The problem occurs at assembly time. gt-app-schema correctly declares 
its dependency on commons-digester, and gs-app-schema-test runs fine, 
but the assembly mechanism requires explicit naming of the jars to be 
included in the plugin. All I have to do is add it to 
src/release/ext-app-schema.xml and update the readme. Victor has just 
confirmed that app-schema works once this plugin is added (deployment 
based on 2.7-SNAPSHOT).

We have seen similar assembly problems with web-cas, so this is not new. 
The awful truth is that nobody tested RC1 with app-schema.

Super catch from Victor (who also provided the working demo of the WMS 
XSS vulnerability). He has been saving my neck this week.  :-)

On 03/09/14 13:20, Jody Garnett wrote:
> Good catch - but why was this not picked up by maven dependency
> analysis? Is app-schema depending on commons-digester and not
> advertising that fact?
>
> Jody Garnett

-- 
Ben Caradoc-Davies <[email protected]>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to