Build failed in Jenkins: Rampart #2280

2016-09-25 Thread Apache Jenkins Server 
See 

--
Started by upstream project "Axis2" build number 3587
originally caused by:
 Started by an SCM change
[EnvInject] - Loading node environment variables.
Building remotely on ubuntu-us1 (Ubuntu golang-ppa ubuntu-us ubuntu) in 
workspace 
ERROR: A Maven installation needs to be available for this project to be 
built.Either your server has no Maven installations defined, or the requested 
Maven version does not exist.
Retrying after 10 seconds
ERROR: A Maven installation needs to be available for this project to be 
built.Either your server has no Maven installations defined, or the requested 
Maven version does not exist.
Retrying after 10 seconds
ERROR: A Maven installation needs to be available for this project to be 
built.Either your server has no Maven installations defined, or the requested 
Maven version does not exist.


-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Jenkins build is back to normal : Rampart #2281

2016-09-25 Thread Apache Jenkins Server 
See 


-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

[jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596

2016-09-25 Thread Martin Gainty (JIRA) 

[ 
https://issues.apache.org/jira/browse/AXIS-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15521741#comment-15521741
 ] 

Martin Gainty commented on AXIS-2905:
-

doesnt compile with JDK 1.8.0_40-b26

Warning: Binary file .\javax\security\cert\X509Certificate contains 
javax.security.cert.X509Certificate
  public abstract java.security.Principal getSubjectDN();

suggest backing out patch or reverting to previous version asap

> Insecure certificate validation CVE-2014-3596
> -
>
> Key: AXIS-2905
> URL: https://issues.apache.org/jira/browse/AXIS-2905
> Project: Axis
>  Issue Type: Bug
>Affects Versions: 1.4
>Reporter: David Jorm
> Attachments: CVE-2014-3596.patch
>
>
> It was found that the fix for CVE-2012-5784 was incomplete. The code added to 
> check that the server hostname matches the domain name in the subject's CN 
> field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack 
> where the attacker can spoof a valid certificate using a specially crafted 
> subject.
> For more details, see:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596
> https://access.redhat.com/solutions/1164433



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org