Re: [VOTE] Release Apache Sling Repoinit JCR 1.1.46
+1 Am Mo., 13. Nov. 2023 um 13:25 Uhr schrieb Julian Sedding < jsedd...@gmail.com>: > Hi, > > We solved 3 issues in this release: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12352870=Text > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2807/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2807 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards > Julian > -- Cheers, Jörg Hoh, https://cqdump.joerghoh.de Twitter: @joerghoh
Re: [VOTE] Release Apache Sling slingfeature maven plugin 1.8.0
+1 Am Mo., 13. Nov. 2023 um 10:41 Uhr schrieb Carsten Ziegeler < cziege...@apache.org>: > Hi, > > We solved 6 issues in the feature model > https://issues.apache.org/jira/projects/SLING/versions/12353832 > > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2806/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > Usage: > sh check_staged_release.sh 2806 /tmp/sling-staging > > Please vote to approve this release: > >[ ] +1 Approve the release >[ ] 0 Don't care >[ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards > Carsten > -- > Carsten Ziegeler > Adobe > cziege...@apache.org > -- Cheers, Jörg Hoh, https://cqdump.joerghoh.de Twitter: @joerghoh
[PR] chore(deps): update dependency org.apache.sling:org.apache.sling.xss to v2.4.0 [sling-org-apache-sling-starter]
renovate-bot opened a new pull request, #273: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/273 [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.sling:org.apache.sling.xss](https://sling.apache.org) ([source](https://togithub.com/apache/sling-org-apache-sling-xss)) | `2.3.8` -> `2.4.0` | [![age](https://developer.mend.io/api/mc/badges/age/maven/org.apache.sling:org.apache.sling.xss/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/org.apache.sling:org.apache.sling.xss/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/org.apache.sling:org.apache.sling.xss/2.3.8/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.apache.sling:org.apache.sling.xss/2.3.8/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/apache/sling-org-apache-sling-starter). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] chore(deps): update dependency org.apache.sling:org.apache.sling.resourceresolver to v1.11.2 [sling-org-apache-sling-starter]
renovate-bot opened a new pull request, #272: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/272 [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.sling:org.apache.sling.resourceresolver](https://sling.apache.org) ([source](https://togithub.com/apache/sling-org-apache-sling-resourceresolver)) | `1.11.0` -> `1.11.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/org.apache.sling:org.apache.sling.resourceresolver/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/org.apache.sling:org.apache.sling.resourceresolver/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/org.apache.sling:org.apache.sling.resourceresolver/1.11.0/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.apache.sling:org.apache.sling.resourceresolver/1.11.0/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/apache/sling-org-apache-sling-starter). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] chore(deps): update dependency org.apache.sling:org.apache.sling.xss to v2.4.0 [sling-site]
rombert merged PR #146: URL: https://github.com/apache/sling-site/pull/146 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] chore(deps): update dependency org.apache.sling:org.apache.sling.xss to v2.4.0 [sling-site]
renovate-bot opened a new pull request, #146: URL: https://github.com/apache/sling-site/pull/146 [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.sling:org.apache.sling.xss](https://sling.apache.org) ([source](https://togithub.com/apache/sling-org-apache-sling-xss)) | `2.3.8` -> `2.4.0` | [![age](https://developer.mend.io/api/mc/badges/age/maven/org.apache.sling:org.apache.sling.xss/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/org.apache.sling:org.apache.sling.xss/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/org.apache.sling:org.apache.sling.xss/2.3.8/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.apache.sling:org.apache.sling.xss/2.3.8/2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/apache/sling-site). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Various improvements for the webconsole plugin [sling-org-apache-sling-resourceresolver]
sonarcloud[bot] commented on PR #78: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/78#issuecomment-1808923595 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-resourceresolver=78) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=78=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=78=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=78=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=78=false=CODE_SMELL) [![2.1%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/0-16px.png '2.1%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=78=new_coverage=list) [2.1% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=78=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=78=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=78=new_duplicated_lines_density=list) ![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png 'idea') Catch issues before they fail your Quality Gate with our IDE extension ![sonarlint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png 'sonarlint') [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=sonarcloud-welcome) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-11352 - Fix parsing of path-only mappings [sling-org-apache-sling-resourceresolver]
sonarcloud[bot] commented on PR #84: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/84#issuecomment-1808922325 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-resourceresolver=84) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=84=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=84=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=84=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=84=false=CODE_SMELL) [![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png '100.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=84=new_coverage=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=84=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=84=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=84=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12152) IOException is not properly handled by error handling
[ https://issues.apache.org/jira/browse/SLING-12152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17785630#comment-17785630 ] Carsten Ziegeler commented on SLING-12152: -- Potential fix in https://github.com/apache/sling-org-apache-sling-engine/commit/8ab96759cd435520a228271fbbb9d37955954c80 > IOException is not properly handled by error handling > - > > Key: SLING-12152 > URL: https://issues.apache.org/jira/browse/SLING-12152 > Project: Sling > Issue Type: Bug > Components: Engine >Affects Versions: Engine 2.15.6 >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler >Priority: Major > Fix For: Engine 2.15.8 > > > When a servlet (or code called by a servlet) is throwing an IOException, this > is currently not passed to the error handler. Instead the processor is > passing it on to the main servlet, assuming it is handling the case. However, > the main servlet is just logging and therefore an IOException does not result > in an error response send to the client -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12139 - Bump dependency versions [sling-org-apache-sling-testing-hamcrest]
