Pull request for the commons-beanutils jar fix here:
https://github.com/geotools/geotools/pull/1346

Torben

On Tue, Oct 11, 2016 at 10:15 AM, Torben Barsballe <
tbarsba...@boundlessgeo.com> wrote:

> I notice that commons-beanutils-1.7.0.jar is present. This JAR was removed
> from GeoServer and replaced with the customised
> commons-beanutils-1.9.2-noclassprop.jar because it enabled a remote code
> execution vulnerability.
>
> This issue was noticed during the 16-M0 and 16-beta releases and has not
> been fixed since.
>
> We should fix the beanutils jar before the 16.0 release.
>
> I do notice that the gt-complex-tests jar was removed succesfully :)
>
> Torben
>
> On Sun, Oct 9, 2016 at 3:50 PM, Jody Garnett <jody.garn...@gmail.com>
> wrote:
>
>> Thanks Ben, I also built locally and proceed with the next step. The
>> artifacts are deployed to maven awaiting release of GWC.
>> Starting in on the 15.2 train presently.
>>
>> --
>> Jody Garnett
>>
>> On 9 October 2016 at 15:14, Ben Caradoc-Davies <b...@transient.nz> wrote:
>>
>>> Jody,
>>>
>>> the artifacts look good to me: docs all present, zip sizes OK, binaries
>>> look good (no SNAPSHOTS), full build from source with empty repo succeeded
>>> on the second attempt (-T1C -Dall -Ponline clean install). Online postgis
>>> JDBC fixture is configured.
>>>
>>> I saw one JVM crash in gt-ogr-bridj on the first build but the second
>>> attempt succeeded. JVM crash log attached for the record. I have not had
>>> any recent crashes in gt-ogr-bridj on master but have seen several in the
>>> past. I do not think this incident blocks release.
>>>
>>> Built with OpenJDK 8 amd64 on Debian unstable with libgdal20
>>> 2.1.1+dfsg-4+b2 amd64.
>>>
>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>>> 2015-11-11T05:41:47+13:00)
>>> Maven home: /home/ben/java/maven
>>> Java version: 1.8.0_102, vendor: Oracle Corporation
>>> Java home: /usr/lib/jvm/java-8-openjdk-amd64/jre
>>> Default locale: en_GB, platform encoding: UTF-8
>>> OS name: "linux", version: "4.7.0-1-amd64", arch: "amd64", family: "unix"
>>>
>>> [ERROR] Failed to execute goal 
>>> org.apache.maven.plugins:maven-surefire-plugin:2.15:test
>>> (default-test) on project gt-ogr-bridj: Execution default-test of goal
>>> org.apache.maven.plugins:maven-surefire-plugin:2.15:test failed: The
>>> forked VM terminated without saying properly goodbye. VM crash or
>>> System.exit called ?
>>> [ERROR] Command was/bin/sh -c cd /home/ben/tmp/geotools/project
>>> /geotools-16-RC1/modules/plugin/ogr/ogr-bridj &&
>>> /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Xmx256M
>>> -Djava.awt.headless=true -Djava.io.tmpdir=/tmp
>>> '-Djava.library.path=${env.GT_GDAL}' -jar /home/ben/tmp/geotools/project
>>> /geotools-16-RC1/modules/plugin/ogr/ogr-bridj/target/surefir
>>> e/surefirebooter5831366347797049990.jar /home/ben/tmp/geotools/project
>>> /geotools-16-RC1/modules/plugin/ogr/ogr-bridj/target/surefire/surefire39293145768753924tmp
>>> /home/ben/tmp/geotools/project/geotools-16-RC1/modules/plugi
>>> n/ogr/ogr-bridj/target/surefire/surefire_385366495427552157714tmp
>>> [ERROR] -> [Help 1]
>>> [ERROR]
>>> [ERROR] To see the full stack trace of the errors, re-run Maven with the
>>> -e switch.
>>> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
>>> [ERROR]
>>> [ERROR] For more information about the errors and possible solutions,
>>> please read the following articles:
>>> [ERROR] [Help 1] http://cwiki.apache.org/conflu
>>> ence/display/MAVEN/PluginExecutionException
>>> [ERROR]
>>> [ERROR] After correcting the problems, you can resume the build with the
>>> command
>>> [ERROR]   mvn <goals> -rf :gt-ogr-bridj
>>>
>>> Kind regards,
>>> Ben.
>>>
>>> On 10/10/16 09:46, Jody Garnett wrote:
>>>
>>>> Artifacts available for testing:
>>>> http://ares.boundlessgeo.com/geotools/release/16-RC1/
>>>>
>>>> Release notes:
>>>> https://osgeo-org.atlassian.net/secure/ReleaseNote.jspa?proj
>>>> ectId=10001&version=14201
>>>>
>>>>
>>>> --
>>>> Jody Garnett
>>>>
>>>> On 9 October 2016 at 12:41, Jody Garnett <jody.garn...@gmail.com>
>>>> wrote:
>>>>
>>>> Okay cite eventually settled down, here are the final revisions...
>>>>>
>>>>> version = 2.10-SNAPSHOT
>>>>> git revision = *2b0fa540c1b7e160e90ceb480d05c0bc48ba8b70*
>>>>> git branch = origin/master
>>>>> build date = 09-Oct-2016 08:01
>>>>> geotools version = 16-SNAPSHOT
>>>>> geotools revision = *333fdc4f0c153b087849e638fb2abef71485b605*
>>>>> geowebcache version = 1.10-SNAPSHOT
>>>>> geowebcache revision = *43cc5c049af2bb815e8b51a619f1a
>>>>> a1b99640f6b/43cc5*
>>>>>
>>>>> --
>>>>> Jody Garnett
>>>>>
>>>>> On 7 October 2016 at 16:39, Jody Garnett <jody.garn...@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Waiting on ares to finish cite tests, revisions are:
>>>>>>
>>>>>>    - GeoTools: 39b274634fd86abcd2f17633b4b8f6d8df557398
>>>>>>    - GWC: 43cc5c049af2bb815e8b51a619f1aa1b99640f6b
>>>>>>    - GeoServer: 2b0fa540c1b7e160e90ceb480d05c0bc48ba8b70
>>>>>>
>>>>>> There is a draft geotools blog post for review, will need a hand
>>>>>> release
>>>>>> GWC.
>>>>>> --
>>>>>> Jody Garnett
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> GeoTools-Devel mailing list
>>>> GeoTools-Devel@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/geotools-devel
>>>>
>>>>
>>> --
>>> Ben Caradoc-Davies <b...@transient.nz>
>>> Director
>>> Transient Software Limited <http://transient.nz/>
>>> New Zealand
>>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> GeoTools-Devel mailing list
>> GeoTools-Devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geotools-devel
>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel

Reply via email to