[GitHub] [geronimo-javamail] fpapon merged pull request #4: Migrate from svn to gitbox

2021-07-28 Thread GitBox 


fpapon merged pull request #4:
URL: https://github.com/apache/geronimo-javamail/pull/4


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@geronimo.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [geronimo-javamail] fpapon opened a new pull request #4: Migrate from svn to gitbox

2021-07-28 Thread GitBox 


fpapon opened a new pull request #4:
URL: https://github.com/apache/geronimo-javamail/pull/4


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@geronimo.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

2021-07-28 Thread Romain Manni-Bucau (Jira) 


[ 
https://issues.apache.org/jira/browse/GERONIMO-6814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17388667#comment-17388667
 ] 

Romain Manni-Bucau commented on GERONIMO-6814:
--

Implementations can have cve - but here you will need to show how since last 
releases dont have the linked cve. Specs jars have almost no impl generally.

> Improve Geronimo specs to mitigate CVE-2011-5034
> 
>
> Key: GERONIMO-6814
> URL: https://issues.apache.org/jira/browse/GERONIMO-6814
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: geronimo-maven-plugin
>Affects Versions: 1.1.1
>Reporter: Karthick
>Priority: Major
>
> Hi,
>  
> By default Apache Karaf 4.3.2 ([Maven Repository: org.apache.karaf » 
> apache-karaf » 4.3.2 
> (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.karaf/apache-karaf/4.3.2]
>  packs jms_geronimo_1.1_spec 1.1.1 version which when scanned through 
> security tools like Jfrog XRay and Anchore reports CVE-2011-5034 ([NVD - 
> CVE-2011-5034 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2011-5034] )
> However, there seems to be no later version of geronimo where this CVE is 
> fixed.It has been 10 years since this CVE is created and no fix seen yet. Do 
> you have analysis on whether this CVE really affects geronimo specs or any 
> plan to provide next version?
> There 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034

2021-07-28 Thread Karthick (Jira) 


[ 
https://issues.apache.org/jira/browse/GERONIMO-6814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17388651#comment-17388651
 ] 

Karthick commented on GERONIMO-6814:


I can see that these geronimo jms and jta specs expose javax transaction and  
javax jms APIs. So, do you mean that this CVEs on hash collision doesn't affect 
these Java APIs?

> Improve Geronimo specs to mitigate CVE-2011-5034
> 
>
> Key: GERONIMO-6814
> URL: https://issues.apache.org/jira/browse/GERONIMO-6814
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: geronimo-maven-plugin
>Affects Versions: 1.1.1
>Reporter: Karthick
>Priority: Major
>
> Hi,
>  
> By default Apache Karaf 4.3.2 ([Maven Repository: org.apache.karaf » 
> apache-karaf » 4.3.2 
> (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.karaf/apache-karaf/4.3.2]
>  packs jms_geronimo_1.1_spec 1.1.1 version which when scanned through 
> security tools like Jfrog XRay and Anchore reports CVE-2011-5034 ([NVD - 
> CVE-2011-5034 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2011-5034] )
> However, there seems to be no later version of geronimo where this CVE is 
> fixed.It has been 10 years since this CVE is created and no fix seen yet. Do 
> you have analysis on whether this CVE really affects geronimo specs or any 
> plan to provide next version?
> There 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: [javamail] - Branch version

2021-07-28 Thread fpapon 
Ok, I created a version on Jira to follow the issues we wan't to include
to the next release :

https://issues.apache.org/jira/projects/GERONIMO/versions/12350433

regards,

François
fpa...@apache.org

Le 28/07/2021 à 09:11, Zowalla, Richard a écrit :
> I think, we shouldn't miss 
> https://issues.apache.org/jira/browse/GERONIMO-6800 
> for a release (no PR, but a patch file)
>
> Gruss
> Richard
>
> Am Mittwoch, den 28.07.2021, 09:05 +0200 schrieb fpa...@apache.org:
>> Ok thanks all!
>>
>> I will move forward on this and merge the 2 pending PRs and prepare a
>> release.
>>
>> regards,
>>
>> François
>> fpa...@apache.org
>>
>> Le 28/07/2021 à 08:25, Zowalla, Richard a écrit :
>>> I like the idea (+1). 
>>>
>>> Gruss
>>> Richard 
>>>
>>> Am Mittwoch, den 28.07.2021, 08:12 +0200 schrieb JB Onofré:
 +1

