[ANNOUNCE] Apache Allura 1.16.0 released, contains critical security fix

2023-11-06 Thread Dave Brondsema
The Apache Allura team is pleased to announce the release of Apache Allura 1.16.0 Apache Allura is an open source implementation of a software forge, a web site that manages source code repositories, bug reports, discussions, wiki pages, blogs, and more for any number of individual projects.

Build failed in Jenkins: Allura » Allura-py3.8 #298

2023-11-06 Thread Apache Jenkins Server
See Changes: [dbrondsema] update changelog for 1.16.0 -- Started by an SCM change Running as SYSTEM [EnvInject] - Loading node environment variables. Building

CVE-2023-46851: Apache Allura: sensitive information exposure via import

2023-11-06 Thread Dave Brondsema
Severity: critical Affected versions: - Apache Allura 1.0.1 through 1.15.0 Description: Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose

[allura:tickets] #8524 Docker Upgrade Node Version

2023-11-06 Thread Dave Brondsema
- **Milestone**: unreleased --> v1.16.0 --- ** [tickets:#8524] Docker Upgrade Node Version** **Status:** closed **Milestone:** v1.16.0 **Created:** Mon Oct 23, 2023 09:02 PM UTC by Guillermo Cruz **Last Updated:** Wed Oct 25, 2023 03:01 PM UTC **Owner:** Guillermo Cruz Update the

[allura:tickets] #8523 github api improvements

2023-11-06 Thread Dave Brondsema
- **Milestone**: unreleased --> v1.16.0 --- ** [tickets:#8523] github api improvements** **Status:** closed **Milestone:** v1.16.0 **Created:** Wed Oct 18, 2023 06:43 PM UTC by Dave Brondsema **Last Updated:** Mon Oct 23, 2023 04:11 PM UTC **Owner:** Dave Brondsema --- Sent from

[allura:tickets] #8522 Python Packages Upgrade

2023-11-06 Thread Dave Brondsema
- **Milestone**: unreleased --> v1.16.0 --- ** [tickets:#8522] Python Packages Upgrade** **Status:** closed **Milestone:** v1.16.0 **Created:** Mon Oct 16, 2023 02:52 PM UTC by Guillermo Cruz **Last Updated:** Fri Oct 20, 2023 10:07 PM UTC **Owner:** Guillermo Cruz Quarterly upgrades for

[allura:tickets] Mass edit changes by Dave Brondsema

2023-11-06 Thread Dave Brondsema
Mass edit changing: - **Milestone**: v1.16.0 ticket: tickets:#8519 Drop Python 3.7 Support - **Milestone**: unreleased --> v1.16.0 ticket: tickets:#8521 Do not index empty ticket pages - **Milestone**: unreleased --> v1.16.0

[RESULT] [VOTE] Release of Apache Allura 1.16.0

2023-11-06 Thread Dave Brondsema
The vote passes with 4 +1s from PMC members: Dave Brondsema Kenton Taylor Dillon Walls Guillermo Cruz I'll publish the release, and make the website updates and news announcements after it gets on some of the release mirrors.

Re: [VOTE] Release of Apache Allura 1.16.0

2023-11-06 Thread Dillon Walls
+1 On Mon, Nov 6, 2023 at 10:11 AM Guillermo Cruz wrote: > +1 > > On Fri, Nov 3, 2023 at 12:53 PM Kenton Taylor > wrote: > > > +1 > > > > --- > > Kenton Taylor > > Principal Engineer - sourceforge.net > > Phone: 616-425-9149 > > > > > > On Fri, Nov 3,

Re: [VOTE] Release of Apache Allura 1.16.0

2023-11-06 Thread Guillermo Cruz
+1 On Fri, Nov 3, 2023 at 12:53 PM Kenton Taylor wrote: > +1 > > --- > Kenton Taylor > Principal Engineer - sourceforge.net > Phone: 616-425-9149 > > > On Fri, Nov 3, 2023 at 2:42 PM Dave Brondsema wrote: > > > +1 > > > > On 11/3/23 2:41 PM, Dave