Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

2022-01-26 Thread Pierre Smits 
Jacques,

I don't know for a release from r18, but regarding a release from r22, you
could consider sharing your viewpoint in thread 'Time to cut the first
release of the R22 branch?' instead of here.


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006
*Apache Directory , PMC Member*

Anyone could have been you, whereas I've always been anyone.


On Wed, Jan 26, 2022 at 2:04 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:

> Hi Pierre, All,
>
> Yes saw that, complications comes with me using Win7.
>
> As I said in the Jira: I'm not sure we need to make new releases (18 and
> 22).
> Because I doubt users persist sessions using advanced FileStore feature.
> So maybe simply a warning could be sufficient.
>
> Jacques
>
> Le 26/01/2022 à 12:42, Pierre Smits a écrit :
> > Hey Jacques,
> >
> > It seems to me that this commit does not address the issue described in
> the
> > referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.
> >
> > Should this not be corrected? E.g. having its own ticket?
> >
> >
> > Met vriendelijke groet,
> >
> > Pierre Smits
> > *Proud* *contributor** of* Apache OFBiz 
> since
> > 2008 (without privileges)
> > Proud contributor to the ASF since 2006
> >
> > *Apache Directory , PMC Member*
> >
> > Anyone could have been you, whereas I've always been anyone.
> >
> >
> > On Wed, Jan 26, 2022 at 12:34 PM  wrote:
> >
> >> This is an automated email from the ASF dual-hosted git repository.
> >>
> >> jleroux pushed a commit to branch trunk
> >> in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
> >>
> >>
> >> The following commit(s) were added to refs/heads/trunk by this push:
> >>   new 6ed30b7  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58
> (OFBIZ-12539)
> >> 6ed30b7 is described below
> >>
> >> commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2
> >> Author: Jacques Le Roux 
> >> AuthorDate: Wed Jan 26 12:31:50 2022 +0100
> >>
> >>  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
> >>
> >>  The fix for bug CVE-2020-9484 introduced a time of check, time of
> use
> >>  vulnerability that allowed a local attacker to perform actions
> with the
> >>  privileges of the user that the Tomcat process is using. This
> issue is
> >> only
> >>  exploitable when Tomcat is configured to persist sessions using the
> >> FileStore.
> >> ---
> >>   themes/common-theme/webapp/common/js/package.json | 33
> >> ---
> >>   1 file changed, 18 insertions(+), 15 deletions(-)
> >>
> >> diff --git a/themes/common-theme/webapp/common/js/package.json
> >> b/themes/common-theme/webapp/common/js/package.json
> >> index 036a227..429ade6 100644
> >> --- a/themes/common-theme/webapp/common/js/package.json
> >> +++ b/themes/common-theme/webapp/common/js/package.json
> >> @@ -1,17 +1,20 @@
> >>   {
> >> -  "name": "ofbiz-framework",
> >> -  "description": "ofbiz-framework NPM dependencies configuration",
> >> -  "repository": "https://github.com/apache/ofbiz-framework.git;,
> >> -  "license": "Apache-2.0",
> >> -  "dependencies": {
> >> -"jquery": "^3.6.0",
> >> -"jquery-migrate": "^3.3.2",
> >> -"jquery-validation": "^1.19.3",
> >> -"jquery.browser": "^0.1.0",
> >> -"dompurify": "^2.3.4",
> >> -"jquery-ui-dist": "^1.13.0",
> >> -"trumbowyg": "^2.25.1",
> >> -"flot": "^4.2.2",
> >> -"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> >> -  }
> >> +"name": "ofbiz-framework",
> >> +"description": "ofbiz-framework NPM dependencies configuration",
> >> +"repository": "https://github.com/apache/ofbiz-framework.git;,
> >> +"license": "Apache-2.0",
> >> +"dependencies": {
> >> +"jquery": "^3.6.0",
> >> +"jquery-migrate": "^3.3.2",
> >> +"jquery-validation": "^1.19.3",
> >> +"jquery.browser": "^0.1.0",
> >> +"dompurify": "^2.3.4",
> >> +"jquery-ui-dist": "^1.13.0",
> >> +"trumbowyg": "^2.25.1",
> >> +"flot": "^4.2.2",
> >> +"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> >> +},
> >> +"scripts": {
> >> +"lint": "jshint **.js --reporter checkstyle > checkstyle.xml"
> >> +}
> >>   }
> >>
>

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

2022-01-26 Thread Jacques Le Roux 

Hi Pierre, All,

Yes saw that, complications comes with me using Win7.