 It makes sense. Thanks.
 Regards 
 JB

> Le 28 juil. 2021 à 07:38, Romain Manni-Bucau <
> rmannibu...@gmail.com
>> a écrit :
> 
> +1 (will also help upgrades ;))
>
> Romain Manni-Bucau
> @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
>
>
> Le mer. 28 juil. 2021 à 00:51, Cesar Hernandez <
> cesargu...@gmail.com> a écrit :
>> Hi,
>> I don't have the historical background about why the
>> repository
>> have folders, but +1 on having dedicated branches.
>>
>> El mar, 27 jul 2021 a las 15:01, 
>> escribió:
>>> Hi,
>>>
>>> Today we have 4 directories in the geronimo-javamail
>>> repository
>>> and I
>>> would like to propose to use tags rather than directory to
>>> manage 1.x
>>> version.
>>>
>>> We would have the latest current version on root (1.6) and
>>> 1.3.1, 1.4,
>>> 1.5 on a dedicated branch.
>>>
>>> It will also help us for the release process.
>>>
>>> Toughts?
>>>
>>> https://github.com/apache/geronimo-javamail
>>> 
>>>
>>> regards,
>>>
>>> -- 
>>> François
>>> fpa...@apache.org
>>>

[jira] [Updated] (GERONIMO-6800) MimeBodyPart.setText ignores subtype

2021-07-28 Thread Francois Papon (Jira) 


 [ 
https://issues.apache.org/jira/browse/GERONIMO-6800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Francois Papon updated GERONIMO-6800:
-
Fix Version/s: Javamail_1.6_1.0.1

> MimeBodyPart.setText ignores subtype
> 
>
> Key: GERONIMO-6800
> URL: https://issues.apache.org/jira/browse/GERONIMO-6800
> Project: Geronimo
>  Issue Type: Bug
>  Security Level: public(Regular issues) 
>  Components: specs
>Reporter: Argannor
>Priority: Minor
> Fix For: Javamail_1.6_1.0.1
>
> Attachments: setText-subtype-ignored.patch
>
>
> Hi there,
> the following method from MimeBodyPart in geonimo-javamail_1.6_spec ignores 
> the parameter subtype, and always sets the mime type to text/plain.
> {code:java}
> public void setText(final String text, String charset, final String subtype)
> {code}
> I've written a small patch, including a test case. Please let me know if I 
> need to sign any legal documents to donate this code.
> Kind regards
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: [javamail] - Branch version

2021-07-28 Thread Zowalla, Richard 
I think, we shouldn't miss 
https://issues.apache.org/jira/browse/GERONIMO-6800 
for a release (no PR, but a patch file)

Gruss
Richard

Am Mittwoch, den 28.07.2021, 09:05 +0200 schrieb fpa...@apache.org:
> Ok thanks all!
> 
> I will move forward on this and merge the 2 pending PRs and prepare a
> release.
> 
> regards,
> 
> François
> fpa...@apache.org
> 
> Le 28/07/2021 à 08:25, Zowalla, Richard a écrit :
> > I like the idea (+1). 
> > 
> > Gruss
> > Richard 
> > 
> > Am Mittwoch, den 28.07.2021, 08:12 +0200 schrieb JB Onofré:
> > > +1
> > > 
> > > It makes sense. Thanks.
> > > Regards 
> > > JB
> > > 
> > > > Le 28 juil. 2021 à 07:38, Romain Manni-Bucau <
> > > > rmannibu...@gmail.com
> > > > > a écrit :
> > > > 
> > > > +1 (will also help upgrades ;))
> > > > 
> > > > Romain Manni-Bucau
> > > > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> > > > 
> > > > 
> > > > Le mer. 28 juil. 2021 à 00:51, Cesar Hernandez <
> > > > cesargu...@gmail.com> a écrit :
> > > > > Hi,
> > > > > I don't have the historical background about why the
> > > > > repository
> > > > > have folders, but +1 on having dedicated branches.
> > > > > 
> > > > > El mar, 27 jul 2021 a las 15:01, 
> > > > > escribió:
> > > > > > Hi,
> > > > > > 
> > > > > > Today we have 4 directories in the geronimo-javamail
> > > > > > repository
> > > > > > and I
> > > > > > would like to propose to use tags rather than directory to
> > > > > > manage 1.x
> > > > > > version.
> > > > > > 
> > > > > > We would have the latest current version on root (1.6) and
> > > > > > 1.3.1, 1.4,
> > > > > > 1.5 on a dedicated branch.
> > > > > > 
> > > > > > It will also help us for the release process.
> > > > > > 
> > > > > > Toughts?
> > > > > > 
> > > > > > https://github.com/apache/geronimo-javamail
> > > > > > 
> > > > > > 
> > > > > > regards,
> > > > > > 
> > > > > > -- 
> > > > > > François
> > > > > > fpa...@apache.org
> > > > > > 
-- 
Richard Zowalla, M.Sc.
Research Associate, PhD Student | Medical Informatics

Hochschule Heilbronn – University of Applied Sciences
Max-Planck-Str. 39 
D-74081 Heilbronn 
phone: +49 7131 504 6791 (zur Zeit nicht via Telefon erreichbar)
mail: richard.zowa...@hs-heilbronn.de
web: https://www.mi.hs-heilbronn.de/ 


smime.p7s
Description: S/MIME cryptographic signature

Re: [javamail] - Branch version

2021-07-28 Thread fpapon 
Ok thanks all!