rmcdouga commented on code in PR #3: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/3#discussion_r1391551624 ## pom.xml: ## @@ -55,7 +55,7 @@ org.apache.sling org.apache.sling.api -2.4.0 +2.22.0 Review Comment: I believe I had to update this because of the upgrade to sling-mock 3.4.14. That version of the project depends on sling.api 2.22.0 Without upgrading the sling.api 2.22.0, the project will not compile because of a java.lang.NoClassDefFoundError: org/apache/sling/api/wrappers/DeepReadModifiableValueMapDecorator error. While I understand the sentiment behind using the lowest compatible version, I'm not sure I agree with it. In practical terms, this doesn't really affect existing users. If someone can't or doesn't want to upgrade their sling.api dependency, then they can always remain on the older version of this library. If they want or need to use the latest version, then the price of admission is updating their dependencies. No-one is forcing this on anyone. Not upgrading though (for whatever reason) should not be a best practice (at least IMHO, which I admit lacks experience in the sling project). Everyone should be upgrading their dependencies regularly. If upgrading is a problem, then delay the upgrade until you can figure out what else needs to be changed, but I see upgrading eventually is inevitable so there's no point is putting it off too long. My preference would be to not enable the bad practice of having outdated dependencies. Having said that, if you feel strongly about this, it will take some work but I can keep rolling things back until I have a version that works. (I can't promise to not feel good about it though. ) ## pom.xml: ## @@ -55,7 +55,7 @@ org.apache.sling org.apache.sling.api -2.4.0 +2.22.0 Review Comment: I believe I had to update this because of the upgrade to sling-mock 3.4.14. That version of the project depends on sling.api 2.22.0 Without upgrading the sling.api 2.22.0, the project will not compile because of a java.lang.NoClassDefFoundError: org/apache/sling/api/wrappers/DeepReadModifiableValueMapDecorator error. While I understand the sentiment behind using the lowest compatible version, I'm not sure I agree with it. In practical terms, this doesn't really affect existing users. If someone can't or doesn't want to upgrade their sling.api dependency, then they can always remain on the older version of this library. If they want or need to use the latest version, then the price of admission is updating their dependencies. No-one is forcing this on anyone. Not upgrading though (for whatever reason) should not be a best practice (at least IMHO, which I admit lacks experience in the sling project). Everyone should be upgrading their dependencies regularly. If upgrading is a problem, then delay the upgrade until you can figure out what else needs to be changed, but I see upgrading eventually is inevitable so there's no point is putting it off too long. My preference would be to not enable the bad practice of having outdated dependencies. Having said that, if you feel strongly about this, it will take some work but I can keep rolling things back until I have a version that works. (I can't promise to feel good about it though. ) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12139 - Bump dependency versions [sling-org-apache-sling-testing-hamcrest]
rmcdouga commented on code in PR #3: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/3#discussion_r1391551624 ## pom.xml: ## @@ -55,7 +55,7 @@ org.apache.sling org.apache.sling.api -2.4.0 +2.22.0 Review Comment: I believe I had to update this because of the upgrade to sling-mock 3.4.14. That version of the project depends on sling.api 2.22.0 Without upgrading the sling.api 2.22.0, the project will not compile because of a java.lang.NoClassDefFoundError: org/apache/sling/api/wrappers/DeepReadModifiableValueMapDecorator error. While I understand the sentiment behind using the lowest compatible version, I'm not sure I agree with it. In practical terms, this doesn't really affect existing users. If someone can't or doesn't want to upgrade their sling.api dependency, then they can always remain on the older version of this library. If they want or need to use the latest version, then the price of admission is updating their dependencies. No-one is forcing this on anyone. Not upgrading though (for whatever reason) should not be a best practice (at least IMHO, which I admit lacks experience in the sling project). Everyone should be upgrading their dependencies regularly. If upgrading is a problem, then delay the upgrade until you can figure out what else needs to be changed, but I see upgrading eventually is inevitable so there's no point is putting it off too long. My preference would be to not enable the bad practice of having outdated dependencies. Having said that, if you feel strongly about this, it will take some work but I can keep rolling things back until I have a version that works. (I may not feel good about it though. ) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-12152) IOException is not properly handled by error handling
Carsten Ziegeler created SLING-12152: Summary: IOException is not properly handled by error handling Key: SLING-12152 URL: https://issues.apache.org/jira/browse/SLING-12152 Project: Sling Issue Type: Bug Components: Engine Affects Versions: Engine 2.15.6 Reporter: Carsten Ziegeler Assignee: Carsten Ziegeler Fix For: Engine 2.15.8 When a servlet (or code called by a servlet) is throwing an IOException, this is currently not passed to the error handler. Instead the processor is passing it on to the main servlet, assuming it is handling the case. However, the main servlet is just logging and therefore an IOException does not result in an error response send to the client -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12139 - Bump dependency versions [sling-org-apache-sling-testing-hamcrest]
