Hello Trevor See https://ops4j1.jira.com/wiki/spaces/paxweb/blog/ - in August I've released both 4.4.1 and 4.3.4. If you like please create PAXWEB jira issue or just let me know about required Jetty update and I can release 4.3.5 or 4.4.2 if you like (even 4.2.x)
regards Grzegorz Grzybek 2017-09-16 7:26 GMT+02:00 'Achim Nierbeck' via OPS4J <ops4j@googlegroups.com >: > Hi Trevor, > > you still could try out with the 4.3 line. > It might already contain what you need. > Regarding Jira and PR, yes, please a Jira with a PR that contains the jira > number. This way we always can > make sure which commit belongs to which version. > > One thing though, as 6 is the actually last released version, what made it > hard for you to upgrade? > Cause even though it's a major version, we look carefully not to break to > much stuff. > > > regards, Achim > > > 2017-09-16 2:16 GMT+02:00 Niclas Hedhman <nic...@hedhman.org>: > >> >> I suggest that you submit the PR. That is the easy part. Question is if >> there is someone willing to do the release. If you are, then great... if >> not, you would need to convince (charm, beer, bribe, threat...) someone to >> do it. >> >> Cheers >> Niclas >> >> On Sat, Sep 16, 2017 at 5:04 AM, Trevor Brown < >> tbr...@securityfirstcorp.com> wrote: >> >>> Hi all, >>> >>> My company is using Pax Web 4.2.7 right now. Unfortunately the version >>> of Jetty in that release (and actually all Pax Web releases, it seems) is >>> vulnerable to a timing channel attack (see https://github.com/eclips >>> e/jetty.project/issues/1556 for details). >>> >>> I started looking at options, and right now it looks like the only >>> upgrade path I have that won't require a lot of effort on my part (I >>> experimented and failed using any of the 6.x releases) is to upgrade within >>> the 4.x releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22 >>> and all the unit tests passed. >>> >>> So I'm wondering whether I should open a JIRA and submit a pull request >>> for the upgrade in the 4.4.x stream, or whether I should just consider this >>> a one-off fork for now and maybe work to pick up the Jetty 9.4.x work in >>> the 6.0.x stream? >>> >>> Thanks in advance. >>> >>> -- >>> -- >>> ------------------ >>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "OPS4J" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ops4j+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Niclas Hedhman, Software Developer >> http://polygene.apache.org - New Energy for Java >> >> -- >> -- >> ------------------ >> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OPS4J" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ops4j+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > > Apache Member > Apache Karaf <http://karaf.apache.org/> Committer & PMC > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & > Project Lead > blog <http://notizblog.nierbeck.de/> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> > > Software Architect / Project Manager / Scrum Master > > -- > -- > ------------------ > OPS4J - http://www.ops4j.org - ops4j@googlegroups.com > > --- > You received this message because you are subscribed to the Google Groups > "OPS4J" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ops4j+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- ------------------ OPS4J - http://www.ops4j.org - ops4j@googlegroups.com --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.