subject:"Re\: \[ofbiz\-framework\] branch trunk updated\: Fixed\: Upgrade Tomcat from 9.0.54 to 9.0.58 \(OFBIZ\-12539\)"

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

2022-01-26 Thread Pierre Smits

Jacques,

I don't know for a release from r18, but regarding a release from r22, you
could consider sharing your viewpoint in thread 'Time to cut the first
release of the R22 branch?' instead of here.


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006
*Apache Directory , PMC Member*

Anyone could have been you, whereas I've always been anyone.


On Wed, Jan 26, 2022 at 2:04 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:

> Hi Pierre, All,
>
> Yes saw that, complications comes with me using Win7.
>
> As I said in the Jira: I'm not sure we need to make new releases (18 and
> 22).
> Because I doubt users persist sessions using advanced FileStore feature.
> So maybe simply a warning could be sufficient.
>
> Jacques
>
> Le 26/01/2022 à 12:42, Pierre Smits a écrit :
> > Hey Jacques,
> >
> > It seems to me that this commit does not address the issue described in
> the
> > referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.
> >
> > Should this not be corrected? E.g. having its own ticket?
> >
> >
> > Met vriendelijke groet,
> >
> > Pierre Smits
> > *Proud* *contributor** of* Apache OFBiz 
> since
> > 2008 (without privileges)
> > Proud contributor to the ASF since 2006
> >
> > *Apache Directory , PMC Member*
> >
> > Anyone could have been you, whereas I've always been anyone.
> >
> >
> > On Wed, Jan 26, 2022 at 12:34 PM  wrote:
> >
> >> This is an automated email from the ASF dual-hosted git repository.
> >>
> >> jleroux pushed a commit to branch trunk
> >> in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
> >>
> >>
> >> The following commit(s) were added to refs/heads/trunk by this push:
> >>   new 6ed30b7  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58
> (OFBIZ-12539)
> >> 6ed30b7 is described below
> >>
> >> commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2
> >> Author: Jacques Le Roux 
> >> AuthorDate: Wed Jan 26 12:31:50 2022 +0100
> >>
> >>  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
> >>
> >>  The fix for bug CVE-2020-9484 introduced a time of check, time of
> use
> >>  vulnerability that allowed a local attacker to perform actions
> with the
> >>  privileges of the user that the Tomcat process is using. This
> issue is
> >> only
> >>  exploitable when Tomcat is configured to persist sessions using the
> >> FileStore.
> >> ---
> >>   themes/common-theme/webapp/common/js/package.json | 33
> >> ---
> >>   1 file changed, 18 insertions(+), 15 deletions(-)
> >>
> >> diff --git a/themes/common-theme/webapp/common/js/package.json
> >> b/themes/common-theme/webapp/common/js/package.json
> >> index 036a227..429ade6 100644
> >> --- a/themes/common-theme/webapp/common/js/package.json
> >> +++ b/themes/common-theme/webapp/common/js/package.json
> >> @@ -1,17 +1,20 @@
> >>   {
> >> -  "name": "ofbiz-framework",
> >> -  "description": "ofbiz-framework NPM dependencies configuration",
> >> -  "repository": "https://github.com/apache/ofbiz-framework.git";,
> >> -  "license": "Apache-2.0",
> >> -  "dependencies": {
> >> -"jquery": "^3.6.0",
> >> -"jquery-migrate": "^3.3.2",
> >> -"jquery-validation": "^1.19.3",
> >> -"jquery.browser": "^0.1.0",
> >> -"dompurify": "^2.3.4",
> >> -"jquery-ui-dist": "^1.13.0",
> >> -"trumbowyg": "^2.25.1",
> >> -"flot": "^4.2.2",
> >> -"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> >> -  }
> >> +"name": "ofbiz-framework",
> >> +"description": "ofbiz-framework NPM dependencies configuration",
> >> +"repository": "https://github.com/apache/ofbiz-framework.git";,
> >> +"license": "Apache-2.0",
> >> +"dependencies": {
> >> +"jquery": "^3.6.0",
> >> +"jquery-migrate": "^3.3.2",
> >> +"jquery-validation": "^1.19.3",
> >> +"jquery.browser": "^0.1.0",
> >> +"dompurify": "^2.3.4",
> >> +"jquery-ui-dist": "^1.13.0",
> >> +"trumbowyg": "^2.25.1",
> >> +"flot": "^4.2.2",
> >> +"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> >> +},
> >> +"scripts": {
> >> +"lint": "jshint **.js --reporter checkstyle > checkstyle.xml"
> >> +}
> >>   }
> >>
>

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

2022-01-26 Thread Jacques Le Roux


Hi Pierre, All,

Yes saw that, complications comes with me using Win7.

As I said in the Jira: I'm not sure we need to make new releases (18 and 22).
Because I doubt users persist sessions using advanced FileStore feature. So 
maybe simply a warning could be sufficient.

Jacques

Le 26/01/2022 à 12:42, Pierre Smits a écrit :

Hey Jacques,

It seems to me that this commit does not address the issue described in the
referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.

Should this not be corrected? E.g. having its own ticket?


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006

*Apache Directory , PMC Member*

Anyone could have been you, whereas I've always been anyone.


