Re: [DRAFT] 2024/04 Board report

fixed (and sent), thanks! On Tue, Apr 9, 2024 at 10:13 PM Dirk Frederickx wrote: > > +1 > (small typo : double entry of the word "detected" > > dirk > > On Tue, Apr 9, 2024 at 7:30 PM Juan Pablo Santos Rodríguez < > juanpablo.san...@gmail.com> wrote: &g

[DRAFT] 2024/04 Board report

Hi, as usual, this quarter's draft of the Board report. It should be sent by tomorrow, so apologies on the rush. Still, any correction, comment, edit, etc. is more than welcome cheers, juan pablo +## Description: +The mission of JSPWiki is the creation and maintenance of software related to

[DRAFT] Board 2024/01 report

The following commit(s) were added to refs/heads/master by this push: new 6b87737 DRAFT Board 2024/01 report 6b87737 is described below commit 6b87737a9a70486d442781b198779845b903abd2 Author: Juan Pablo Santos Rodríguez AuthorDate: Sun Jan 7 17:06:25 2024 +0100 DRAFT Board 2024/01 report

Re: [PR] [JSPWIKI-1178] Address potential deadlock with JDK 21 Virtual Threads. [jspwiki]

Hi Murray, I agree, listeners should only appear on startup, if they appear later on then there's something wrong. It occurs to me that, in this case, perhaps replacing the listener list with a CopyOnWriteArrayList would be enough to tackle all the synchronized code (and the need to wrap it

Re: Proposal to Implement New GitHub Actions Workflows for CI/CD

Hi Arturo! My 2c, I'm ok with the change, with a caveat: If we switch to GH actions, let's ditch the Jenkins build entirely, in order to not have two different build/ci systems. This implies a number of things - SQ analysis should be done from one of the pipelines, perhaps the codeql one? So

Re: Failing CI builds (was: Re: [PR] JSPWIKI-925 - Add Missing i18n Literals for Multiple Languages [jspwiki])

rturo Bernal wrote: > > > Tank you JP > > > > Arturo > > > > > > On Sat, Oct 14, 2023 at 3:47 PM Juan Pablo Santos Rodríguez < > > juanpablo.san...@gmail.com> wrote: > > > >> Hi, > >> > >> Issue is fixed now, associated Jira h

Re: Failing CI builds (was: Re: [PR] JSPWIKI-925 - Add Missing i18n Literals for Multiple Languages [jspwiki])

Hi, Issue is fixed now, associated Jira had been resolved. Cheers, juan pablo El mié, 11 oct 2023, 10:31, Juan Pablo Santos Rodríguez < juanpablo.san...@gmail.com> escribió: > Hi, > > yup, noticed a couple of days ago, seems a malformed maven metadata > file h

Re: [PR] [JSPWIKI-1178] Address potential deadlock with JDK 21 Virtual Threads. [jspwiki]

Hi Murray, to add some context to the PR, from what I understand, the important thing about the Synchronizer class, is more on the switch to use ReentrantLock instead of synchronized blocks, than the code readability/simplification. The Synchronizer class just captures an idiom throughout the

Failing CI builds (was: Re: [PR] JSPWIKI-925 - Add Missing i18n Literals for Multiple Languages [jspwiki])

Hi, yup, noticed a couple of days ago, seems a malformed maven metadata file has been uploaded to the snapshots repository, making impossible to deploy a specific module. As our ci build automatically deploys snapshots, we're stucked there. Contacted infra a couple of days back about this [#1],

[DRAFT] board report for 2023/10

Hi, as usual the draft for next board's report (due to 11th); any edits, comments, etc are more than welcome! best regards, juan pablo [DRAFT] board report for 2023/10 --- board-reports/2023-10.txt | 34 ++ 1 file changed, 34 insertions(+) diff --git

Re: [PR] [JSPWIKI-1178] Address potential deadlock with JDK 21 Virtual Threads. (jspwiki)

Hi Murray, broadly speaking, synchronized blocks aren't go to play so very nice with the new virtual threads functionality, so in order to take advantage of them, the suggeston is to switch to something else, namely locking with a ReentrantLock Going that way, the PR ends up having a lot of

Re: Timing of Next Apache JSPWiki Release 2.12.2

Hi! My 2c, I'd rather wait and merge those two issues, they're close to completion and the java 21 support enhancements would be really cool to have. I'd also like to push some dependency upgrades sitting on my PC, I'll try to do it between tomorrow and next Wednesday. Also I'll draft the report

Re: Discussion on Fixing Relative URLs in Email Notifications (JSPWIKI-1056)

Hi! Thx for looking into this :-) On the associated PR, I wondered if checking for an specific, custom, header with the appropriate value for the absolute url would be the way to go, due to uncovered corner cases if we check for "known" headers. On a second thought, I'm more comfortable if we

Re: [apache/jspwiki] JSPWIKI-1181 - Fix: Correct URL Generation for Pages with Special Characters (PR #310)

Typo, meant 2.12.2-git-03 (although nothing especially important, if it stays on git-02 is ok too) Br, juan pablo El dom, 1 oct 2023, 19:01, Juan Pablo Santos Rodríguez < juanpablo.san...@gmail.com> escribió: > Hi! Shouldn't this be part of 2.12.1-git-03 instead? > > Cheers, >