rmcdouga commented on code in PR #3: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/3#discussion_r1391551624 ## pom.xml: ## @@ -55,7 +55,7 @@ org.apache.sling org.apache.sling.api -2.4.0 +2.22.0 Review Comment: I believe I had to update this because of the upgrade to sling-mock 3.4.14. That version of the project depends on sling.api 2.22.0 Without upgrading the sling.api 2.22.0, the project will not compile because of a java.lang.NoClassDefFoundError: org/apache/sling/api/wrappers/DeepReadModifiableValueMapDecorator error. While I understand the sentiment behind using the lowest compatible version, I'm not sure I agree with it. In practical terms, this doesn't really affect existing users. If someone can't or doesn't want to upgrade their sling.api dependency, then they can always remain on the older version of this library. If they want or need to use the latest version, then the price of admission is updating their dependencies. No-one is forcing this on anyone. Not upgrading though (for whatever reason) should not be a best practice (at least IMHO, which I admit lacks experience in the sling project). Everyone should be upgrading their dependencies regularly. If upgrading is a problem, then delay the upgrade until you can figure out what else needs to be changed, but I see upgrading eventually is inevitable so there's no point is putting it off too long. My preference would be to not enable the bad practice of having outdated dependencies. Having said that, if you feel strongly about this, it will take some work but I can keep rolling things back until I have a version that works, but I won't feel good about it. ## pom.xml: ## @@ -55,7 +55,7 @@ org.apache.sling org.apache.sling.api -2.4.0 +2.22.0 Review Comment: I believe I had to update this because of the upgrade to sling-mock 3.4.14. That version of the project depends on sling.api 2.22.0 Without upgrading the sling.api 2.22.0, the project will not compile because of a java.lang.NoClassDefFoundError: org/apache/sling/api/wrappers/DeepReadModifiableValueMapDecorator error. While I understand the sentiment behind using the lowest compatible version, I'm not sure I agree with it. In practical terms, this doesn't really affect existing users. If someone can't or doesn't want to upgrade their sling.api dependency, then they can always remain on the older version of this library. If they want or need to use the latest version, then the price of admission is updating their dependencies. No-one is forcing this on anyone. Not upgrading though (for whatever reason) should not be a best practice (at least IMHO, which I admit lacks experience in the sling project). Everyone should be upgrading their dependencies regularly. If upgrading is a problem, then delay the upgrade until you can figure out what else needs to be changed, but I see upgrading eventually is inevitable so there's no point is putting it off too long. My preference would be to not enable the bad practice of having outdated dependencies. Having said that, if you feel strongly about this, it will take some work but I can keep rolling things back until I have a version that works, but I won't feel good about it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-11485 - RepoInitValidator to check for content changes contradi… [sling-org-apache-sling-jcr-repoinit]
sonarcloud[bot] commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/34#issuecomment-1808788288 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-repoinit=34) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=CODE_SMELL) [19 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-repoinit=34=false=CODE_SMELL) [![44.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/40-16px.png '44.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_coverage=list) [44.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-repoinit=34=new_duplicated_lines_density=list) ![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png 'idea') Catch issues before they fail your Quality Gate with our IDE extension ![sonarlint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png 'sonarlint') [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=sonarcloud-welcome) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] SLING-12139 - Bump dependency versions [sling-org-apache-sling-testing-hamcrest]
rombert commented on code in PR #3: URL: https://github.com/apache/sling-org-apache-sling-testing-hamcrest/pull/3#discussion_r1391365542 ## pom.xml: ## @@ -55,7 +55,7 @@ org.apache.sling org.apache.sling.api -2.4.0 +2.22.0 Review Comment: I would not change this one. While the parent bring is general improvements and the sling-mock is probably useful and brings in new features, updating the Sling API will also upgrade it for projects that consume this testing dependency. We encourge projects to use the lowest compatible version of their dependencies so they can be deployed on as many platforms as possible. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-12151) Update o.a.f.cm.json to 2.0.2 to reduce OOM scenarios
[ https://issues.apache.org/jira/browse/SLING-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17785566#comment-17785566 ] Dominik Süß commented on SLING-12151: - While testing the patch I discovered a potential regression in the felix patch around newline handling. I need to revisit this one > Update o.a.f.cm.json to 2.0.2 to reduce OOM scenarios > - > > Key: SLING-12151 > URL: https://issues.apache.org/jira/browse/SLING-12151 > Project: Sling > Issue Type: Improvement > Components: Content-Package to Feature Model Converter >Reporter: Dominik Süß >Priority: Major > > As reported and fixed with FELIX-6664 there was a scenario that could cause > OOM issues when processing big feature files with comments due to inefficient > string handling holding the whole feature files as string representation in > memory - to leverage the fix a version bump is necessary. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
[ https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-11882. --- > XSS Protection API: Apply shading/package relocation to embedded Guava+Co > Libraries > --- > > Key: SLING-11882 > URL: https://issues.apache.org/jira/browse/SLING-11882 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.0 >Reporter: Stefan Seifert >Assignee: Stefan Seifert >Priority: Major > Fix For: XSS Protection API 2.4.0 > > > with version 2.3.0 of the XSS Protection API the internal implementation was > switched to OWASP sanitizer library (esapi) in SLING-7231. > with this new implementation comes a load of 3rdparty libraries including a > guava version, which is embedded as private packages in the OSGi bundle. this > is completely fine from an OSGi bundle perspective and works. > however, in unit test contexts this can lead to problems, because depending > on the dependency order the embedded guava classes may overlay other guava > classes references in the same POM with a different version, leading to > problems running code in the unit test context. to prevent problems like > this, we usually apply a shading and relocation of the package names to > ensure such clashes in classpath does no happen. > the same problem may affect other libraries embedded in the bundle. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-12137) XSS API bundle no longer embeds the needed org.owasp.html classes
