Re: [VOTE] CXF 3.3.6 and 3.2.13

[Jean-Baptiste Onofre]

+1 (non binding)

Regards
JB

> Le 25 mars 2020 à 20:53, Alexey Markevich  a écrit :
> 
> +1
> 
> On 3/25/20, Freeman Fang  wrote:
>> +1(binding)
>> 
>> Thanks!
>> Freeman
>> 
>> On Wed, Mar 25, 2020 at 2:38 PM Daniel Kulp  wrote:
>> 
>>> 
>>> This is a vote to release CXF 3.3.6 and 3.2.13.   We’ve fixed over 30
>>> JIRA
>>> issues and it’s been over 2 months since the last set of releases.
>>> 
>>> Staging repos:
>>> https://repository.apache.org/content/repositories/orgapachecxf-1151/ <
>>> https://repository.apache.org/content/repositories/orgapachecxf-1151/>
>>> https://repository.apache.org/content/repositories/orgapachecxf-1152/ <
>>> https://repository.apache.org/content/repositories/orgapachecxf-1152/>
>>> 
>>> 
>>> Tags:
>>> 
>>> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=118421ee51886d47caf8b279e9b7e04dae067181
>>> <
>>> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=118421ee51886d47caf8b279e9b7e04dae067181
 
>>> 
>>> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=b38351b34549a851a2cf1aa95e94d29089d1c598
>>> <
>>> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=b38351b34549a851a2cf1aa95e94d29089d1c598
 
>>> 
>>> Here is my +1
>>> 
>>> 
>>> 
>>> --
>>> Daniel Kulp
>>> dk...@apache.org  - http://dankulp.com/blog <
>>> http://dankulp.com/blog>
>>> Talend Community Coder - http://talend.com 
>>> 
>> 

Re: [VOTE] Apache CXF 3.4.0

[Jean-Baptiste Onofre]

+1 (non binding)

Regards
JB

> Le 20 août 2020 à 20:28, Daniel Kulp  a écrit :
> 
> This is a vote to release Apache CXF 3.4.0.  There are several new features, 
> many dependency updates, bunches of fixes, etc….   See the migration guide at:
> http://cxf.apache.org/docs/34-migration-guide.html 
> 
> 
> Staging area:
> https://repository.apache.org/content/repositories/orgapachecxf-1158/ 
> 
> 
> Tag:
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=e034b0b68e9604f4062ae1c4b719789ec51f77b6
>  
> 
> 
> Here is my +1!
> 
> -- 
> Daniel Kulp
> dk...@apache.org  - http://dankulp.com/blog 
> 
> Talend - http://talend.com 

Re: [VOTE] - Release Apache CXF Fediz 1.5.0

[Jean-Baptiste Onofre]

+1 (non binding)

Regards
JB

> Le 20 juin 2020 à 16:43, Daniel Kulp  a écrit :
> 
> +1
> 
> Thanks for doing this!
> 
> Dan
> 
> 
>> On Jun 19, 2020, at 6:14 AM, Colm O hEigeartaigh  wrote:
>> 
>> This is a vote to release Apache CXF Fediz 1.5.0. This is a major new
>> release with the following issues fixed:
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420=12336848
>> 
>> The main changes are:
>> * Updating the IdP to use Spring Security 4.
>> * Support for Jetty 9.4 + Tomcat 9 plugins
>> * Fixing issues that prevented the Tomcat plugin working from versions
>> 8.5.50 and 9.0.30
>> * Drop the Tomcat 7, Jetty 8, Spring Security 2 + 3 plugins
>> 
>> Git tag: https://github.com/apache/cxf-fediz/tree/fediz-1.5.0
>> Artifacts:
>> https://repository.apache.org/content/repositories/orgapachecxf-1153/
>> Source Artifacts:
>> https://repository.apache.org/content/repositories/orgapachecxf-1153/org/apache/cxf/fediz/fediz/1.5.0/
>> 
>> +1 from me.
>> 
>> Colm.
> 
> -- 
> Daniel Kulp
> dk...@apache.org  - http://dankulp.com/blog 
> 
> Talend Community Coder - http://talend.com 

Re: [VOTE] CXF 3.3.7 and 3.2.14

[Jean-Baptiste Onofre]

+1 (non binding)

Regards
JB

> Le 23 juin 2020 à 23:02, Daniel Kulp  a écrit :
> 
> This is a vote to release CXF 3.3.7 and 3.2.14.   We’ve fixed over 20 JIRA 
> issues and it’s been over 2 months since the last set of releases.
> 
> Staging repos:
> https://repository.apache.org/content/repositories/orgapachecxf-1154/ 
> 
> https://repository.apache.org/content/repositories/orgapachecxf-1155/ 
> 
> 
> 
> Tags:
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=3de6388a8cc2bbd834a563750b66efb9ea45a4b1
>  
> 
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=f1d43967ee19387603db5c55de7ce95f54243c81
>  
> 
> 
> Here is my +1
> 
> 
> -- 
> Daniel Kulp
> dk...@apache.org  - http://dankulp.com/blog 
> 
> 
> 

Re: Releases soon?

