Hi Kalpa, I'm getting this error while running tests with new kernel. Any idea why?
[2016-06-10 12:45:49,077] INFO - HTTPSender Unable to sendViaPost to url[ https://10.100.0.189:9943//services/AuthenticationAdmin] INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - javax.net.ssl.SSLException: hostname in certificate didn't match: <10.100.0.189> != </localhost> INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:260) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:169) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.authenticator.stub.AuthenticationAdminStub.login(AuthenticationAdminStub.java:659) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_login(APIStoreHostObject.java:638) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at java.lang.reflect.Method.invoke(Method.java:498) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.modules.user.c1._c_anonymous_1(/store/modules/user/login.jag:19) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.modules.user.c1.call(/store/modules/user/login.jag) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.modules.user.c0._c_anonymous_5(/store/modules/user/module.jag:21) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.modules.user.c0.call(/store/modules/user/module.jag) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0._c_anonymous_1(/store/site/blocks/user/login/ajax/login.jag:93) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.call(/store/site/blocks/user/login/ajax/login.jag) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0._c_script_0(/store/site/blocks/user/login/ajax/login.jag:4) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.call(/store/site/blocks/user/login/ajax/login.jag) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.call(/store/site/blocks/user/login/ajax/login.jag) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.rhino.store.site.blocks.user.login.ajax.c0.exec(/store/site/blocks/user/login/ajax/login.jag) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) INFO [org.wso2.carbon.automation.extensions.servers.utils.ServerLogReader] - at java.lang.Thread.run(Thread.java:745) Thanks, Bhathiya On Fri, Jun 10, 2016 at 11:43 AM, Viraj Senevirathne <[email protected]> wrote: > Hi Kalpa, > > We ran all the integration tests in product-esb with kernel 4.4.6 RC2 and > found no test failures. > > Regards, > > On Fri, Jun 10, 2016 at 9:38 AM, Rajith Roshan <[email protected]> wrote: > >> Hi all, >> >> We were able to build the G-Reg pack and able to run all the integration >> tests without failures. We will send PRs for jasper report orbit bundle and >> carbon commons, once the kernel 4.4.6 is released. >> >> Thanks! >> Rajith >> >> On Thu, Jun 9, 2016 at 6:40 PM, Viraj Senevirathne <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We were able to build the ESB pack after including velocity bundle to >>> the mediator feature. Now we are running integration tests with the pack. >>> Will update the thread with results. >>> >>> Regards, >>> >>> On Thu, Jun 9, 2016 at 10:39 AM, Rajith Roshan <[email protected]> wrote: >>> >>>> Hi all, >>>> >>>> Since jasper reports orbit bundle requires org.apache.velocity and >>>> org.apache.poi.* packages, we need to upgrade the import package versions >>>> for those packages in jasper orbit bundle. Subsequently carbon-commons >>>> release would be required with updated jasper orbit bundle version. We >>>> will send the PRs with the relevant changes. >>>> Currently we are running integration tests for product-greg. >>>> >>>> Thanks! >>>> Rajith >>>> >>>> On Wed, Jun 8, 2016 at 12:20 PM, Kalpa Welivitigoda <[email protected]> >>>> wrote: >>>> >>>>> [+Ayoma, Dulanja] >>>>> >>>>> >>>>> On Wed, Jun 8, 2016 at 12:17 PM, Anupama Pathirage <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Kalpa, >>>>>> >>>>>> Thanks for the update. Please update us with the solution for CSRF >>>>>> security issue. We get the same issue for the DSS try it as well. >>>>>> >>>>>> [2016-06-08 11:55:28,396] WARN {org.owasp.csrfguard.log.JavaLogger} >>>>>> - potential cross-site request forgery (CSRF) attack thwarted >>>>>> (user:<anonymous>, ip:10.100.7.118, method:POST, >>>>>> uri:/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp, error:required >>>>>> token is missing from the request) >>>>>> >>>>>> Private proxy protocol will be attempted as cross-domain browser >>>>>> restrictions might be enforced for this endpoint. >>>>>> >>>>>> <TryitClient xmlns="http://tryit.carbon.wso2.org";> >>>>>> <Reason>Error connecting to the Tryit ajax proxy</Reason> >>>>>> </TryitClient> >>>>>> >>>>>> Regards, >>>>>> >>>>>> On