[ https://issues.apache.org/jira/browse/SLING-12137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-12137. --- > XSS API bundle no longer embeds the needed org.owasp.html classes > - > > Key: SLING-12137 > URL: https://issues.apache.org/jira/browse/SLING-12137 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Critical > Fix For: XSS Protection API 2.4.0 > > > This manifests itself at runtime > {noformat}09.11.2023 14:26:57.444 *ERROR* [FelixLogListener] > org.apache.sling.xss.impl.XSSFilterImpl bundle > org.apache.sling.xss:2.3.11.SNAPSHOT > (148)[org.apache.sling.xss.impl.XSSFilterImpl(223)] : The activate method has > thrown an exception (org.apache.felix.log.LogException: > java.lang.NoClassDefFoundError: org/owasp/html/HtmlStreamEventReceiver) > org.apache.felix.log.LogException: java.lang.NoClassDefFoundError: > org/owasp/html/HtmlStreamEventReceiver > at > org.apache.sling.xss.impl.PolicyHandler.(PolicyHandler.java:47) > [org.apache.sling.xss:2.3.11.SNAPSHOT] > at > org.apache.sling.xss.impl.XSSFilterImpl.setActiveEmbededPolicy(XSSFilterImpl.java:311) > [org.apache.sling.xss:2.3.11.SNAPSHOT] > at > org.apache.sling.xss.impl.XSSFilterImpl.updatePolicy(XSSFilterImpl.java:298) > [org.apache.sling.xss:2.3.11.SNAPSHOT] > at > org.apache.sling.xss.impl.XSSFilterImpl.activate(XSSFilterImpl.java:267) > [org.apache.sling.xss:2.3.11.SNAPSHOT] > {noformat} > Manually inspecting the jars shows that we don't have the org.owasp.html > classes we used to embed > {noformat} > $ jar tf target/org.apache.sling.xss-2.3.11-SNAPSHOT.jar | grep owasp/html > org/owasp/html/ > org/owasp/html/DynamicAttributesSanitizerPolicy.class > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-12070) Migrate sling.xss to jakarta.json
[ https://issues.apache.org/jira/browse/SLING-12070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-12070. --- > Migrate sling.xss to jakarta.json > - > > Key: SLING-12070 > URL: https://issues.apache.org/jira/browse/SLING-12070 > Project: Sling > Issue Type: Sub-task >Reporter: Ashok Pelluru >Assignee: Ashok Pelluru >Priority: Minor > Fix For: XSS Protection API 2.4.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-12118) Update Batik XML utility library to version 1.17
[ https://issues.apache.org/jira/browse/SLING-12118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-12118. --- > Update Batik XML utility library to version 1.17 > > > Key: SLING-12118 > URL: https://issues.apache.org/jira/browse/SLING-12118 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Tatyana Vogel >Assignee: Tatyana Vogel >Priority: Critical > Fix For: XSS Protection API 2.4.0 > > > The sling XSS library uses a vulnerable Batik XML utility library version. > Upgrade to a vulnerability-free version of the embedded library is needed. > [CVE-2022-44729|https://www.cvedetails.com/cve/CVE-2022-44729/] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-12005) XSS bundle should not embed org.owasp.encoder
[ https://issues.apache.org/jira/browse/SLING-12005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-12005. --- > XSS bundle should not embed org.owasp.encoder > - > > Key: SLING-12005 > URL: https://issues.apache.org/jira/browse/SLING-12005 > Project: Sling > Issue Type: New Feature > Components: XSS Protection API >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler >Priority: Major > Fix For: XSS Protection API 2.4.0 > > > Currently the XSS bundle embeds the OSGi bundle org.owasp.encoder:encoder . > As that is already a bundle, it is better to not embed it. This makes > updating that code easier and if other modules use it avoids duplicate > deployments (in potentially different versions) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-12116) Update transative google-guava dependency to version 32.1.3-jre
[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-12116. --- > Update transative google-guava dependency to version 32.1.3-jre > --- > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Tatyana Vogel >Assignee: Tatyana Vogel >Priority: Critical > Fix For: XSS Protection API 2.4.0 > > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-11921) Building javadoc with Java 11 fails
[ https://issues.apache.org/jira/browse/SLING-11921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-11921. --- > Building javadoc with Java 11 fails > --- > > Key: SLING-11921 > URL: https://issues.apache.org/jira/browse/SLING-11921 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.8 >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: XSS Protection API 2.4.0 > > > After the fix for 11610, building javadoc with Java 11 or newer fails > {noformat}[ERROR] Failed to execute goal > org.apache.maven.plugins:maven-javadoc-plugin:3.4.0:jar (default-cli) on > project org.apache.sling.xss: MavenReportException: Error while generating > Javadoc: > [ERROR] Exit code: 1 - > /home/robert/sources/apache/sling/org-apache-sling-xss/src/main/java/org/apache/sling/xss/impl/AntiSamyPolicyAdapter.java:39: > error: package sun.misc does not exist > [ERROR] import sun.misc.Unsafe; > [ERROR]^ > [ERROR] > [ERROR] Command line was: /usr/lib64/jvm/java-11-openjdk-11/bin/javadoc > @options @packages{noformat} > As a direct consequence, releasing must be done with Java 8 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (SLING-12123) Unexpected new requirements for the XSS bundle
[ https://issues.apache.org/jira/browse/SLING-12123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu closed SLING-12123. --- > Unexpected new requirements for the XSS bundle > -- > > Key: SLING-12123 > URL: https://issues.apache.org/jira/browse/SLING-12123 > Project: Sling > Issue Type: Bug > Components: XSS Protection API >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Critical > Fix For: XSS Protection API 2.4.0 > > > With the 2.3.10 release candidate: > [ERROR] [bundle-packages] org.apache.sling:org.apache.sling.xss:2.3.10: > Bundle is importing packages [javax.annotation.meta, android.os] with start > order 20 but no bundle is exporting these for that start order. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[RESULT] [VOTE] Release Apache Sling XSS Protection API 2.4.0
Hi, The vote has passed with the following result: +1 (binding): Carsten Ziegeler, Joerg Hoh, Eric Norman, Dan Klco +1 (non-binding): none I will copy this release to the Sling dist directory and promote the artifacts to the central Maven repository. Regards, Robert Munteanu
[jira] [Created] (SLING-12151) Update o.a.f.cm.json to 2.0.2 to reduce OOM scenarios
Dominik Süß created SLING-12151: --- Summary: Update o.a.f.cm.json to 2.0.2 to reduce OOM scenarios Key: SLING-12151 URL: https://issues.apache.org/jira/browse/SLING-12151 Project: Sling Issue Type: Improvement Components: Content-Package to Feature Model Converter Reporter: Dominik Süß As reported and fixed with FELIX-6664 there was a scenario that could cause OOM issues when processing big feature files with comments due to inefficient string handling holding the whole feature files as string representation in memory - to leverage the fix a version bump is necessary. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (SLING-12148) Committer CLI Fails to Parse CI Status