On Wed, Jan 26, 2022 at 12:34 PM  wrote:


This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
  new 6ed30b7  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
6ed30b7 is described below

commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2
Author: Jacques Le Roux 
AuthorDate: Wed Jan 26 12:31:50 2022 +0100

 Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

 The fix for bug CVE-2020-9484 introduced a time of check, time of use
 vulnerability that allowed a local attacker to perform actions with the
 privileges of the user that the Tomcat process is using. This issue is
only
 exploitable when Tomcat is configured to persist sessions using the
FileStore.
---
  themes/common-theme/webapp/common/js/package.json | 33
---
  1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/themes/common-theme/webapp/common/js/package.json
b/themes/common-theme/webapp/common/js/package.json
index 036a227..429ade6 100644
--- a/themes/common-theme/webapp/common/js/package.json
+++ b/themes/common-theme/webapp/common/js/package.json
@@ -1,17 +1,20 @@
  {
-  "name": "ofbiz-framework",
-  "description": "ofbiz-framework NPM dependencies configuration",
-  "repository": "https://github.com/apache/ofbiz-framework.git";,
-  "license": "Apache-2.0",
-  "dependencies": {
-"jquery": "^3.6.0",
-"jquery-migrate": "^3.3.2",
-"jquery-validation": "^1.19.3",
-"jquery.browser": "^0.1.0",
-"dompurify": "^2.3.4",
-"jquery-ui-dist": "^1.13.0",
-"trumbowyg": "^2.25.1",
-"flot": "^4.2.2",
-"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
-  }
+"name": "ofbiz-framework",
+"description": "ofbiz-framework NPM dependencies configuration",
+"repository": "https://github.com/apache/ofbiz-framework.git";,
+"license": "Apache-2.0",
+"dependencies": {
+"jquery": "^3.6.0",
+"jquery-migrate": "^3.3.2",
+"jquery-validation": "^1.19.3",
+"jquery.browser": "^0.1.0",
+"dompurify": "^2.3.4",
+"jquery-ui-dist": "^1.13.0",
+"trumbowyg": "^2.25.1",
+"flot": "^4.2.2",
+"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
+},
+"scripts": {
+"lint": "jshint **.js --reporter checkstyle > checkstyle.xml"
+}
  }

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

2022-01-26 Thread Pierre Smits

Hey Jacques,

It seems to me that this commit does not address the issue described in the
referenced ticket: https://issues.apache.org/jira/browse/OFBIZ-12539.

Should this not be corrected? E.g. having its own ticket?


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)
Proud contributor to the ASF since 2006

*Apache Directory , PMC Member*

Anyone could have been you, whereas I've always been anyone.


On Wed, Jan 26, 2022 at 12:34 PM  wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> jleroux pushed a commit to branch trunk
> in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
>
>
> The following commit(s) were added to refs/heads/trunk by this push:
>  new 6ed30b7  Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
> 6ed30b7 is described below
>
> commit 6ed30b76652e24162bcbc6efe4ca912ba0e31bc2
> Author: Jacques Le Roux 
> AuthorDate: Wed Jan 26 12:31:50 2022 +0100
>
> Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)
>
> The fix for bug CVE-2020-9484 introduced a time of check, time of use
> vulnerability that allowed a local attacker to perform actions with the
> privileges of the user that the Tomcat process is using. This issue is
> only
> exploitable when Tomcat is configured to persist sessions using the
> FileStore.
> ---
>  themes/common-theme/webapp/common/js/package.json | 33
> ---
>  1 file changed, 18 insertions(+), 15 deletions(-)
>
> diff --git a/themes/common-theme/webapp/common/js/package.json
> b/themes/common-theme/webapp/common/js/package.json
> index 036a227..429ade6 100644
> --- a/themes/common-theme/webapp/common/js/package.json
> +++ b/themes/common-theme/webapp/common/js/package.json
> @@ -1,17 +1,20 @@
>  {
> -  "name": "ofbiz-framework",
> -  "description": "ofbiz-framework NPM dependencies configuration",
> -  "repository": "https://github.com/apache/ofbiz-framework.git";,
> -  "license": "Apache-2.0",
> -  "dependencies": {
> -"jquery": "^3.6.0",
> -"jquery-migrate": "^3.3.2",
> -"jquery-validation": "^1.19.3",
> -"jquery.browser": "^0.1.0",
> -"dompurify": "^2.3.4",
> -"jquery-ui-dist": "^1.13.0",
> -"trumbowyg": "^2.25.1",
> -"flot": "^4.2.2",
> -"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> -  }
> +"name": "ofbiz-framework",
> +"description": "ofbiz-framework NPM dependencies configuration",
> +"repository": "https://github.com/apache/ofbiz-framework.git";,
> +"license": "Apache-2.0",
> +"dependencies": {
> +"jquery": "^3.6.0",
> +"jquery-migrate": "^3.3.2",
> +"jquery-validation": "^1.19.3",
> +"jquery.browser": "^0.1.0",
> +"dompurify": "^2.3.4",
> +"jquery-ui-dist": "^1.13.0",
> +"trumbowyg": "^2.25.1",
> +"flot": "^4.2.2",
> +"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3"
> +},
> +"scripts": {
> +"lint": "jshint **.js --reporter checkstyle > checkstyle.xml"
> +}
>  }
>

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

Re: [ofbiz-framework] branch trunk updated: Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

3 matches

Site Navigation

Mail list logo

Footer information