Wed, Jun 8, 2016 at 8:45 AM, Kasun Bandara <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> We have done the fix for L1 reported in [1] yesterday. >>>>>>> >>>>>>> Thanks, >>>>>>> Kasun. >>>>>>> >>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4656 >>>>>>> >>>>>>> On Wed, Jun 8, 2016 at 7:00 AM, Kalpa Welivitigoda <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Anupama, >>>>>>>> >>>>>>>> On Tue, Jun 7, 2016 at 8:45 PM, Anupama Pathirage <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi Kalpa, >>>>>>>>> >>>>>>>>> Checked the suggested approaches and those two issues were >>>>>>>>> resolved after applying both changes. We will further test the >>>>>>>>> service with >>>>>>>>> the Carbon RC2. >>>>>>>>> >>>>>>>>> On Tue, Jun 7, 2016 at 6:15 PM, Kalpa Welivitigoda < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Anupama, >>>>>>>>>> >>>>>>>>>> On Tue, Jun 7, 2016 at 5:50 PM, Anupama Pathirage < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> We got the following issues when testing WSO2 DSS with the >>>>>>>>>>> Kernel RC2 Release. >>>>>>>>>>> >>>>>>>>>>> *1) *Any action on management console gives the following >>>>>>>>>>> error. It seems to be related with the tomcat upgrade and >>>>>>>>>>> appreciate your >>>>>>>>>>> input on this. >>>>>>>>>>> >>>>>>>>>>> [2016-06-07 17:21:16,905] ERROR >>>>>>>>>>> {org.apache.coyote.AbstractProtocol$AbstractConnectionHandler} - >>>>>>>>>>> Error >>>>>>>>>>> reading request, ignored >>>>>>>>>>> java.lang.NoSuchMethodError: >>>>>>>>>>> org.apache.coyote.Request.getBytesRead()I >>>>>>>>>>> at >>>>>>>>>>> org.apache.coyote.RequestInfo.updateCounters(RequestInfo.java:143) >>>>>>>>>>> at org.apache.coyote.Request.updateCounters(Request.java:533) >>>>>>>>>>> at >>>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1140) >>>>>>>>>>> at >>>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>>>>>>>>> at >>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>>>>>>>>>> at >>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>>>>>>>>>> at >>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>>>>>>>> at >>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>>>>>>>> at >>>>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>>>>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Yes, it is due to the tomcat upgrade in kernel, relevant fixes >>>>>>>>>> for carbon-deployment are already there in 4.6.2-SNAPSHOT. We have >>>>>>>>>> to do a >>>>>>>>>> deployment release once we release 4.4.6-SNAPSHOT. For the moment, >>>>>>>>>> for >>>>>>>>>> testing purpose, is it possible you try with 4.6.2-SNAPSHOT? >>>>>>>>>> >>>>>>>>> >>>>>>>>> Could you please do the needful to release the carbon-deployment >>>>>>>>> 4.6.2 as DSS 3.5.1 release will be on hold until it is done. >>>>>>>>> >>>>>>>> >>>>>>>> Yes, we will be doing component released once we are done with >>>>>>>> kernel 4.4.6. >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *2) *DBS file uploads gives the following error which returns >>>>>>>>>>> Error 403 - Forbidden >>>>>>>>>>> >>>>>>>>>>> [2016-06-07 17:21:16,904] WARN >>>>>>>>>>> {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request >>>>>>>>>>> forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.100.7.118, >>>>>>>>>>> method:POST, >>>>>>>>>>> uri:/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp, >>>>>>>>>>> error:required token is missing from the request) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> For this would you please try with adding the following line to >>>>>>>>>> repository/conf/security/Owasp.CsrfGuard.Carbon.properties, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> org.owasp.csrfguard.unprotected.FileUpload=%servletContext%/fileupload/* >>>>>>>>>> >>>>>>>>> >>>>>>>>> Is excluding these patterns from CSRF protection recommended ? >>>>>>>>> >>>>>>>>> >>>>>>>> That we need to discuss with security experts and decide, I just >>>>>>>> wanted to verify that this is an option to solve the issue. >>>>>>>> >>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Anupama >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> >>>>>>>>>>> On Tue, Jun 7, 2016 at 4:46 PM, KasunG Gajasinghe < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Others, please continue to testing the pack and report all the >>>>>>>>>>>> issues so we can check and fix. >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Jun 7, 2016 at 2:31 PM, Kasun Bandara <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Niranjan, >>>>>>>>>>>>> >>>>>>>>>>>>> Created [1] to track the equivalent Carbon JIRA. >>>>>>>>>>>>> >>>>>>>>>>>>> [1] https://wso2.org/jira/browse/CARBON-15938 >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Kasun. >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Jun 7, 2016 at 2:23 PM, Niranjan Karunanandham < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi KasunB, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Please create an equivalent JIRA in Kernel in-order to track >>>>>>>>>>>>>> this. