subject:"Re\: Any plans on extending the 4.4.x stream\?"

Re: Any plans on extending the 4.4.x stream?

2017-09-15 Thread Grzegorz Grzybek

Hello Trevor

See https://ops4j1.jira.com/wiki/spaces/paxweb/blog/ - in August I've
released both 4.4.1 and 4.3.4. If you like please create PAXWEB jira issue
or just let me know about required Jetty update and I can release 4.3.5 or
4.4.2 if you like (even 4.2.x)

regards
Grzegorz Grzybek

2017-09-16 7:26 GMT+02:00 'Achim Nierbeck' via OPS4J :

> Hi Trevor,
>
> you still could try out with the 4.3 line.
> It might already contain what you need.
> Regarding Jira and PR, yes, please a Jira with a PR that contains the jira
> number. This way we always can
> make sure which commit belongs to which version.
>
> One thing though, as 6 is the actually last released version, what made it
> hard for you to upgrade?
> Cause even though it's a major version, we look carefully not to break to
> much stuff.
>
>
> regards, Achim
>
>
> 2017-09-16 2:16 GMT+02:00 Niclas Hedhman :
>
>>
>> I suggest that you submit the PR. That is the easy part. Question is if
>> there is someone willing to do the release. If you are, then great... if
>> not, you would need to convince (charm, beer, bribe, threat...) someone to
>> do it.
>>
>> Cheers
>> Niclas
>>
>> On Sat, Sep 16, 2017 at 5:04 AM, Trevor Brown <
>> tbr...@securityfirstcorp.com> wrote:
>>
>>> Hi all,
>>>
>>> My company is using Pax Web 4.2.7 right now. Unfortunately the version
>>> of Jetty in that release (and actually all Pax Web releases, it seems) is
>>> vulnerable to a timing channel attack (see https://github.com/eclips
>>> e/jetty.project/issues/1556 for details).
>>>
>>> I started looking at options, and right now it looks like the only
>>> upgrade path I have that won't require a lot of effort on my part (I
>>> experimented and failed using any of the 6.x releases) is to upgrade within
>>> the 4.x releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22
>>> and all the unit tests passed.
>>>
>>> So I'm wondering whether I should open a JIRA and submit a pull request
>>> for the upgrade in the 4.4.x stream, or whether I should just consider this
>>> a one-off fork for now and maybe work to pick up the Jetty 9.4.x work in
>>> the 6.0.x stream?
>>>
>>> Thanks in advance.
>>>
>>> --
>>> --
>>> --
>>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "OPS4J" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ops4j+unsubscr...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Niclas Hedhman, Software Developer
>> http://polygene.apache.org - New Energy for Java
>>
>> --
>> --
>> --
>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "OPS4J" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ops4j+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
>
> Apache Member
> Apache Karaf  Committer & PMC
> OPS4J Pax Web  Committer &
> Project Lead
> blog 
> Co-Author of Apache Karaf Cookbook 
>
> Software Architect / Project Manager / Scrum Master
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Any plans on extending the 4.4.x stream?

2017-09-15 Thread 'Achim Nierbeck' via OPS4J

Hi Trevor,

you still could try out with the 4.3 line.
It might already contain what you need.
Regarding Jira and PR, yes, please a Jira with a PR that contains the jira
number. This way we always can
make sure which commit belongs to which version.

One thing though, as 6 is the actually last released version, what made it
hard for you to upgrade?
Cause even though it's a major version, we look carefully not to break to
much stuff.


regards, Achim


2017-09-16 2:16 GMT+02:00 Niclas Hedhman :

>
> I suggest that you submit the PR. That is the easy part. Question is if
> there is someone willing to do the release. If you are, then great... if
> not, you would need to convince (charm, beer, bribe, threat...) someone to
> do it.
>
> Cheers
> Niclas
>
> On Sat, Sep 16, 2017 at 5:04 AM, Trevor Brown <
> tbr...@securityfirstcorp.com> wrote:
>
>> Hi all,
>>
>> My company is using Pax Web 4.2.7 right now. Unfortunately the version of
>> Jetty in that release (and actually all Pax Web releases, it seems) is
>> vulnerable to a timing channel attack (see https://github.com/eclips
>> e/jetty.project/issues/1556 for details).
>>
>> I started looking at options, and right now it looks like the only
>> upgrade path I have that won't require a lot of effort on my part (I
>> experimented and failed using any of the 6.x releases) is to upgrade within
>> the 4.x releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22
>> and all the unit tests passed.
>>
>> So I'm wondering whether I should open a JIRA and submit a pull request
>> for the upgrade in the 4.4.x stream, or whether I should just consider this
>> a one-off fork for now and maybe work to pick up the Jetty 9.4.x work in
>> the 6.0.x stream?
>>
>> Thanks in advance.
>>
>> --
>> --
>> --
>> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "OPS4J" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ops4j+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Niclas Hedhman, Software Developer
> http://polygene.apache.org - New Energy for Java
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 

Apache Member
Apache Karaf  Committer & PMC
OPS4J Pax Web  Committer &
Project Lead
blog 
Co-Author of Apache Karaf Cookbook 

Software Architect / Project Manager / Scrum Master

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Any plans on extending the 4.4.x stream?

2017-09-15 Thread Niclas Hedhman

I suggest that you submit the PR. That is the easy part. Question is if
there is someone willing to do the release. If you are, then great... if
not, you would need to convince (charm, beer, bribe, threat...) someone to
do it.

Cheers
Niclas

On Sat, Sep 16, 2017 at 5:04 AM, Trevor Brown 
wrote:

> Hi all,
>
> My company is using Pax Web 4.2.7 right now. Unfortunately the version of
> Jetty in that release (and actually all Pax Web releases, it seems) is
> vulnerable to a timing channel attack (see https://github.com/
> eclipse/jetty.project/issues/1556 for details).
>
> I started looking at options, and right now it looks like the only upgrade
> path I have that won't require a lot of effort on my part (I experimented
> and failed using any of the 6.x releases) is to upgrade within the 4.x
> releases of Pax Web. I just rebuilt 4.4.1 locally with Jetty 9.2.22 and all
> the unit tests passed.
>
> So I'm wondering whether I should open a JIRA and submit a pull request
> for the upgrade in the 4.4.x stream, or whether I should just consider this
> a one-off fork for now and maybe work to pick up the Jetty 9.4.x work in
> the 6.0.x stream?
>
> Thanks in advance.
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ops4j+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Niclas Hedhman, Software Developer
http://polygene.apache.org - New Energy for Java

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Any plans on extending the 4.4.x stream?

Re: Any plans on extending the 4.4.x stream?

Re: Any plans on extending the 4.4.x stream?

3 matches

Site Navigation

Mail list logo

Footer information