Re: [apache/jspwiki] JSPWIKI-1181 - Fix: Correct URL Generation for Pages with Special Characters (PR #310)

Hi! Shouldn't this be part of 2.12.1-git-03 instead? Cheers, juan pablo El dom, 1 oct 2023, 18:58, Arturo Bernal escribió: > @arturobernalg pushed 1 commit. > >- 6bf3f32 > >

Re: Delay in Website Update for Latest Release

The website has been updated, so I think all is fine and dandy now, no need to look into nothing :-) Best regards juan pablo El dom, 13 ago 2023, 13:27, Juan Pablo Santos Rodríguez < juanpablo.san...@gmail.com> escribió: > Hiya! > > Site update is fine through > https://ci

Re: Delay in Website Update for Latest Release

Hiya! Site update is fine through https://ci-builds.apache.org/job/JSPWiki/job/site/ This job is scheduled every time a commit is pushed into master, on jspwiki's main repo, and it appears to have run successfully last on 7th Aug. I've just scheduled a build, so hopefully we'll have the site

Re: [VOTE] Release JSPWiki version 2.12.1

Hi, my +1 cheers! juan pablo El mar, 8 ago 2023, 2:06, Murray Altheim escribió: > I will be traveling for the next few days and unable to download or test > the code, so with my apologies, my vote is: > > 0. > > Cheers, > > Murray > > On 8/8/23 06:29, Arturo Bernal wrote: > > Good

Workflow documentation [Re: 2.12.1?]

, 2023 at 3:12 AM Murray Altheim wrote: > > Hi Juan Pablo, > > Sorry for being out of the loop, but could you provide a reference to > the workflow documentation? That would be very helpful, thank you. I've > not investigated it previously. > > Cheers, > > Murray > >

[DRAFT] Board report for July/August meeting

Hi, as mentioned else-thread, please see below the draft for next board meeting. As usual, any comment, edit, etc. is more than welcome! This time we have more than a week for report submission, so there's plenty of time for review cheers, juan pablo board-reports/2023-08.txt | 35

Re: 2.12.1?

ot investigated it previously. > > Cheers, > > Murray > > On 6/22/23 05:11, Juan Pablo Santos Rodríguez wrote: > > Hi, > > > > given that the workflow area is now working as expected, I'd like to > > release it, with the usual dependency updates and maybe PR #282, w

Re: JSP Wiki ShortURLConstructor

=Mailing%20Lists [#2] https://lists.apache.org/list.html?u...@jspwiki.apache.org El mar, 18 jul 2023, 21:38, Juan Pablo Santos Rodríguez < juanpablo.san...@gmail.com> escribió: > Hi Duy Thàn! > > did you also set the wiki/ prefix on your web.xml file? (see note on > jspwiki.properties

Re: JSP Wiki ShortURLConstructor

Hi Duy Thàn! did you also set the wiki/ prefix on your web.xml file? (see note on jspwiki.properties, line 450 onwards) Would you mind also testing if ShortViewUrlConstructor works for page edits? thanks + best regards, juan pablo On Mon, Jul 17, 2023 at 9:50 AM Thành Duy wrote: > > Dear Dev

Re: Jspwiki servlet version

Hi! JSPWiki is servlet 3.1 based, which means you need at least tomcat 9 to run it (or tomcat 8, with some tweaks, see [#1]) IIRC, we do use some methods from servlet 3.1, so downgrading to servlet 3.0 won't be enough to run JSPWiki. HTH, juan pablo p.s.: this mail came through moderation,

2.12.1?

Hi, given that the workflow area is now working as expected, I'd like to release it, with the usual dependency updates and maybe PR #282, which seems pretty close to completion. Sounds reasonable? I know 2.12.0 has been released pretty close, but the workflow approval functionality seems to me

Re: Auto Login in JSPWiki

Hi, JSPWiki doesn't have some sort of OAuth login integration, so I'd say that kind of integration would involve either a) setting up a POST to the Wiki login page and somehow retrieving the jsessionid, so you can forward to JSPWiki appending it as a request param or b) set up JSPWiki login to

[ANNOUNCE] Arturo Bernal as new JSPWiki PMC and committer!

Hi all, We're glad to announce that the JSPWiki PMC has a new member and committer, Arturo Bernal. Welcome! juan pablo, on behalf of the JSPWiki PMC

Re: delay on 2.12.0 release vote

a pull request (https://github.com/apache/jspwiki/pull/285) > with these changes and I recommend thorough testing of these modifications to > ensure it doesn't inadvertently cause other issues. > > Best regards, > > > Arturo Bernal > arturobern...@yahoo.com > > > >

CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins

Severity: moderate Description: A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Mitigation: Apache

[ANNOUNCE] Apache JSPWiki 2.12.0 released

The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.12.0. This is the first release on the 2.12 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[RESULT][VOTE] Release JSPWiki version 2.12.0