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>> Nira >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 2:11 PM, Kasun Bandara < >>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> We are having L1 reported in [1] and will be a blocker for >>>>>>>>>>>>>>> IS. Please hold off the vote proceedings until we find out the >>>>>>>>>>>>>>> root cause >>>>>>>>>>>>>>> of the issue. Most probably this issue must be originated from >>>>>>>>>>>>>>> user core. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>> Kasun. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4656 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 11:45 AM, KasunG Gajasinghe < >>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Viraj, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 10:12 AM, Viraj Senevirathne < >>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Kalpa, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I tried to build product-esb with kernel RC2 but it failed >>>>>>>>>>>>>>>>> as package org.apache.velocity 0.0.0 dependency could not be >>>>>>>>>>>>>>>>> found. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> *Installation failed.* >>>>>>>>>>>>>>>>> *Cannot complete the install because one or more required >>>>>>>>>>>>>>>>> items could not be found.* >>>>>>>>>>>>>>>>> * Software being installed: WSO2 Carbon - Mediators >>>>>>>>>>>>>>>>> Feature 4.6.1.SNAPSHOT >>>>>>>>>>>>>>>>> (org.wso2.carbon.mediators.feature.group >>>>>>>>>>>>>>>>> 4.6.1.SNAPSHOT)* >>>>>>>>>>>>>>>>> * Missing requirement: bsf-all 3.0.0.wso2v5 (bsf-all >>>>>>>>>>>>>>>>> 3.0.0.wso2v5) requires 'package org.apache.velocity 0.0.0' >>>>>>>>>>>>>>>>> but it could not >>>>>>>>>>>>>>>>> be found* >>>>>>>>>>>>>>>>> * Cannot satisfy dependency:* >>>>>>>>>>>>>>>>> * From: WSO2 Carbon - Mediators Feature 4.6.1.SNAPSHOT >>>>>>>>>>>>>>>>> (org.wso2.carbon.mediators.feature.group 4.6.1.SNAPSHOT)* >>>>>>>>>>>>>>>>> * To: org.wso2.carbon.mediators.server.feature.group >>>>>>>>>>>>>>>>> [4.6.1.SNAPSHOT]* >>>>>>>>>>>>>>>>> * Cannot satisfy dependency:* >>>>>>>>>>>>>>>>> * From: WSO2 Carbon - All Mediators Server Feature >>>>>>>>>>>>>>>>> 4.6.1.SNAPSHOT (org.wso2.carbon.mediators.server.feature.group >>>>>>>>>>>>>>>>> 4.6.1.SNAPSHOT)* >>>>>>>>>>>>>>>>> * To: bsf-all [3.0.0.wso2v5,3.1.0)* >>>>>>>>>>>>>>>>> *Application failed, log file location: >>>>>>>>>>>>>>>>> /home/virajrs/.m2/repository/org/eclipse/tycho/tycho-p2-runtime/0.13.0/eclipse/configuration/1465274241567.log* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> How can we overcome this? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> To fix security vulnerabilities, we have upgraded the >>>>>>>>>>>>>>>> opensaml orbit bundle to the latest. In that process, IS folks >>>>>>>>>>>>>>>> have fixed >>>>>>>>>>>>>>>> issues in the old opensaml orbit to conform to the new orbit >>>>>>>>>>>>>>>> guidelines. In >>>>>>>>>>>>>>>> that process, the org.apache.velocity packages were removed >>>>>>>>>>>>>>>> from opensaml. >>>>>>>>>>>>>>>> If you need opensaml, then you should include this feature [1]. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> You shouldn't be using velocity packages directly that is >>>>>>>>>>>>>>>> coming from opensaml. If you only need velocity, then your >>>>>>>>>>>>>>>> feature need to >>>>>>>>>>>>>>>> include velocity orbit. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [1] >>>>>>>>>>>>>>>> https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/master/features/org.wso2.carbon.identity.sso.saml.server.feature/pom.xml >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thank You, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Tue, Jun 7, 2016 at 8:32 AM, Kalpa Welivitigoda < >>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Devs, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> This is the 2nd release candidate of WSO2 Carbon Kernel >>>>>>>>>>>>>>>>>> 4.4.6. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> This release fixes the following issues: >>>>>>>>>>>>>>>>>> https://wso2.org/jira/issues/?filter=13090 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Please download and test your products with kernel 4.4.6 >>>>>>>>>>>>>>>>>> RC1 and vote. Vote will be open for 72 hours or as longer as >>>>>>>>>>>>>>>>>> needed. