This is an automated email from the ASF dual-hosted git repository. gk pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/turbine-fulcrum-security.git
commit 4a7b93e30ab3ee909b7db41976ba4f39f8526b79 Author: Georg Kallidis <[email protected]> AuthorDate: Mon Oct 18 09:43:03 2021 +0200 disable module hibernate (JIRA issue TRB-103), update docs, remove suppression --- pom.xml | 3 ++- src/changes/changes.xml | 7 ++++--- suppression-owasp.xml | 7 ------- xdocs/tasks.xml | 4 ++++ 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/pom.xml b/pom.xml index 6de8ae6..86ffa0c 100644 --- a/pom.xml +++ b/pom.xml @@ -196,7 +196,8 @@ <modules> <module>api</module> - <module>hibernate</module> + <!-- disable it until https://issues.apache.org/jira/browse/TRB-103 is resolved --> + <!--module>hibernate</module--> <module>memory</module> <!-- module>nt</module --> <!-- module>ldap</module --> diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 13359b8..6fe9b2b 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -23,13 +23,14 @@ <author email="[email protected]">Eric Pugh</author> </properties> <body> - <release version="2.0.1" description="In VC"> - <action type="update" dev="gk"> + <release version="2.1.0" description="In VC"> + <action type="update" dev="gk"> + - Update to Turbine parent v9 - Torque: use by default Turbinegroup not TurbineRole from generated doSelectJoinTurbine* method, as this will be used as key in lookup in acl roleSets. - add groupSet to interface to TurbineAccessControlList - add transient avalon logger to TurbineAccessControlList constructor - use model manager to fetch global group (model manager should be set always) - - Add Torque 5.0 schemata, update to Turbine parent v9 + - Add Torque 5.0 schemata - Java Dependency updates: Update to commons-dbcp2 2.9.0 (Torque) </action> </release> diff --git a/suppression-owasp.xml b/suppression-owasp.xml index d128f3c..20843d9 100644 --- a/suppression-owasp.xml +++ b/suppression-owasp.xml @@ -18,11 +18,4 @@ under the License. --> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd";> - <suppress> - <notes><![CDATA[ - file name: hibernate-core-3.6.10.Final.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.hibernate/hibernate\-core@.*$</packageUrl> - <vulnerabilityName>CVE-2020-25638</vulnerabilityName> - </suppress> </suppressions> \ No newline at end of file diff --git a/xdocs/tasks.xml b/xdocs/tasks.xml index 136bd29..25755cd 100644 --- a/xdocs/tasks.xml +++ b/xdocs/tasks.xml @@ -36,6 +36,10 @@ Try and figure out how to get both NTLM authentication, as well as retrieving the password, or the groups directly to use with "Basic" security model. </li> + <li> + Add a <a href="https://db.apache.org/jdo/jdo_v_jpa.html"; target="'blank">JDO and/or JPA</a> module (helper). + Provide migration help for the Torque module (Turbine security reference implementation). + </li> </ul> </p>