[ https://issues.apache.org/jira/browse/SLING-12148?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Klco resolved SLING-12148. -- Assignee: Dan Klco Resolution: Fixed > Committer CLI Fails to Parse CI Status > -- > > Key: SLING-12148 > URL: https://issues.apache.org/jira/browse/SLING-12148 > Project: Sling > Issue Type: Bug > Components: CI >Affects Versions: Committer CLI 1.0.0 >Reporter: Dan Klco >Assignee: Dan Klco >Priority: Major > > The committer CLI has been failing to verify releases with: > {{java.lang.NullPointerException: Cannot invoke > "com.google.gson.JsonElement.getAsString()" because the return value of > "com.google.gson.JsonObject.get(String)" is null > at > org.apache.sling.cli.impl.ci.CIStatusValidator.isValid(CIStatusValidator.java:145) > at > org.apache.sling.cli.impl.release.VerifyReleasesCommand.call(VerifyReleasesCommand.java:123) > at > org.apache.sling.cli.impl.release.VerifyReleasesCommand.call(VerifyReleasesCommand.java:42) > at picocli.CommandLine.executeUserObject(CommandLine.java:1701) > at picocli.CommandLine.access$900(CommandLine.java:146) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2059) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2026) > at > picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1893) > at picocli.CommandLine.execute(CommandLine.java:1822) > at > org.apache.sling.cli.impl.CommandProcessor.runCommand(CommandProcessor.java:110) > at > org.apache.sling.cli.impl.ExecutionTrigger.lambda$activate$0(ExecutionTrigger.java:33) > at java.base/java.lang.Thread.run(Unknown Source)}} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (SLING-12149) ResourceResolver: Illegal mode passthrough for resource provider null
[ https://issues.apache.org/jira/browse/SLING-12149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler resolved SLING-12149. -- Resolution: Fixed Fixed in https://github.com/apache/sling-org-apache-sling-resourceresolver/commit/b1dc3b2d013bfda46b067f046cfa68ae978c4871 Improved logging https://github.com/apache/sling-org-apache-sling-resourceresolver/commit/ab29b3019110a2be304d8204c0adbb55e0d28a61 > ResourceResolver: Illegal mode passthrough for resource provider null > - > > Key: SLING-12149 > URL: https://issues.apache.org/jira/browse/SLING-12149 > Project: Sling > Issue Type: Task > Components: ResourceResolver >Affects Versions: Resource Resolver 1.11.2 >Reporter: Joerg Hoh >Assignee: Carsten Ziegeler >Priority: Major > Fix For: Resource Resolver 1.11.4 > > > When trying the new ResourcResolver 1.11.2 I get this log message for > many/all ResourceProvider and the instance does not work: > {noformat} > 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal > mode passthrough for resource provider null > 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker > Ignoring invalid resource provider ResourceProviderInfo > [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, > useResourceAccessSecurity=false, authType=no, modifiable=false] > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-12148) Committer CLI Fails to Parse CI Status
[ https://issues.apache.org/jira/browse/SLING-12148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17785535#comment-17785535 ] Dan Klco commented on SLING-12148: -- Looks like the issue is due to a .git suffix when it extracts GitHub urls from the poms: https://github.com/apache/sling-org-apache-sling-committer-cli/pull/26 > Committer CLI Fails to Parse CI Status > -- > > Key: SLING-12148 > URL: https://issues.apache.org/jira/browse/SLING-12148 > Project: Sling > Issue Type: Bug > Components: CI >Affects Versions: Committer CLI 1.0.0 >Reporter: Dan Klco >Priority: Major > > The committer CLI has been failing to verify releases with: > {{java.lang.NullPointerException: Cannot invoke > "com.google.gson.JsonElement.getAsString()" because the return value of > "com.google.gson.JsonObject.get(String)" is null > at > org.apache.sling.cli.impl.ci.CIStatusValidator.isValid(CIStatusValidator.java:145) > at > org.apache.sling.cli.impl.release.VerifyReleasesCommand.call(VerifyReleasesCommand.java:123) > at > org.apache.sling.cli.impl.release.VerifyReleasesCommand.call(VerifyReleasesCommand.java:42) > at picocli.CommandLine.executeUserObject(CommandLine.java:1701) > at picocli.CommandLine.access$900(CommandLine.java:146) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2059) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2026) > at > picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1893) > at picocli.CommandLine.execute(CommandLine.java:1822) > at > org.apache.sling.cli.impl.CommandProcessor.runCommand(CommandProcessor.java:110) > at > org.apache.sling.cli.impl.ExecutionTrigger.lambda$activate$0(ExecutionTrigger.java:33) > at java.base/java.lang.Thread.run(Unknown Source)}} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12150) Update to parent pom 52
Robert Munteanu created SLING-12150: --- Summary: Update to parent pom 52 Key: SLING-12150 URL: https://issues.apache.org/jira/browse/SLING-12150 Project: Sling Issue Type: Improvement Components: Build and Source Control Reporter: Robert Munteanu Assignee: Robert Munteanu Fix For: Committer CLI 1.0.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-12149) ResourceResolver: Illegal mode passthrough for resource provider null
[ https://issues.apache.org/jira/browse/SLING-12149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17785532#comment-17785532 ] Carsten Ziegeler commented on SLING-12149: -- That's a regression caused by https://issues.apache.org/jira/browse/SLING-12060 > ResourceResolver: Illegal mode passthrough for resource provider null > - > > Key: SLING-12149 > URL: https://issues.apache.org/jira/browse/SLING-12149 > Project: Sling > Issue Type: Task > Components: ResourceResolver >Affects Versions: Resource Resolver 1.11.2 >Reporter: Joerg Hoh >Assignee: Carsten Ziegeler >Priority: Major > Fix For: Resource Resolver 1.11.4 > > > When trying the new ResourcResolver 1.11.2 I get this log message for > many/all ResourceProvider and the instance does not work: > {noformat} > 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal > mode passthrough for resource provider null > 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker > Ignoring invalid resource provider ResourceProviderInfo > [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, > useResourceAccessSecurity=false, authType=no, modifiable=false] > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12149) ResourceResolver: Illegal mode passthrough for resource provider null
[ https://issues.apache.org/jira/browse/SLING-12149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler updated SLING-12149: - Fix Version/s: Resource Resolver 1.11.4 > ResourceResolver: Illegal mode passthrough for resource provider null > - > > Key: SLING-12149 > URL: https://issues.apache.org/jira/browse/SLING-12149 > Project: Sling > Issue Type: Task > Components: ResourceResolver >Affects Versions: Resource Resolver 1.11.2 >Reporter: Joerg Hoh >Assignee: Carsten Ziegeler >Priority: Major > Fix For: Resource Resolver 1.11.4 > > > When trying the new ResourcResolver 1.11.2 I get this log message for > many/all ResourceProvider and the instance does not work: > {noformat} > 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal > mode passthrough for resource provider null > 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker > Ignoring invalid resource provider ResourceProviderInfo > [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, > useResourceAccessSecurity=false, authType=no, modifiable=false] > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-12149) ResourceResolver: Illegal mode passthrough for resource provider null
