Jenkins build is back to normal : TomEE » tomee-9.x-owasp-check #9

[Apache Jenkins Server]

See 

Jenkins build is back to stable : TomEE » tomee-9.x-build-quick #9

[Apache Jenkins Server]

See 

Jenkins build is back to stable : TomEE » tomee-9.x-build-quick » TomEE :: Container :: Core #9

[Apache Jenkins Server]

See 

Jenkins build became unstable: TomEE » master-build-quick #508

[Apache Jenkins Server]

See 

Jenkins build became unstable: TomEE » master-build-quick » TomEE :: Container :: Core #508

[Apache Jenkins Server]

See 

Jenkins build became unstable: TomEE » master-build-full #922

[Apache Jenkins Server]

See 

Jenkins build became unstable: TomEE » master-build-full » TomEE :: Container :: Core #922

[Apache Jenkins Server]

See 

Jenkins build became unstable: TomEE » master-build-full » TomEE :: TCK :: MicroProfile Metrics TCK #922

[Apache Jenkins Server]

See 

[jira] [Resolved] (TOMEE-4187) Commons FileUpload 1.5

[Richard Zowalla (Jira)]

 [ 
https://issues.apache.org/jira/browse/TOMEE-4187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Richard Zowalla resolved TOMEE-4187.

Resolution: Fixed

> Commons FileUpload 1.5
> --
>
> Key: TOMEE-4187
> URL: https://issues.apache.org/jira/browse/TOMEE-4187
> Project: TomEE
>  Issue Type: Dependency upgrade
>Affects Versions: 9.0.0, 8.0.14
>Reporter: Richard Zowalla
>Assignee: Richard Zowalla
>Priority: Major
>  Labels: CVE
> Fix For: 10.0.0, 9.0.1, 8.0.15
>
>
> Versions Affected:
> Apache Commons FileUpload 1.0-beta-1 to 1.4
> Description:
> Apache Commons FileUpload before 1.5 does not limit the number of 
> request parts to be processed resulting in the possibility of an 
> attacker triggering a DoS with a malicious upload or series of uploads.
> Mitigation:
> Users of the affected versions should apply one of the following
> mitigations:
> - Upgrade to Apache Commons FileUpload 1.5 or later
> Credit:
> This issue was identified by Jakob Ackermann and reported responsibly to 
> the Apache Commons Security Team.
> History:
> 2023-02-20 Original advisory



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[tomee] branch main updated: TOMEE-4187 - Commons FileUpload 1.5

[rzo1]

This is an automated email from the ASF dual-hosted git repository.

rzo1 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee.git


The following commit(s) were added to refs/heads/main by this push:
 new d4f77a63f6 TOMEE-4187 - Commons FileUpload 1.5
d4f77a63f6 is described below

commit d4f77a63f671932b528e11fc35db475b8036bf1a
Author: Richard Zowalla <13417392+r...@users.noreply.github.com>
AuthorDate: Mon Feb 20 18:39:00 2023 +0100

TOMEE-4187 - Commons FileUpload 1.5
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 05054b74c4..2f1ce3c70f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -161,7 +161,7 @@
 3.2.2
 2.9.0
 0.5
-1.4
+1.5
 2.11.0
 2.1
 3.12.0

[tomee] branch tomee-9.x updated: TOMEE-4187 - Commons FileUpload 1.5

[rzo1]

This is an automated email from the ASF dual-hosted git repository.

rzo1 pushed a commit to branch tomee-9.x
in repository https://gitbox.apache.org/repos/asf/tomee.git


The following commit(s) were added to refs/heads/tomee-9.x by this push:
 new 0f93ec3bd6 TOMEE-4187 - Commons FileUpload 1.5
0f93ec3bd6 is described below

commit 0f93ec3bd6426ddada53bd96e5cfb61be2451fe3
Author: Richard Zowalla <13417392+r...@users.noreply.github.com>
AuthorDate: Mon Feb 20 18:38:32 2023 +0100

TOMEE-4187 - Commons FileUpload 1.5
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0570016e49..12685ae412 100644
--- a/pom.xml
+++ b/pom.xml
@@ -161,7 +161,7 @@
 3.2.2
 2.9.0
 0.5
-1.4
+1.5
 2.11.0
 2.1
 3.12.0

[tomee] branch tomee-8.x updated: TOMEE-4187 - Commons FileUpload 1.5

[rzo1]

This is an automated email from the ASF dual-hosted git repository.

rzo1 pushed a commit to branch tomee-8.x
in repository https://gitbox.apache.org/repos/asf/tomee.git


The following commit(s) were added to refs/heads/tomee-8.x by this push:
 new 44cb3733ac TOMEE-4187 - Commons FileUpload 1.5
44cb3733ac is described below

commit 44cb3733ac882da8329bf82aa56f2c1c7e90bd7e
Author: Richard Zowalla <13417392+r...@users.noreply.github.com>
AuthorDate: Mon Feb 20 18:36:39 2023 +0100