[Jean-Baptiste Onofre]

It sounds good.

Regards
JB

> Le 11 juin 2020 à 13:12, Colm O hEigeartaigh  a écrit :
> 
> We should get 3.3.7 and 3.2.14 out soon. Is there anything else to go into
> these releases? I propose that this should be the last 3.2.x release, as
> 3.4.0 should be relatively imminent once we tidy up the last few issues.
> 
> Colm.

Re: [VOTE] - Release Apache CXF Fediz 1.5.1

[Jean-Baptiste Onofre]

+1 (non binding)

Regards
JB

> Le 24 nov. 2020 à 18:38, Colm O hEigeartaigh  a écrit :
> 
> This is a vote to release Apache CXF Fediz 1.5.1. This is a minor bug fix
> release, which also picks up more recent CXF, Spring, Tomcat, Jetty
> (amongst others) dependencies.
> 
> Issues fixed:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420=12348427
> Git tag: https://github.com/apache/cxf-fediz/tree/fediz-1.5.1
> Artifacts:
> https://repository.apache.org/content/repositories/orgapachecxf-1161/
> 
> +1 from me.
> 
> Colm.

Re: CXF 3.4.2 soon

[Jean-Baptiste Onofre]

+1

It sounds good to me. Thanks !

Regards
JB

> Le 18 déc. 2020 à 08:02, Colm O hEigeartaigh  a écrit :
> 
> Hi all,
> 
> I'd like to get CXF 3.4.2 out before the end of the year if possible. It's
> a bit shorter than our usual release cycle, but there have been some
> regressions which we should get released.
> 
> WSS4J 2.3.1 is under vote and should be released by Monday. Apart from
> that, the only outstanding issue is the Graal stuff (CXF-8340). @Andriy
> Redko  is there much more to do on this? Anything else
> anyone is going to imminently fix for 3.4.2?
> 
> Colm.

Re: [VOTE] CXF 3.4.2/3.3.9

[Jean-Baptiste Onofre]

+1 (non binding)

Regards
JB

> Le 23 déc. 2020 à 20:55, Daniel Kulp  a écrit :
> 
> This is a vote to release CXF 3.4.2 and 3.3.9.   We have several fixes and 
> dependency updates that would be good to get into peoples hands before the 
> end of the year.
> 
> 
> Staging repositories:
> https://repository.apache.org/content/repositories/orgapachecxf-1162
> https://repository.apache.org/content/repositories/orgapachecxf-1163
> 
> Tags:
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=e95c32aa6f661f4d5078048309880d7ca28ee2fe
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=a868e153ab0513385e622f9321fdd5fe88940b67
> 
> Vote will likely be open until at least the 28th.
> 
> 
> Here is my +1.  
> 
> -- 
> Daniel Kulp
> dk...@apache.org  - http://dankulp.com/blog 
> 
> Talend - http://talend.com 

Re: [VOTE] Apache CXF 3.4.1 and 3.3.8

[Jean-Baptiste Onofre]

+1 (non binding)

Slight note: Karaf 4.3.0 doesn’t provide the jetty feature anymore (used by 
cxf-http-jetty one). For "transition" purpose, I’m re-adding this feature in 
Karaf 4.3.1 (that I will release soon). I will propose a CXF PR to leverage 
capability and updated feature.

Regards
JB

> Le 3 nov. 2020 à 22:30, Daniel Kulp  a écrit :
> 
> 
> This is a vote to release CXF 3.3.8 and 3.4.1.   We’ve fixed over 20 JIRA 
> issues and it’s been over 2 months since the last set of releases.
> 
> Staging repos:
> https://repository.apache.org/content/repositories/orgapachecxf-1159/ 
> 
> https://repository.apache.org/content/repositories/orgapachecxf-1160/ 
> 
> 
> 
> Tags:
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=57f618fdae294d5b068b3060aa403b5813c527a7
>  
> 
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=18b39003a8a9e16ebd58b750da0c6b4db19b91da
>  
> 
> 
> Here is my +1
> 
> 
> -- 
> Daniel Kulp
> dk...@apache.org  - http://dankulp.com/blog 
> 
> Talend - http://talend.com 

Re: [VOTE] Apache CXF 3.4.4 and 3.3.11

[Jean-Baptiste Onofre]

+1 (non binding)

FYI, I noticed couple of improvement to do on the Karaf features XML, but not 
blocker for the release.