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Source and binary distribution files: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> http://svn.wso2.org/repos/wso2/people/kalpaw/wso2carbon-4.4.6/wso2carbon-4.4.6-rc2.zip >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Maven staging repository: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-1023/ >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The tag to be voted upon: >>>>>>>>>>>>>>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.6-rc2 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [ ] Broken - do not release (explain why) >>>>>>>>>>>>>>>>>> [ ] Stable - go ahead and release >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thank you >>>>>>>>>>>>>>>>>> Carbon Team >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Kalpa Welivitigoda >>>>>>>>>>>>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>>>>>>>>>>>> Email: [email protected] >>>>>>>>>>>>>>>>>> Mobile: +94776509215 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> Viraj Senevirathne >>>>>>>>>>>>>>>>> Software Engineer; WSO2, Inc. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Mobile : +94 71 958 0269 >>>>>>>>>>>>>>>>> Email : [email protected] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >>>>>>>>>>>>>>>> email: kasung AT spamfree wso2.com >>>>>>>>>>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>>>>>>>>>>> blog: http://kasunbg.org >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Kasun Bandara >>>>>>>>>>>>>>> *Software Engineer* >>>>>>>>>>>>>>> Mobile : +94 (0) 718 338 360 >>>>>>>>>>>>>>> <%2B94%20%280%29%20773%20451194> >>>>>>>>>>>>>>> [email protected] <[email protected]> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> *Niranjan Karunanandham* >>>>>>>>>>>>>> Associate Technical Lead - WSO2 Inc. >>>>>>>>>>>>>> WSO2 Inc.: http://www.wso2.com >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Kasun Bandara >>>>>>>>>>>>> *Software Engineer* >>>>>>>>>>>>> Mobile : +94 (0) 718 338 360 >>>>>>>>>>>>> <%2B94%20%280%29%20773%20451194> >>>>>>>>>>>>> [email protected] <[email protected]> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. >>>>>>>>>>>> email: kasung AT spamfree wso2.com >>>>>>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>>>>>>> blog: http://kasunbg.org >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Anupama Pathirage >>>>>>>>>>> Associate Technical Lead >>>>>>>>>>> WSO2, Inc. http://wso2.com/ >>>>>>>>>>> Email: [email protected] >>>>>>>>>>> Mobile:+94 71 8273 979 >>>>>>>>>>> Blog:http://mycodeideas.blogspot.com/ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Best Regards, >>>>>>>>>> >>>>>>>>>> Kalpa Welivitigoda >>>>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>>>> Email: [email protected] >>>>>>>>>> Mobile: +94776509215 >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Anupama Pathirage >>>>>>>>> Associate Technical Lead >>>>>>>>> WSO2, Inc. http://wso2.com/ >>>>>>>>> Email: [email protected] >>>>>>>>> Mobile:+94 71 8273 979 >>>>>>>>> Blog:http://mycodeideas.blogspot.com/ >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Best Regards, >>>>>>>> >>>>>>>> Kalpa Welivitigoda >>>>>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>>>>> Email: [email protected] >>>>>>>> Mobile: +94776509215 >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Kasun Bandara >>>>>>> *Software Engineer* >>>>>>> Mobile : +94 (0) 718 338 360 >>>>>>> <%2B94%20%280%29%20773%20451194> >>>>>>> [email protected] <[email protected]> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Anupama Pathirage >>>>>> Associate Technical Lead >>>>>> WSO2, Inc. http://wso2.com/ >>>>>> Email: [email protected] >>>>>> Mobile:+94 71 8273 979 >>>>>> Blog:http://mycodeideas.blogspot.com/ >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Best Regards, >>>>> >>>>> Kalpa Welivitigoda >>>>> Software Engineer, WSO2 Inc. http://wso2.com >>>>> Email: [email protected] >>>>> Mobile: +94776509215 >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Rajith Roshan >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94-72-642-8350 <%2B94-71-554-8430> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Viraj Senevirathne >>> Software Engineer; WSO2, Inc. >>> >>> Mobile : +94 71 958 0269 >>> Email : [email protected] >>> >> >> >> >> -- >> Rajith Roshan >> Software Engineer, WSO2 Inc. >> Mobile: +94-72-642-8350 <%2B94-71-554-8430> >> > > > > -- > Viraj Senevirathne > Software Engineer; WSO2, Inc. > > Mobile : +94 71 958 0269 > Email : [email protected] > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
