Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
Thanks Lukasz for taking this, and the excellent handling. - René -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. Łukasz Lenart lukasz.len...@googlemail.com schrieb: 2012/1/2 Maurizio Cucchiara mcucchi...@apache.org: [ X] General Availability (GA) Vote passed: 3x +1 (binding) Just a little question: why don't we include the address of the maven staging repository in the vote process? Many lazy users (like me) just want to change only the struts version inside their pom, for instance : org.apache.struts.version2.3.1.1/org.apache.struts.version I don't know if it is the right way, but I found very useful to add the staging repository on my settings.xml repository idapache.staging/id nameASF Maven Staging/name urlhttps://repository.apache.org/content/groups/staging//url; /repository Good point Maurizio, I'll update the templates Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ _ To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
Yeah, thank you Lukasz, well done! Sent from my mobile device, so please excuse typos and brevity. Maurizio Cucchiara Il giorno 04/gen/2012 07.48, René Gielen gie...@it-neering.net ha scritto: Thanks Lukasz for taking this, and the excellent handling. - René -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet. Łukasz Lenart lukasz.len...@googlemail.com schrieb: 2012/1/2 Maurizio Cucchiara mcucchi...@apache.org: [ X] General Availability (GA) Vote passed: 3x +1 (binding) Just a little question: why don't we include the address of the maven staging repository in the vote process? Many lazy users (like me) just want to change only the struts version inside their pom, for instance : org.apache.struts.version2.3.1.1/org.apache.struts.version I don't know if it is the right way, but I found very useful to add the staging repository on my settings.xml repository idapache.staging/id nameASF Maven Staging/name urlhttps://repository.apache.org/content/groups/staging/ /url; /repository Good point Maurizio, I'll update the templates Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ _ To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
[ X] General Availability (GA) Just a little question: why don't we include the address of the maven staging repository in the vote process? Many lazy users (like me) just want to change only the struts version inside their pom, for instance : org.apache.struts.version2.3.1.1/org.apache.struts.version I don't know if it is the right way, but I found very useful to add the staging repository on my settings.xml repository idapache.staging/id nameASF Maven Staging/name urlhttps://repository.apache.org/content/groups/staging//url /repository - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
2012/1/2 Maurizio Cucchiara mcucchi...@apache.org: [ X] General Availability (GA) Vote passed: 3x +1 (binding) Just a little question: why don't we include the address of the maven staging repository in the vote process? Many lazy users (like me) just want to change only the struts version inside their pom, for instance : org.apache.struts.version2.3.1.1/org.apache.struts.version I don't know if it is the right way, but I found very useful to add the staging repository on my settings.xml repository idapache.staging/id nameASF Maven Staging/name urlhttps://repository.apache.org/content/groups/staging//url /repository Good point Maurizio, I'll update the templates Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
Hi, I've prepared a Security Bulletin [1] regarding 2.3.1.1 (restricted to struts-committers), please check [1] https://cwiki.apache.org/confluence/display/WW/S2-008 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
I can't see this Security Bulletin. /You cannot view this page Page level restrictions have been applied that limit access to this page./ Johannes - web: http://www.jgeppert.com twitter: http://twitter.com/jogep -- View this message in context: http://struts.1045723.n5.nabble.com/VOTE-Struts-2-3-1-1-Vote-fast-track-tp5101449p5115436.html Sent from the Struts - Dev mailing list archive at Nabble.com. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
Try now 2012/1/2 Johannes Geppert jo...@apache.org: I can't see this Security Bulletin. /You cannot view this page Page level restrictions have been applied that limit access to this page./ Johannes - web: http://www.jgeppert.com twitter: http://twitter.com/jogep -- View this message in context: http://struts.1045723.n5.nabble.com/VOTE-Struts-2-3-1-1-Vote-fast-track-tp5101449p5115436.html Sent from the Struts - Dev mailing list archive at Nabble.com. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
Minor formatting tweaks made; the one about creating/overwriting files left me a bit confused. I understand the issue (more or less) but was having a problem parsing the paragraph--I have not modified it at this point. d. 2012/1/2 Łukasz Lenart lukasz.len...@googlemail.com Try now 2012/1/2 Johannes Geppert jo...@apache.org: I can't see this Security Bulletin. /You cannot view this page Page level restrictions have been applied that limit access to this page./ Johannes - web: http://www.jgeppert.com twitter: http://twitter.com/jogep -- View this message in context: http://struts.1045723.n5.nabble.com/VOTE-Struts-2-3-1-1-Vote-fast-track-tp5101449p5115436.html Sent from the Struts - Dev mailing list archive at Nabble.com. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