As I said in the Jira: I'm not sure we need to make new releases (18 and 22).
Because I doubt users persist sessions using advanced FileStore feature. So 
maybe simply a warning could be sufficient.

Jacques

Le 26/01/2022 à 12:42, Pierre Smits a écrit :

Hey Jacques,

It seems to me that this commit does not address the issue described in the
referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.

Should this not be corrected? E.g. having its own ticket?


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006

*Apache Directory , PMC Member*

Anyone could have been you, whereas I've always been anyone.


On Wed, Jan 26, 2022 at 12:34 PM  wrote:


This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
  new 6ed30b7  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
6ed30b7 is described below

commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2
Author: Jacques Le Roux 
AuthorDate: Wed Jan 26 12:31:50 2022 +0100

 Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

 The fix for bug CVE-2020-9484 introduced a time of check, time of use
 vulnerability that allowed a local attacker to perform actions with the
 privileges of the user that the Tomcat process is using. This issue is
only
 exploitable when Tomcat is configured to persist sessions using the
FileStore.
---
  themes/common-theme/webapp/common/js/package.json | 33
---
  1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/themes/common-theme/webapp/common/js/package.json
b/themes/common-theme/webapp/common/js/package.json
index 036a227..429ade6 100644
--- a/themes/common-theme/webapp/common/js/package.json
+++ b/themes/common-theme/webapp/common/js/package.json
@@ -1,17 +1,20 @@
  {
-  "name": "ofbiz-framework",
-  "description": "ofbiz-framework NPM dependencies configuration",
-  "repository": "https://github.com/apache/ofbiz-framework.git;,
-  "license": "Apache-2.0",
-  "dependencies": {
-"jquery": "^3.6.0",
-"jquery-migrate": "^3.3.2",
-"jquery-validation": "^1.19.3",
-"jquery.browser": "^0.1.0",
-"dompurify": "^2.3.4",
-"jquery-ui-dist": "^1.13.0",
-"trumbowyg": "^2.25.1",
-"flot": "^4.2.2",
-"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
-  }
+"name": "ofbiz-framework",
+"description": "ofbiz-framework NPM dependencies configuration",
+"repository": "https://github.com/apache/ofbiz-framework.git;,
+"license": "Apache-2.0",
+"dependencies": {
+"jquery": "^3.6.0",
+"jquery-migrate": "^3.3.2",
+"jquery-validation": "^1.19.3",
+"jquery.browser": "^0.1.0",
+"dompurify": "^2.3.4",
+"jquery-ui-dist": "^1.13.0",
+"trumbowyg": "^2.25.1",
+"flot": "^4.2.2",
+"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
+},
+"scripts": {
+"lint": "jshint **.js --reporter checkstyle > checkstyle.xml"
+}
  }

Time to cut the first release of the R22 branch?

2022-01-26 Thread Pierre Smits 
Hi All,

it has been years since we cut the branch before the R22, and a lot of
improvements have gone into trunk and subsequently into the R22 branch.

As per https://issues.apache.org/jira/projects/OFBIZ/versions/12342403 it
seems all tickets related to the first release of that branch have been
concluded successfully.

Is it therefore now the moment to establish the first release of the branch
(being release 22.01.01)

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006
*Apache Directory , PMC Member*

Anyone could have been you, whereas I've always been anyone.

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

2022-01-26 Thread Pierre Smits 
Hey Jacques,

It seems to me that this commit does not address the issue described in the
referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.

Should this not be corrected? E.g. having its own ticket?


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006

*Apache Directory , PMC Member*

Anyone could have been you, whereas I've always been anyone.