I will move forward on this and merge the 2 pending PRs and prepare a
release.

regards,

François
fpa...@apache.org

Le 28/07/2021 à 08:25, Zowalla, Richard a écrit :
> I like the idea (+1). 
>
> Gruss
> Richard 
>
> Am Mittwoch, den 28.07.2021, 08:12 +0200 schrieb JB Onofré:
>> +1
>>
>> It makes sense. Thanks.
>> Regards 
>> JB
>>
>>> Le 28 juil. 2021 à 07:38, Romain Manni-Bucau >>> a écrit :
>>> 
>>> +1 (will also help upgrades ;))
>>>
>>> Romain Manni-Bucau
>>> @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
>>>
>>>
>>> Le mer. 28 juil. 2021 à 00:51, Cesar Hernandez <
>>> cesargu...@gmail.com> a écrit :
 Hi,
 I don't have the historical background about why the repository
 have folders, but +1 on having dedicated branches.

 El mar, 27 jul 2021 a las 15:01,  escribió:
> Hi,
>
> Today we have 4 directories in the geronimo-javamail repository
> and I
> would like to propose to use tags rather than directory to
> manage 1.x
> version.
>
> We would have the latest current version on root (1.6) and
> 1.3.1, 1.4,
> 1.5 on a dedicated branch.
>
> It will also help us for the release process.
>
> Toughts?
>
> https://github.com/apache/geronimo-javamail
> 
>
> regards,
>
> -- 
> François
> fpa...@apache.org
>

Re: [javamail] - Branch version

2021-07-28 Thread Zowalla, Richard 
I like the idea (+1). 

Gruss
Richard 

Am Mittwoch, den 28.07.2021, 08:12 +0200 schrieb JB Onofré:
> +1
> 
> It makes sense. Thanks.
> Regards 
> JB
> 
> > Le 28 juil. 2021 à 07:38, Romain Manni-Bucau  > > a écrit :
> > 
> > 
> > +1 (will also help upgrades ;))
> > 
> > Romain Manni-Bucau
> > @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> > 
> > 
> > Le mer. 28 juil. 2021 à 00:51, Cesar Hernandez <
> > cesargu...@gmail.com> a écrit :
> > > Hi,
> > > I don't have the historical background about why the repository
> > > have folders, but +1 on having dedicated branches.
> > > 
> > > El mar, 27 jul 2021 a las 15:01,  escribió:
> > > > Hi,
> > > > 
> > > > Today we have 4 directories in the geronimo-javamail repository
> > > > and I
> > > > would like to propose to use tags rather than directory to
> > > > manage 1.x
> > > > version.
> > > > 
> > > > We would have the latest current version on root (1.6) and
> > > > 1.3.1, 1.4,
> > > > 1.5 on a dedicated branch.
> > > > 
> > > > It will also help us for the release process.
> > > > 
> > > > Toughts?
> > > > 
> > > > https://github.com/apache/geronimo-javamail
> > > > 
> > > > 
> > > > regards,
> > > > 
> > > > -- 
> > > > François
> > > > fpa...@apache.org
> > > > 
> > > 
> > > 


smime.p7s
Description: S/MIME cryptographic signature

Re: [javamail] - Branch version

2021-07-28 Thread JB Onofré 
+1

It makes sense. Thanks.
Regards 
JB

> Le 28 juil. 2021 à 07:38, Romain Manni-Bucau  a écrit :
> 
> 
> +1 (will also help upgrades ;))
> 
> Romain Manni-Bucau
> @rmannibucau |  Blog | Old Blog | Github | LinkedIn | Book
> 
> 
>> Le mer. 28 juil. 2021 à 00:51, Cesar Hernandez  a 
>> écrit :
>> Hi,
>> I don't have the historical background about why the repository have 
>> folders, but +1 on having dedicated branches.
>> 
>>> El mar, 27 jul 2021 a las 15:01,  escribió:
>>> Hi,
>>> 
>>> Today we have 4 directories in the geronimo-javamail repository and I
>>> would like to propose to use tags rather than directory to manage 1.x
>>> version.
>>> 
>>> We would have the latest current version on root (1.6) and 1.3.1, 1.4,
>>> 1.5 on a dedicated branch.
>>> 
>>> It will also help us for the release process.
>>> 
>>> Toughts?
>>> 
>>> https://github.com/apache/geronimo-javamail
>>> 
>>> 
>>> regards,
>>> 
>>> -- 
>>> François
>>> fpa...@apache.org
>>> 
>> 
>> 
>> -- 
>> Atentamente:
>> César Hernández.