Regards
JB

> Le 4 juin 2021 à 21:41, Daniel Kulp  a écrit :
> 
> This is a vote to release CXF 3.4.4 and 3.3.11.   We have fixed over 26 
> issues and it’s been over 2 months since the last releases.
> 
> 
> Staging repositories:
> https://repository.apache.org/content/repositories/orgapachecxf-1166 
> 
> https://repository.apache.org/content/repositories/orgapachecxf-1167 
> 
> 
> Tags:
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=e7f5899c3b158b50b68981ef5f6c20bd960375e4
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=7c90a225dd3f2ca73cf4673e12e8092e3378caff
> 
> 
> Here is my +1
> 
> -- 
> Daniel Kulp
> dk...@apache.org  - http://dankulp.com/blog 
> 
> Talend - http://talend.com 

Re: Undertow CVE

[Jean-Baptiste Onofre]

It sounds like a plan for Undertow in Pax Web and wrapping (or even no need to 
use a SMX bundle, just private package for pax-web-undertow).

Regards
JB

> Le 29 janv. 2021 à 16:32, Grzegorz Grzybek  a écrit :
> 
> No worries about OSGi ;)
> 
> Pax Web doesn't have plans to upgrade to Undertow 2.1+ for now. And if it
> does, It'll repackage and re-export it with version 2.2. So (Pax Web 9?)
> it'll be the OSGi repackaging of Undertow (maybe in addition to SMX bundle).
> 
> regards
> Grzegorz Grzybek
> 
> pt., 29 sty 2021 o 16:29 Freeman Fang  napisał(a):
> 
>> Hi Colm and Grzegorz,
>> 
>> Based on the facts
>> 1. The CVE got fixed since Undertow 2.2.0(not in 2.1.5).
>> 2. since Undertow 2.1.0,  there is no OSGi support
>> 3. CXF 3.4.x uses Undertow 2.1.x already
>> 4. CXF OSGi features.xml cxf-http-undertow feature reuse
>> pax-http-undertow, so always reuse the undertow version shipped with OPS4J
>> PAX-WEB.
>> 
>>cxf-http
>>pax-http-undertow
>>> start-level="40">mvn:org.apache.cxf/cxf-rt-transports-http-undertow/${project.version}
>>
>>cxf.http.provider;name=undertow
>>
>>
>> So any upgrade to undertow 2.2.x won't affect the CXF behavior in OSGi,
>> though it's true that in OSGi very hard to pick up later undertow release.
>> 
>> In summary, I will upgrade undertow version to 2.23, at least outside OSGi
>> we can pick up this CVE fix.
>> 
>> Cheers
>> Freeman
>> 
>> On Fri, Jan 29, 2021 at 5:55 AM Colm O hEigeartaigh 
>> wrote:
>> 
>>> Hi Grzegorz,
>>> 
>>> Thanks - I was hoping actually that 2.1.5 would have fixed the CVE, and
>>> the CVE information was out of date :-)
>>> 
>>> Colm.
>>> 
>>> On Fri, Jan 29, 2021 at 10:26 AM Grzegorz Grzybek 
>>> wrote:
>>> 
 Hello
 
 Seeing that Undertow 2.2 is mentioned, I'd just like to highlight that
 it's no longer an OSGi bundle (see
 https://issues.redhat.com/browse/UNDERTOW-1684) - if this matter at all
 for CXF :)
 
 kind regards
 Grzegorz Grzybek
 
 pt., 29 sty 2021 o 11:19 Colm O hEigeartaigh 
 napisał(a):
 
> Hey Freeman,
> 
> Can you check if the latest Undertow 2.1.x release (2.1.5) is still
> vulnerable to this CVE?
> 
> https://nvd.nist.gov/vuln/detail/CVE-2020-10687
> 
> If yes, can we update CXF to Undertow 2.2.x to avoid the CVE? I see
> Camel
> has already updated.
> 
> Thanks,
> 
> Colm.
> 
 

Re: [VOTE] Apache CXF 3.4.3 and 3.3.10

[Jean-Baptiste Onofre]

+1 (non binding)

Regards
JB

> Le 15 mars 2021 à 21:59, Daniel Kulp  a écrit :
> 
> 
> This is a vote to release CXF 3.4.3 and 3.3.10.   We have fixed over 20 
> issues and it’s been almost 3 months since the last releases.
> 
> 
> Staging repositories:
> https://repository.apache.org/content/repositories/orgapachecxf-1164/
> https://repository.apache.org/content/repositories/orgapachecxf-1165/
> 
> Tags:
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=9674eb2f8d0013ef1caa87358d6a9bfcdbc2245b
> https://gitbox.apache.org/repos/asf?p=cxf.git;a=tag;h=e85ef7e31d2709d481d3df9175edb5d5490f37fa
> 
> Here is my +1
> 
> -- 
> Daniel Kulp
> dk...@apache.org - http://dankulp.com/blog
> Talend - http://talend.com
> 

Re: Releases next week?

[Jean-Baptiste Onofre]

+1

It sounds good to me.

Regards
JB

> Le 13 sept. 2021 à 17:56, Freeman Fang  a écrit :
> 
> +1
> 
> Thanks!
> Freeman
> 
> On Mon, Sep 13, 2021 at 11:49 AM Colm O hEigeartaigh 
> wrote:
> 
>> I believe we are well overdue getting new releases out, how does early
>> next week sound?
>> 
>> Colm.
>>