[ https://issues.apache.org/jira/browse/SLING-12149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Hoh updated SLING-12149: -- Description: When trying the new ResourcResolver 1.11.2 I get this log message for many/all ResourceProvider and the instance does not work: {noformat} 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal mode passthrough for resource provider null 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker Ignoring invalid resource provider ResourceProviderInfo [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, useResourceAccessSecurity=false, authType=no, modifiable=false] {noformat} was: When trying the new ResourcResolver 1.11.2 I get this log message and the instance does not work: {noformat} 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal mode passthrough for resource provider null 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker Ignoring invalid resource provider ResourceProviderInfo [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, useResourceAccessSecurity=false, authType=no, modifiable=false] {noformat} > ResourceResolver: Illegal mode passthrough for resource provider null > - > > Key: SLING-12149 > URL: https://issues.apache.org/jira/browse/SLING-12149 > Project: Sling > Issue Type: Task > Components: ResourceResolver >Affects Versions: Resource Resolver 1.11.2 >Reporter: Joerg Hoh >Priority: Major > > When trying the new ResourcResolver 1.11.2 I get this log message for > many/all ResourceProvider and the instance does not work: > {noformat} > 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal > mode passthrough for resource provider null > 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker > Ignoring invalid resource provider ResourceProviderInfo > [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, > useResourceAccessSecurity=false, authType=no, modifiable=false] > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (SLING-12149) ResourceResolver: Illegal mode passthrough for resource provider null
[ https://issues.apache.org/jira/browse/SLING-12149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Carsten Ziegeler reassigned SLING-12149: Assignee: Carsten Ziegeler > ResourceResolver: Illegal mode passthrough for resource provider null > - > > Key: SLING-12149 > URL: https://issues.apache.org/jira/browse/SLING-12149 > Project: Sling > Issue Type: Task > Components: ResourceResolver >Affects Versions: Resource Resolver 1.11.2 >Reporter: Joerg Hoh >Assignee: Carsten Ziegeler >Priority: Major > > When trying the new ResourcResolver 1.11.2 I get this log message for > many/all ResourceProvider and the instance does not work: > {noformat} > 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal > mode passthrough for resource provider null > 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] > org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker > Ignoring invalid resource provider ResourceProviderInfo > [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, > useResourceAccessSecurity=false, authType=no, modifiable=false] > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12149) ResourceResolver: Illegal mode passthrough for resource provider null
Joerg Hoh created SLING-12149: - Summary: ResourceResolver: Illegal mode passthrough for resource provider null Key: SLING-12149 URL: https://issues.apache.org/jira/browse/SLING-12149 Project: Sling Issue Type: Task Components: ResourceResolver Affects Versions: Resource Resolver 1.11.2 Reporter: Joerg Hoh When trying the new ResourcResolver 1.11.2 I get this log message and the instance does not work: {noformat} 13.11.2023 15:41:18.003 *ERROR* [FelixStartLevel] org.apache.sling.resourceresolver.impl.providers.ResourceProviderInfo Illegal mode passthrough for resource provider null 13.11.2023 15:41:18.005 *WARN* [FelixStartLevel] org.apache.sling.resourceresolver.impl.providers.ResourceProviderTracker Ignoring invalid resource provider ResourceProviderInfo [ref=[org.apache.sling.spi.resource.provider.ResourceProvider], path=/apps/, useResourceAccessSecurity=false, authType=no, modifiable=false] {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12148) Committer CLI Fails to Parse CI Status
Dan Klco created SLING-12148: Summary: Committer CLI Fails to Parse CI Status Key: SLING-12148 URL: https://issues.apache.org/jira/browse/SLING-12148 Project: Sling Issue Type: Bug Components: CI Affects Versions: Committer CLI 1.0.0 Reporter: Dan Klco The committer CLI has been failing to verify releases with: {{java.lang.NullPointerException: Cannot invoke "com.google.gson.JsonElement.getAsString()" because the return value of "com.google.gson.JsonObject.get(String)" is null at org.apache.sling.cli.impl.ci.CIStatusValidator.isValid(CIStatusValidator.java:145) at org.apache.sling.cli.impl.release.VerifyReleasesCommand.call(VerifyReleasesCommand.java:123) at org.apache.sling.cli.impl.release.VerifyReleasesCommand.call(VerifyReleasesCommand.java:42) at picocli.CommandLine.executeUserObject(CommandLine.java:1701) at picocli.CommandLine.access$900(CommandLine.java:146) at picocli.CommandLine$RunLast.handle(CommandLine.java:2059) at picocli.CommandLine$RunLast.handle(CommandLine.java:2026) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1893) at picocli.CommandLine.execute(CommandLine.java:1822) at org.apache.sling.cli.impl.CommandProcessor.runCommand(CommandProcessor.java:110) at org.apache.sling.cli.impl.ExecutionTrigger.lambda$activate$0(ExecutionTrigger.java:33) at java.base/java.lang.Thread.run(Unknown Source)}} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [VOTE] Release Apache Sling Repoinit JCR 1.1.46
+1 On Mon, Nov 13, 2023 at 9:22 AM Carsten Ziegeler wrote: > +1 > > Carsten > > On 13.11.2023 13:25, Julian Sedding wrote: > > Hi, > > > > We solved 3 issues in this release: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12352870=Text > > > > Staging repository: > > https://repository.apache.org/content/repositories/orgapachesling-2807/ > > > > You can use this UNIX script to download the release and verify the > signatures: > > > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > > > Usage: > > sh check_staged_release.sh 2807 /tmp/sling-staging > > > > Please vote to approve this release: > > > >[ ] +1 Approve the release > >[ ] 0 Don't care > >[ ] -1 Don't release, because ... > > > > This majority vote is open for at least 72 hours. > > > > Regards > > Julian > > -- > Carsten Ziegeler > Adobe > cziege...@apache.org >
[jira] [Resolved] (SLING-12147) caconfig-impl: Replace Sling XSS with OWASP Encoder
