to this issue; I'm not sure if he's planning
on working on this one.

http://issues.apache.org/jira/browse/GERONIMO-2295
- For a web app, if the security url-patterns don't exactly match the
servlet-mapping url-patterns, we apply no security at all.  Code to
reproduce available.  Alan has claimed this issue.

http://issues.apache.org/jira/browse/GERONIMO-1053
- Likely not still a problem (reported against M5), but if it is, it
sounds serious.

There are a large number of other issues out there in the "security"
category, but I don't think they're all as urgent (e.g. GEORNIMO-1747,
GERONIMO-2274, GERONIMO-2275, and GERONIMO-2279 probably ought to be
addressed in 1.1.2 but I don't think need to hold up 1.1.1).

Thanks,
    Aaron

On 8/8/06, Matt Hogstrom <[EMAIL PROTECTED]> wrote:


1.1.1 is in a form that we can get ready to release it.  I was talking 
with Aaron and he mentioned
that there were some security issues he was concerned about.  I would 
like to use this thread to
identify any issues that should be considered show stoppers and make 
the decision on how to move

forward.


Please use this thread to provide that information.  What I think 
we'll need to make an appropriate

assessement is:

Issue Description

How long have we had it?  (has it existed in earlier releases and we 
knew it)

Exposure
JIRA issue number tracking the issue.


Please provide your input as quickly as possible so we can assess how 
to proceed with 1.1.1.


Thanks.


























					Reply via email to