Awesome, thanks :-) Colm.
On Thu, Apr 23, 2020 at 11:00 AM Francesco Chicchiriccò <ilgro...@apache.org> wrote: > On 23/04/20 11:41, Francesco Chicchiriccò wrote: > > On 23/04/20 11:27, Colm O hEigeartaigh wrote: > >> Hi Francesco, > >> > >> +1, but could we look at updating a few more security vulnerabilities? > >> > >> - CVE-2018-8036 could be fixed by updating XML Graphics 2.3 -> 2.4 > > This can be done both for 2_0_X and 2_1_X as FOP 2.4 retains Java 7 > compatibility, as 2_0_X does. > > > >> - CVE-2018-10237 could be fixed by updating Guava >= 2.24.x > > According to > > > > https://guava.dev/ > > > > we need to use the Android flavor on 2_0_X, because of Java 7 > compatibility. > > > > Under this condition, we can upgrade all branches to latest Guava 29.0 > (which should only required by Swagger UI if I am not mistaking). > > > > I'll do the checks and push upgrades. > > Upgrades committed: > > 2_0_X: > https://github.com/apache/syncope/commit/2f4b898bb71383dcaa59481ebf1c90c46a54ae22 > 2_1_X > <https://github.com/apache/syncope/commit/2f4b898bb71383dcaa59481ebf1c90c46a54ae222_1_X>: > > https://github.com/apache/syncope/commit/d2f742d2ed23ab1f9f925a02d0d3be4308b2a102 > master: > https://github.com/apache/syncope/commit/ffffa48cbe79fb9babef64a4890ee3c55c3c5b81 > > Regards. > > >> On Thu, Apr 23, 2020 at 8:47 AM Francesco Chicchiriccò < > ilgro...@apache.org> > >> wrote: > >> > >>> Hi all, > >>> resuming this thread after one week: shall we proceed with releases? > >>> > >>> Regards. > >>> > >>> On 16/04/20 14:17, Andrea Patricelli wrote: > >>>> Hi all, > >>>> > >>>> we are going to develop last improvement that consists in a custom > layout for linked account wizard. Thus we would like to wait for this last > improvement before the release. > >>>> > >>>> Best regards, > >>>> Andrea > >>>> > >>>> Il 14/04/20 11:58, Francesco Chicchiriccò ha scritto: > >>>>> Hi there, > >>>>> I think it's about time to start preparing Syncope 2.1.6 / 2.0.15 > (several fixes and improvement, time passed since previous releases, ..). > >>>>> > >>>>> If you have any pending change or fix, please either finalize as > soon as possible or let's postpone. > >>>>> WDYT? > >>>>> > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > >
