Author: gk
Date: Wed Feb 21 07:18:11 2018
New Revision: 1824929
URL: http://svn.apache.org/viewvc?rev=1824929&view=rev
Log:
- remove snapshots
- update changes
- add owasp filter
Added:
turbine/core/trunk/suppression-owasp-fp.xml (with props)
Modified:
turbine/core/trunk/pom.xml
turbine/core/trunk/src/changes/changes.xml
Modified: turbine/core/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/pom.xml?rev=1824929&r1=1824928&r2=1824929&view=diff
==============================================================================
--- turbine/core/trunk/pom.xml (original)
+++ turbine/core/trunk/pom.xml Wed Feb 21 07:18:11 2018
@@ -522,6 +522,8 @@
</executions>
<configuration>
<!--skip>true</skip-->
+ <!-- suppress false positive -->
+
<suppressionFiles>${project.basedir}/suppression-owasp-fp.xml</suppressionFiles>
</configuration>
</plugin>
<plugin>
@@ -1146,8 +1148,8 @@
<properties>
<!-- TODO: Change for release -->
<turbine.site.path>turbine/development/turbine-4.1</turbine.site.path>
- <fulcrum.intake>1.2.3-SNAPSHOT</fulcrum.intake>
- <fulcrum.security>1.1.2-SNAPSHOT</fulcrum.security>
+ <fulcrum.intake>1.2.3</fulcrum.intake>
+ <fulcrum.security>1.1.2</fulcrum.security>
<slf4j.version>1.7.25</slf4j.version>
</properties>
Modified: turbine/core/trunk/src/changes/changes.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/src/changes/changes.xml?rev=1824929&r1=1824928&r2=1824929&view=diff
==============================================================================
--- turbine/core/trunk/src/changes/changes.xml (original)
+++ turbine/core/trunk/src/changes/changes.xml Wed Feb 21 07:18:11 2018
@@ -24,9 +24,16 @@
</properties>
<body>
- <release version="4.0.1" date="in Subversion">
+ <release version="4.0.2" date="in Subversion">
+ </release>
+ <release version="4.0.1" date="2018-02-21">
+ <action type="update" dev="gk">
+ Security methods replaceRole and revokeAll(Role, flag), Interface
changes: SecurityService's addUser method and UserManager's createAccount,
getAnonymousUser, getACL methods may now throw UnknownEntityException
additionally.
+ </action>
+ <action type="update" dev="painter">
+ input.encoding property (velocity) is set now default for
locale.default.charset (both default to ISO-8859-1).
+ </action>
<action type="update" dev="gk">
- New security method replaceRole,
Updated dependency versions: commons-codec to 1.11, commons-beanutils
to 1.9.3, mockito-core to 2.13.0.
</action>
<action type="fix" dev="gk" due-to="Jeffery Painter">
Added: turbine/core/trunk/suppression-owasp-fp.xml
URL:
http://svn.apache.org/viewvc/turbine/core/trunk/suppression-owasp-fp.xml?rev=1824929&view=auto
==============================================================================
--- turbine/core/trunk/suppression-owasp-fp.xml (added)
+++ turbine/core/trunk/suppression-owasp-fp.xml Wed Feb 21 07:18:11 2018
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!-- general cft.
https://jeremylong.github.io/DependencyCheck/general/suppression.html -->
+<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd";>
+ <!-- https://issues.apache.org/jira/browse/LOG4J2-1863 i.e. log4j 2.8.2
fixes, but affected versions match only log4j2 2.x, not log4j 1.x -->
+ <suppress>
+ <notes><![CDATA[
+ file name: log4j-1.2.17.jar
+ ]]></notes>
+ <sha1>5af35056b4d257e4b64b9e8069c0746e8b08629f</sha1>
+ <cve>CVE-2017-5645</cve>
+ </suppress>
+</suppressions>
\ No newline at end of file
Propchange: turbine/core/trunk/suppression-owasp-fp.xml
------------------------------------------------------------------------------
svn:eol-style = native
