I have pushed a fix onto 2.6.x and master. Release is no longer blocked by this problem.
Kind regards, Ben. On 03/09/14 13:34, Ben Caradoc-Davies wrote: > The problem occurs at assembly time. gt-app-schema correctly declares > its dependency on commons-digester, and gs-app-schema-test runs fine, > but the assembly mechanism requires explicit naming of the jars to be > included in the plugin. All I have to do is add it to > src/release/ext-app-schema.xml and update the readme. Victor has just > confirmed that app-schema works once this plugin is added (deployment > based on 2.7-SNAPSHOT). > > We have seen similar assembly problems with web-cas, so this is not new. > The awful truth is that nobody tested RC1 with app-schema. > > Super catch from Victor (who also provided the working demo of the WMS > XSS vulnerability). He has been saving my neck this week. :-) > > On 03/09/14 13:20, Jody Garnett wrote: >> Good catch - but why was this not picked up by maven dependency >> analysis? Is app-schema depending on commons-digester and not >> advertising that fact? >> >> Jody Garnett > -- Ben Caradoc-Davies <[email protected]> Software Engineer CSIRO Mineral Resources Flagship Australian Resources Research Centre ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
