I have pushed a fix onto 2.6.x and master. Release is no longer blocked 
by this problem.

Kind regards,
Ben.

On 03/09/14 13:34, Ben Caradoc-Davies wrote:
> The problem occurs at assembly time. gt-app-schema correctly declares
> its dependency on commons-digester, and gs-app-schema-test runs fine,
> but the assembly mechanism requires explicit naming of the jars to be
> included in the plugin. All I have to do is add it to
> src/release/ext-app-schema.xml and update the readme. Victor has just
> confirmed that app-schema works once this plugin is added (deployment
> based on 2.7-SNAPSHOT).
>
> We have seen similar assembly problems with web-cas, so this is not new.
> The awful truth is that nobody tested RC1 with app-schema.
>
> Super catch from Victor (who also provided the working demo of the WMS
> XSS vulnerability). He has been saving my neck this week.  :-)
>
> On 03/09/14 13:20, Jody Garnett wrote:
>> Good catch - but why was this not picked up by maven dependency
>> analysis? Is app-schema depending on commons-digester and not
>> advertising that fact?
>>
>> Jody Garnett
>

-- 
Ben Caradoc-Davies <[email protected]>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to