Now it works. Thanks Johannes Łukasz Lenart wrote Try now - web: http://www.jgeppert.com twitter: http://twitter.com/jogep -- View this message in context: http://struts.1045723.n5.nabble.com/VOTE-Struts-2-3-1-1-Vote-fast-track-tp5101449p5115468.html Sent from the Struts - Dev mailing list archive at Nabble.com. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [CLOSED][VOTE] Struts 2.3.1.1 Vote (fast track)
2012/1/2 Dave Newton davelnew...@gmail.com: Minor formatting tweaks made; the one about creating/overwriting files left me a bit confused. I understand the issue (more or less) but was having a problem parsing the paragraph--I have not modified it at this point. Thanks Dave, I'm planning to prepare unit tests that will contain specific examples of the vulnerabilities. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
Thanks for offering your help. If you feel like being able to test the binary distribution announced here and to give feedback, that is qualification enough :) We highly appreciate every casted vote. For details on the voting process and the difference between binding and non-binding votes, please see the Decision Making and Voting section in [1]. But remember that even though your vote will be non-binding, it will be taken into account by the PMC. Especially if you describe the reasons for your particular vote, say Leave at test build since you found a show stopper, it is likely to influence or change the PMC members' binding votes. - René [1] http://struts.apache.org/bylaws.html On 27.12.11 23:48, Jeffrey Black wrote: Not sure whether I qualify, but I would be happy to test it for you. Best, jb On Tue, Dec 27, 2011 at 3:50 PM, Rainer Hermanns herma...@aixcept.dewrote: Sorry, I've no time to test the short track release this time. Could someone step in? cheers, Rainer -- René Gielen http://twitter.com/rgielen - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
How should I vote if I can't run the tests at the moment, but I can review the source changes? So confused. Hmm, maybe I can run tests after all--I'll try tonight. On Wed, Dec 28, 2011 at 4:36 AM, Rene Gielen rgie...@apache.org wrote: Thanks for offering your help. If you feel like being able to test the binary distribution announced here and to give feedback, that is qualification enough :) We highly appreciate every casted vote. For details on the voting process and the difference between binding and non-binding votes, please see the Decision Making and Voting section in [1]. But remember that even though your vote will be non-binding, it will be taken into account by the PMC. Especially if you describe the reasons for your particular vote, say Leave at test build since you found a show stopper, it is likely to influence or change the PMC members' binding votes. - René [1] http://struts.apache.org/bylaws.html On 27.12.11 23:48, Jeffrey Black wrote: Not sure whether I qualify, but I would be happy to test it for you. Best, jb On Tue, Dec 27, 2011 at 3:50 PM, Rainer Hermanns herma...@aixcept.de wrote: Sorry, I've no time to test the short track release this time. Could someone step in? cheers, Rainer -- René Gielen http://twitter.com/rgielen - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
On Wed, Dec 28, 2011 at 6:35 AM, Dave Newton davelnew...@gmail.com wrote: How should I vote if I can't run the tests at the moment, but I can review the source changes? Given that the vote is on the actual bits, consider this. Suppose that somehow Lukasz's build process got completely messed up, and the zip file does nothing useful. At the same time, you reviewed the source code, not the bits, and you voted for GA. Other people did the same thing, and the end result was a GA release that didn't even work. -- Martin Cooper So confused. Hmm, maybe I can run tests after all--I'll try tonight. On Wed, Dec 28, 2011 at 4:36 AM, Rene Gielen rgie...@apache.org wrote: Thanks for offering your help. If you feel like being able to test the binary distribution announced here and to give feedback, that is qualification enough :) We highly appreciate every casted vote. For details on the voting process and the difference between binding and non-binding votes, please see the Decision Making and Voting section in [1]. But remember that even though your vote will be non-binding, it will be taken into account by the PMC. Especially if you describe the reasons for your particular vote, say Leave at test build since you found a show stopper, it is likely to influence or change the PMC members' binding votes. - René [1] http://struts.apache.org/bylaws.html On 27.12.11 23:48, Jeffrey Black wrote: Not sure whether I qualify, but I would be happy to test it for you. Best, jb On Tue, Dec 27, 2011 at 3:50 PM, Rainer Hermanns herma...@aixcept.de wrote: Sorry, I've no time to test the short track release this time. Could someone step in? cheers, Rainer -- René Gielen http://twitter.com/rgielen - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