[ https://issues.apache.org/jira/browse/SLING-12147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seifert resolved SLING-12147. Resolution: Fixed https://github.com/apache/sling-org-apache-sling-caconfig-impl/commit/6d87c0abb5f791b72289ed57be63755372330fb9 > caconfig-impl: Replace Sling XSS with OWASP Encoder > --- > > Key: SLING-12147 > URL: https://issues.apache.org/jira/browse/SLING-12147 > Project: Sling > Issue Type: Improvement > Components: Extensions >Affects Versions: Context-Aware Configuration Impl 1.6.0 >Reporter: Stefan Seifert >Assignee: Stefan Seifert >Priority: Major > Fix For: Context-Aware Configuration Impl 1.6.2 > > > we do no longer want to use Sling XSS in our webconsole plugins to reduce > dependencies, so replace usage of it with OWASP encoder, similar to other > webconsole plugins e.g. SLING-12055 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12147 Replace Sling XSS with OWASP Encoder [sling-org-apache-sling-caconfig-impl]
stefanseifert merged PR #8: URL: https://github.com/apache/sling-org-apache-sling-caconfig-impl/pull/8 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling Repoinit JCR 1.1.46
+1 Carsten On 13.11.2023 13:25, Julian Sedding wrote: Hi, We solved 3 issues in this release: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12352870=Text Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2807/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2807 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Julian -- Carsten Ziegeler Adobe cziege...@apache.org
Re: [PR] SLING-12147 Replace Sling XSS with OWASP Encoder [sling-org-apache-sling-caconfig-impl]
sonarcloud[bot] commented on PR #8: URL: https://github.com/apache/sling-org-apache-sling-caconfig-impl/pull/8#issuecomment-1808244803 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-caconfig-impl=8) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-impl=8=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-impl=8=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-impl=8=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-impl=8=false=CODE_SMELL) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/0-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-impl=8=new_coverage=list) [0.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-impl=8=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-impl=8=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-impl=8=new_duplicated_lines_density=list) ![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png 'idea') Catch issues before they fail your Quality Gate with our IDE extension ![sonarlint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png 'sonarlint') [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=sonarcloud-welcome) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-12140) Creating new jira version fails: No releases found in 'Parent 60 (Java 11)'
[ https://issues.apache.org/jira/browse/SLING-12140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu resolved SLING-12140. - Resolution: Fixed > Creating new jira version fails: No releases found in 'Parent 60 (Java 11)' > --- > > Key: SLING-12140 > URL: https://issues.apache.org/jira/browse/SLING-12140 > Project: Sling > Issue Type: Bug > Components: Build and Source Control >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Major > Fix For: Committer CLI 1.0.0 > > > {noformat}$ sling-cli release create-new-jira-version -r 2804 -x INTERACTIVE > Found Version: XSS Protection API 2.4.0 (id=12353773, fixed issues=8). > java.lang.IllegalArgumentException: No releases found in 'Parent 60 (Java 11)' > at org.apache.sling.cli.impl.release.Release.fromString(Release.java:62) > at > org.apache.sling.cli.impl.jira.VersionClient.lambda$findSuccessorVersion$2(VersionClient.java:134) > at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown > Source) > at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown > Source) > at > java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown > Source) > at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) > at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown > Source) > at > java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown > Source) > at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) > at java.base/java.util.stream.ReferencePipeline.reduce(Unknown Source) > at java.base/java.util.stream.ReferencePipeline.min(Unknown Source) > at > org.apache.sling.cli.impl.jira.VersionClient.findVersion(VersionClient.java:338) > at > org.apache.sling.cli.impl.jira.VersionClient.findSuccessorVersion(VersionClient.java:133) > at > org.apache.sling.cli.impl.release.CreateJiraVersionCommand.call(CreateJiraVersionCommand.java:79) > at > org.apache.sling.cli.impl.release.CreateJiraVersionCommand.call(CreateJiraVersionCommand.java:39) > at picocli.CommandLine.executeUserObject(CommandLine.java:1701) > at picocli.CommandLine.access$900(CommandLine.java:146) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2059) > at picocli.CommandLine$RunLast.handle(CommandLine.java:2026) > at > picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1893) > at picocli.CommandLine.execute(CommandLine.java:1822) > at > org.apache.sling.cli.impl.CommandProcessor.runCommand(CommandProcessor.java:110) > at > org.apache.sling.cli.impl.ExecutionTrigger.lambda$activate$0(ExecutionTrigger.java:33) > at java.base/java.lang.Thread.run(Unknown Source){noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
RE: [VOTE] Release Apache Sling Repoinit JCR 1.1.46
+1 stefan
RE: [VOTE] Release Apache Sling slingfeature maven plugin 1.8.0
+1 stefan
Re: [VOTE] Release Apache Sling slingfeature maven plugin 1.8.0
+1 On Mon, Nov 13, 2023 at 7:22 AM Carsten Ziegeler wrote: > +1 > > Carsten > > On 13.11.2023 10:41, Carsten Ziegeler wrote: > > Hi, > > > > We solved 6 issues in the feature model > > https://issues.apache.org/jira/projects/SLING/versions/12353832 > > > > > > Staging repository: > > https://repository.apache.org/content/repositories/orgapachesling-2806/ > > > > You can use this UNIX script to download the release and verify the > > signatures: > > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > > > Usage: > > sh check_staged_release.sh 2806 /tmp/sling-staging > > > > Please vote to approve this release: > > > >[ ] +1 Approve the release > >[ ] 0 Don't care > >[ ] -1 Don't release, because ... > > > > This majority vote is open for at least 72 hours. > > > > Regards > > Carsten > > -- > Carsten Ziegeler > Adobe > cziege...@apache.org >
[jira] [Created] (SLING-12147) caconfig-impl: Replace Sling XSS with OWASP Encoder
Stefan Seifert created SLING-12147: -- Summary: caconfig-impl: Replace Sling XSS with OWASP Encoder Key: SLING-12147 URL: https://issues.apache.org/jira/browse/SLING-12147 Project: Sling Issue Type: Improvement Components: Extensions Affects Versions: Context-Aware Configuration Impl 1.6.0 Reporter: Stefan Seifert Assignee: Stefan Seifert Fix For: Context-Aware Configuration Impl 1.6.2 we do no longer want to use Sling XSS in our webconsole plugins to reduce dependencies, so replace usage of it with OWASP encoder, similar to other webconsole plugins e.g. SLING-12055 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[VOTE] Release Apache Sling Repoinit JCR 1.1.46