TOMEE-4187 - Commons FileUpload 1.5
---
 pom.xml | 2 +-
 server/openejb-http/pom.xml | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index e07ba12686..365dace470 100644
--- a/pom.xml
+++ b/pom.xml
@@ -148,7 +148,7 @@
 3.2.2
 2.9.0
 0.5
-1.4
+1.5
 2.11.0
 2.1
 3.12.0
diff --git a/server/openejb-http/pom.xml b/server/openejb-http/pom.xml
index 399479ab55..517892f73d 100644
--- a/server/openejb-http/pom.xml
+++ b/server/openejb-http/pom.xml
@@ -143,7 +143,6 @@
 
   commons-fileupload
   commons-fileupload
-  1.3.3
   true
 
   

[jira] [Created] (TOMEE-4187) Commons FileUpload 1.5

[Richard Zowalla (Jira)]

Richard Zowalla created TOMEE-4187:
--

 Summary: Commons FileUpload 1.5
 Key: TOMEE-4187
 URL: https://issues.apache.org/jira/browse/TOMEE-4187
 Project: TomEE
  Issue Type: Dependency upgrade
Affects Versions: 8.0.14, 9.0.0
Reporter: Richard Zowalla
Assignee: Richard Zowalla
 Fix For: 10.0.0, 9.0.1, 8.0.15



Versions Affected:
Apache Commons FileUpload 1.0-beta-1 to 1.4

Description:
Apache Commons FileUpload before 1.5 does not limit the number of 
request parts to be processed resulting in the possibility of an 
attacker triggering a DoS with a malicious upload or series of uploads.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Commons FileUpload 1.5 or later

Credit:
This issue was identified by Jakob Ackermann and reported responsibly to 
the Apache Commons Security Team.

History:
2023-02-20 Original advisory



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TOMEE-4186) Update download page for discontinued branches

[Cesar Hernandez (Jira)]

 [ 
https://issues.apache.org/jira/browse/TOMEE-4186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Cesar Hernandez updated TOMEE-4186:
---
Fix Version/s: 9.0.1

> Update download page for discontinued branches
> --
>
> Key: TOMEE-4186
> URL: https://issues.apache.org/jira/browse/TOMEE-4186
> Project: TomEE
>  Issue Type: Documentation
>Reporter: Cesar Hernandez
>Assignee: Cesar Hernandez
>Priority: Major
> Fix For: 9.0.1
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (TOMEE-4186) Update download page for discontinued branches

[Cesar Hernandez (Jira)]

 [ 
https://issues.apache.org/jira/browse/TOMEE-4186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Cesar Hernandez resolved TOMEE-4186.

Resolution: Done

> Update download page for discontinued branches
> --
>
> Key: TOMEE-4186
> URL: https://issues.apache.org/jira/browse/TOMEE-4186
> Project: TomEE
>  Issue Type: Documentation
>Reporter: Cesar Hernandez
>Assignee: Cesar Hernandez
>Priority: Major
> Fix For: 9.0.1
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (TOMEE-4186) Update download page for discontinued branches

[Cesar Hernandez (Jira)]

 [ 
https://issues.apache.org/jira/browse/TOMEE-4186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Cesar Hernandez reassigned TOMEE-4186:
--

Assignee: Cesar Hernandez

> Update download page for discontinued branches
> --
>
> Key: TOMEE-4186
> URL: https://issues.apache.org/jira/browse/TOMEE-4186
> Project: TomEE
>  Issue Type: Documentation
>Reporter: Cesar Hernandez
>Assignee: Cesar Hernandez
>Priority: Major
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Jenkins build is still unstable: TomEE » pr-1005 #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: JSON-B Signature Tests #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: Arquillian Adaptors Parent :: Tests :: Web Profile #14

[Apache Jenkins Server]

See 

Jenkins build became unstable: TomEE » pr-1005 » TomEE :: Container :: Core #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: Examples :: Webservice Attachments #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: JSON-B Standalone #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: CDI Embedded #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: CDI TomEE #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: Arquillian Adaptors Parent :: Tests :: JMS #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: JSON-P Standalone #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: MicroProfile JWT TCK #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: Examples :: MP REST JWT PRINCIPAL #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: Concurrency Standalone #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: MicroProfile Open API TCK #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: Arquillian Adaptors Parent :: Tests :: JAXWS #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: TCK :: JSON-P Signature Tests #14

[Apache Jenkins Server]

See 

Jenkins build is still unstable: TomEE » pr-1005 » TomEE :: Examples :: Microprofile Metrics Histogram #14

[Apache Jenkins Server]

See