Stupid bits. On Dec 28, 2011 12:29 PM, Martin Cooper mart...@apache.org wrote: On Wed, Dec 28, 2011 at 6:35 AM, Dave Newton davelnew...@gmail.com wrote: How should I vote if I can't run the tests at the moment, but I can review the source changes? Given that the vote is on the actual bits, consider this. Suppose that somehow Lukasz's build process got completely messed up, and the zip file does nothing useful. At the same time, you reviewed the source code, not the bits, and you voted for GA. Other people did the same thing, and the end result was a GA release that didn't even work. -- Martin Cooper So confused. Hmm, maybe I can run tests after all--I'll try tonight. On Wed, Dec 28, 2011 at 4:36 AM, Rene Gielen rgie...@apache.org wrote: Thanks for offering your help. If you feel like being able to test the binary distribution announced here and to give feedback, that is qualification enough :) We highly appreciate every casted vote. For details on the voting process and the difference between binding and non-binding votes, please see the Decision Making and Voting section in [1]. But remember that even though your vote will be non-binding, it will be taken into account by the PMC. Especially if you describe the reasons for your particular vote, say Leave at test build since you found a show stopper, it is likely to influence or change the PMC members' binding votes. - René [1] http://struts.apache.org/bylaws.html On 27.12.11 23:48, Jeffrey Black wrote: Not sure whether I qualify, but I would be happy to test it for you. Best, jb On Tue, Dec 27, 2011 at 3:50 PM, Rainer Hermanns herma...@aixcept.de wrote: Sorry, I've no time to test the short track release this time. Could someone step in? cheers, Rainer -- René Gielen http://twitter.com/rgielen - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
[x] General Availability (GA) (binding) Since I did not have the time to test 2.3.1 thoroughly beforehand, I tested the downloaded 2.3.1.1 distribution with included binary examples, as well as a upgrade to staged jars in two of my Struts 2 projects. - René Reminder: For those who have already tested the 2.3.1 release thoroughly, it is OK to focus on testing the fixes introduced with this fast track release. On 26.12.11 13:09, Łukasz Lenart wrote: The Struts 2.3.1.1 test build is now available. This release solves very important security vulnerabilities. Release notes: * [https://cwiki.apache.org/WW/version-notes-2311.html] Distribution: * [http://people.apache.org/builds/struts/2.3.1.1/] Maven 2 staging repository: * [https://repository.apache.org/content/repositories/orgapachestruts-385/] Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. This is a fast-track release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels. Kind regards -- René Gielen http://twitter.com/rgielen - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
W dniu 26 grudnia 2011 13:09 użytkownik Łukasz Lenart lukasz.len...@googlemail.com napisał: [X] General Availability (GA) +1 binding Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
Sorry, I've no time to test the short track release this time. Could someone step in? cheers, Rainer Rainer Hermanns aixcept Willibrordstraße 82 52134 Herzogenrath - Germany w: http://aixcept.de/ t: +49 - 2406 - 979 22 11 f: +49 - 2406 - 979 22 13 m: +49 - 170 - 343 29 12 Am 26.12.2011 um 13:09 schrieb Łukasz Lenart: The Struts 2.3.1.1 test build is now available. This release solves very important security vulnerabilities. Release notes: * [https://cwiki.apache.org/WW/version-notes-2311.html] Distribution: * [http://people.apache.org/builds/struts/2.3.1.1/] Maven 2 staging repository: * [https://repository.apache.org/content/repositories/orgapachestruts-385/] Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. This is a fast-track release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: [VOTE] Struts 2.3.1.1 Vote (fast track)
Not sure whether I qualify, but I would be happy to test it for you. Best, jb On Tue, Dec 27, 2011 at 3:50 PM, Rainer Hermanns herma...@aixcept.dewrote: Sorry, I've no time to test the short track release this time. Could someone step in? cheers, Rainer Rainer Hermanns aixcept Willibrordstraße 82 52134 Herzogenrath - Germany w: http://aixcept.de/ t: +49 - 2406 - 979 22 11 f: +49 - 2406 - 979 22 13 m: +49 - 170 - 343 29 12 Am 26.12.2011 um 13:09 schrieb Łukasz Lenart: The Struts 2.3.1.1 test build is now available. This release solves very important security vulnerabilities. Release notes: * [https://cwiki.apache.org/WW/version-notes-2311.html] Distribution: * [http://people.apache.org/builds/struts/2.3.1.1/] Maven 2 staging repository: * [ https://repository.apache.org/content/repositories/orgapachestruts-385/] Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. This is a fast-track release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org -- Best, Jeffrey Black 512-537-9871 jeffrey.bl...@yahoo.com -- Connect with me on LinkedIn: http://www.linkedin.com/in/jeffreyblack Follow me on Twitter: http://twitter.com/jeffblack360 Check out my blog: http://jeffblack360.wordpress.com
[VOTE] Struts 2.3.1.1 Vote (fast track)
The Struts 2.3.1.1 test build is now available. This release solves very important security vulnerabilities. Release notes: * [https://cwiki.apache.org/WW/version-notes-2311.html] Distribution: * [http://people.apache.org/builds/struts/2.3.1.1/] Maven 2 staging repository: * [https://repository.apache.org/content/repositories/orgapachestruts-385/] Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. This is a fast-track release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