Hi, We solved 3 issues in this release: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12352870=Text Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2807/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2807 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Julian
Re: [VOTE] Release Apache Sling slingfeature maven plugin 1.8.0
+1 Carsten On 13.11.2023 10:41, Carsten Ziegeler wrote: Hi, We solved 6 issues in the feature model https://issues.apache.org/jira/projects/SLING/versions/12353832 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2806/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2806 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Carsten -- Carsten Ziegeler Adobe cziege...@apache.org
Re: [VOTE] Release Apache Sling Content Distribution Journal Messages 0.5.8
Indeed, an API is added. Purpose is to provide metadata to the package messages. Could you reconsider your veto please ? Cheers, Timothee Le lun. 13 nov. 2023 à 09:41, Christian Schneider a écrit : > -1 > In this version a link to distribution API is added. > I think this should rather not be added in the messaging abstraction. > Can someone explain the purpose and why it should belong in this api? > > Christian > > Am Sa., 11. Nov. 2023 um 22:40 Uhr schrieb Timothee Maret < > tma...@apache.org > >: > > > Hi, > > > > We solved 1 issues in this release: > > https://issues.apache.org/jira/projects/SLING/versions/12353845 > > > > Staging repository: > > https://repository.apache.org/content/repositories/orgapachesling-2805/ > > > > You can use this UNIX script to download the release and verify the > > signatures: > > > > > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > > > Usage: > > sh check_staged_release.sh 2805 /tmp/sling-staging > > > > Please vote to approve this release: > > > > [ ] +1 Approve the release > > [ ] 0 Don't care > > [ ] -1 Don't release, because ... > > > > This majority vote is open for at least 72 hours. > > > > > -- > -- > Christian Schneider > http://www.liquid-reality.de > > Computer Scientist > http://www.adobe.com >
[jira] [Resolved] (SLING-12114) Update org.apache.sling.jcr.repoinit to parent pom 52
[ https://issues.apache.org/jira/browse/SLING-12114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Sedding resolved SLING-12114. Resolution: Fixed > Update org.apache.sling.jcr.repoinit to parent pom 52 > - > > Key: SLING-12114 > URL: https://issues.apache.org/jira/browse/SLING-12114 > Project: Sling > Issue Type: Task > Components: Repoinit >Affects Versions: Repoinit JCR 1.1.44 >Reporter: Julian Sedding >Assignee: Julian Sedding >Priority: Minor > Fix For: Repoinit JCR 1.1.46 > > > Update to parent pom version 52, update used and remove unnecessary > dependencies. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] SLING-12114 - Update org.apache.sling.jcr.repoinit to parent pom 52 [sling-org-apache-sling-jcr-repoinit]
jsedding merged PR #47: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/47 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] SLING-12114 - Update org.apache.sling.jcr.repoinit to parent pom 52 [sling-org-apache-sling-jcr-repoinit]
jsedding opened a new pull request, #47: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/47 - update parent and dependencies - cleanup unused dependencies -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-12115) Repoinit should leave importBehaviour for ACL creation to JCR
[ https://issues.apache.org/jira/browse/SLING-12115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Julian Sedding resolved SLING-12115. Resolution: Fixed > Repoinit should leave importBehaviour for ACL creation to JCR > - > > Key: SLING-12115 > URL: https://issues.apache.org/jira/browse/SLING-12115 > Project: Sling > Issue Type: Bug > Components: Repoinit >Affects Versions: Repoinit JCR 1.1.44 >Reporter: Julian Sedding >Assignee: Julian Sedding >Priority: Major > Fix For: Repoinit JCR 1.1.46 > > > JCR Repoinit checks the existence of the principal, for which ACLs should be > created. In an Oak repository, this check depends on the {{ImportBehaviour}} > configured for the {{SecurityProvider}}. JCR Repoinit should not check, but > instead rely on the repository's behaviour. > cc [~angela] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[VOTE] Release Apache Sling slingfeature maven plugin 1.8.0
Hi, We solved 6 issues in the feature model https://issues.apache.org/jira/projects/SLING/versions/12353832 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2806/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2806 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Carsten -- Carsten Ziegeler Adobe cziege...@apache.org
[jira] [Updated] (SLING-12146) Committer CLI build fails on Windows
[ https://issues.apache.org/jira/browse/SLING-12146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-12146: Attachment: committer-cli-windows.log > Committer CLI build fails on Windows > > > Key: SLING-12146 > URL: https://issues.apache.org/jira/browse/SLING-12146 > Project: Sling > Issue Type: Bug >Reporter: Robert Munteanu >Priority: Major > Fix For: Committer CLI 1.0.0 > > Attachments: committer-cli-windows.log > > > https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-committer-cli/detail/PR-23/2/pipeline > {noformat} > [ERROR] Errors: > [ERROR] RepositoryServiceTest.testDownloadRepository:150 » > DirectoryNotEmpty C:\Users\... > [INFO] > [ERROR] Tests run: 53, Failures: 8, Errors: 1, Skipped: 0 > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-12146) Committer CLI build fails on Windows
Robert Munteanu created SLING-12146: --- Summary: Committer CLI build fails on Windows Key: SLING-12146 URL: https://issues.apache.org/jira/browse/SLING-12146 Project: Sling Issue Type: Bug Reporter: Robert Munteanu Fix For: Committer CLI 1.0.0 Attachments: committer-cli-windows.log https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-committer-cli/detail/PR-23/2/pipeline {noformat} [ERROR] Errors: [ERROR] RepositoryServiceTest.testDownloadRepository:150 » DirectoryNotEmpty C:\Users\... [INFO] [ERROR] Tests run: 53, Failures: 8, Errors: 1, Skipped: 0 {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [VOTE] Release Apache Sling Content Distribution Journal Messages 0.5.8
-1 In this version a link to distribution API is added. I think this should rather not be added in the messaging abstraction. Can someone explain the purpose and why it should belong in this api? Christian Am Sa., 11. Nov. 2023 um 22:40 Uhr schrieb Timothee Maret : > Hi, > > We solved 1 issues in this release: > https://issues.apache.org/jira/projects/SLING/versions/12353845 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2805/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2805 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > -- -- Christian Schneider http://www.liquid-reality.de Computer Scientist http://www.adobe.com