On Wed, Jan 26, 2022 at 12:34 PM  wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> jleroux pushed a commit to branch trunk
> in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
>
>
> The following commit(s) were added to refs/heads/trunk by this push:
>  new 6ed30b7  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
> 6ed30b7 is described below
>
> commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2
> Author: Jacques Le Roux 
> AuthorDate: Wed Jan 26 12:31:50 2022 +0100
>
> Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
>
> The fix for bug CVE-2020-9484 introduced a time of check, time of use
> vulnerability that allowed a local attacker to perform actions with the
> privileges of the user that the Tomcat process is using. This issue is
> only
> exploitable when Tomcat is configured to persist sessions using the
> FileStore.
> ---
>  themes/common-theme/webapp/common/js/package.json | 33
> ---
>  1 file changed, 18 insertions(+), 15 deletions(-)
>
> diff --git a/themes/common-theme/webapp/common/js/package.json
> b/themes/common-theme/webapp/common/js/package.json
> index 036a227..429ade6 100644
> --- a/themes/common-theme/webapp/common/js/package.json
> +++ b/themes/common-theme/webapp/common/js/package.json
> @@ -1,17 +1,20 @@
>  {
> -  "name": "ofbiz-framework",
> -  "description": "ofbiz-framework NPM dependencies configuration",
> -  "repository": "https://github.com/apache/ofbiz-framework.git;,
> -  "license": "Apache-2.0",
> -  "dependencies": {
> -"jquery": "^3.6.0",
> -"jquery-migrate": "^3.3.2",
> -"jquery-validation": "^1.19.3",
> -"jquery.browser": "^0.1.0",
> -"dompurify": "^2.3.4",
> -"jquery-ui-dist": "^1.13.0",
> -"trumbowyg": "^2.25.1",
> -"flot": "^4.2.2",
> -"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> -  }
> +"name": "ofbiz-framework",
> +"description": "ofbiz-framework NPM dependencies configuration",
> +"repository": "https://github.com/apache/ofbiz-framework.git;,
> +"license": "Apache-2.0",
> +"dependencies": {
> +"jquery": "^3.6.0",
> +"jquery-migrate": "^3.3.2",
> +"jquery-validation": "^1.19.3",
> +"jquery.browser": "^0.1.0",
> +"dompurify": "^2.3.4",
> +"jquery-ui-dist": "^1.13.0",
> +"trumbowyg": "^2.25.1",
> +"flot": "^4.2.2",
> +"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> +},
> +"scripts": {
> +"lint": "jshint **.js --reporter checkstyle > checkstyle.xml"
> +}
>  }
>

Re: [jira] [Commented] (OFBIZ-7456) Introduce the option to add the new Customer/Supplier while placing the quotes in system if they don't exist already

2022-01-26 Thread Pierre Smits 
Are we going to abandon the principles of KISS and YAGNI with this?

Are we going to allow that requests (tickets) for functionality, and code
improvements are done re e.g. to create/edit products, prices for products
and services, suppliers, customers, etc in e.g. accounting? Or facility? Or
work effort? Or what ever component in either ofbiz-framework or
ofbiz-plugins?

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006

*Apache Directory , PMC Member*


On Mon, Apr 12, 2021 at 12:33 PM ASF subversion and git services (Jira) <
j...@apache.org> wrote:

>
> [
> https://issues.apache.org/jira/browse/OFBIZ-7456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17319339#comment-17319339
> ]
>
> ASF subversion and git services commented on OFBIZ-7456:
> 
>
> Commit 9b4a4ad8d6cad55d508cac030396f5a0276c471c in ofbiz-framework's
> branch refs/heads/trunk from Joonas Hiltunen
> [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9b4a4ad ]
>
> Implemented:  Add new party while placing quotes (OFBIZ-7456) (#294)
>
> Introduce the option to create a new party group while placing the quotes
> in the system.
>
> > Introduce the option to add the new Customer/Supplier while placing the
> quotes in system if they don't exist already
> >
> 
> >
> > Key: OFBIZ-7456
> > URL: https://issues.apache.org/jira/browse/OFBIZ-7456
> > Project: OFBiz
> >  Issue Type: New Feature
> >  Components: order
> >Affects Versions: 14.12.01, 15.12.01
> >Reporter: Swapnil Shah
> >Assignee: Pawan Verma
> >Priority: Major
> >
> > On numerous occasions while placing Sales or Purchase quote in system,
> the business is conducted first time with given party and its quite
> possible that given party don't pre-exist in system.
> > At that point of time user could be allowed to create the party in
> either Customer or Supplier role by asking few primary details as follows:
> > # Party Name
> > # Billing/Shipping Address
> > Rest of the details can be later added/update with respect to added
> party from Party screens.
>
>
>
> --
> This message was sent by Atlassian Jira
> (v8.3.4#803005)
>