;+1 > > Cheers, > > Murray > > On 5/21/23 21:27, Juan Pablo Santos Rodríguez wrote: > > Hi Murray! > > > > Tomcat 10 onwards support the jakarta namespace instead of javax (the one > > that JSPWiki compiles to), so JSPWiki cannot run on it without > >

Re: [VOTE] Release JSPWiki version 2.12.0

stConfig.deployWAR Deployment of web > > application archive [/opt/apache-tomcat-10.1.8/webapps/ > > > > If I'm running the wrong version of Java or Tomcat or there's something > obvious, > > I'm happy to fix that within the next 12 hours, but for now I can't vote > y

Re: [VOTE] Release JSPWiki version 2.12.0

ay, May 16, 2023 at 11:07:29 AM GMT+2, Harry Metske < > harry.met...@gmail.com> wrote: > > +1 > > Looking good! > > cheers, > Harry > > > On Mon, 15 May 2023 at 12:13, Juan Pablo Santos Rodríguez < > juanpa...@apache.org> wrote: > > > This is

Re: [VOTE] Release JSPWiki version 2.12.0

my +1 cheers, juan pablo On Mon, May 15, 2023 at 12:13 PM Juan Pablo Santos Rodríguez < juanpa...@apache.org> wrote: > This is a release vote for Apache JSPWiki, version 2.12.0. The vote will > be open for at least 72 hours from now. > > You can see a curated changelog at

[VOTE] Release JSPWiki version 2.12.0

This is a release vote for Apache JSPWiki, version 2.12.0. The vote will be open for at least 72 hours from now. You can see a curated changelog at https://jspwiki-wiki.apache.org/Wiki.jsp?page=NewIn2.12 Note that we are voting upon the source (tag), binaries are provided for convenience.

delay on 2.12.0 release vote

Hi, finally tonight I was able to begin with the release vote for 2.12.0 and prepare the RC1 artifacts. Unfortunately, I've just seen that the docker images aren't compiling due to an error on the main module while executing mvn -B dependency:go-offline (we do that in order to cache the artifacts

[DRAFT] 2023/04 Board report

by this push: new 171be84 [DRAFT] 2023/04 Board report 171be84 is described below commit 171be8405e33a779c1f46777a81107874e39efb4 Author: Juan Pablo Santos Rodríguez AuthorDate: Mon Apr 10 21:37:03 2023 +0200 [DRAFT] 2023/04 Board report --- board-reports/2023-04.txt | 35

Incoming release for 2.12.0?

Hi! We have some security fixes sitting on master for a while now. We've also had another security report for some weeks that seems to resolve to not be an issue, since we haven't heard back from the reporter from quite a while now. Maybe it's a good time to proceed with the release of 2.12.0.

Re: gulpfile.js, package.json and package-lock.json at jspwiki-war?

> dirk > > On Fri, Mar 24, 2023 at 8:52 PM Juan Pablo Santos Rodríguez < > juanpablo.san...@gmail.com> wrote: > > > Hi, > > > > I've noticed that we have the files mentioned on subject on the > jspwiki-war > > module? How are they > > used? Are

gulpfile.js, package.json and package-lock.json at jspwiki-war?

Hi, I've noticed that we have the files mentioned on subject on the jspwiki-war module? How are they used? Are they meant to be incorporated on the maven build? We have a lot of Dependabot PRs and alerts regarding these files and I'm unsure on how to act on them. thanks & best regards, juan

[DRAFT] 2023 Board report

: Juan Pablo Santos Rodríguez AuthorDate: Wed Jan 11 13:56:51 2023 +0100 [DRAFT] 2023 Board report --- board-reports/2023-01.txt | 32 1 file changed, 32 insertions(+) diff --git a/board-reports/2023-01.txt b/board-reports/2023-01.txt new file mode 100644 index

Re: CategoryHierarchyPlugin

Hi, incredibly late, but somehow this got piled under a ton of other mails and I missed it :-/ The plugin indeed seems interesting, would you like to send a PR to JSPWiki with it? :-) some remarks on the code - classes should contain the Apache License header - package would need to change to

No more public Jira sign ups

Hi, As per https://blogs.apache.org/infra/entry/jira-public-signup-disabled infra has locked public sign ups, so new accounts have to be requested via ML. We'd probably want to requests a new ML for this, but for now I think dev is fine. Maybe is a good moment to reconsider GH issues instead?

Re: [DRAFT] Board report for 2022/10

t repository. > > juanpablo pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/jspwiki-asf-docs.git > > > The following commit(s) were added to refs/heads/master by this push: > new f8f0202 [DRAFT] Board report for 2022/10 > f8f0202 is described b

[DRAFT] Board report for 2022/10

added to refs/heads/master by this push: new f8f0202 [DRAFT] Board report for 2022/10 f8f0202 is described below commit f8f0202699121e95d3499c580d4613ef9c5d6a91 Author: Juan Pablo Santos Rodríguez AuthorDate: Tue Oct 11 00:12:55 2022 +0200 [DRAFT] Board report for 2022/10 --- board

Re: [GitHub] [jspwiki] juanpablo-santos commented on pull request #228: [SECURITY] Fix Partial Path Traversal Vulnerability

Hi, would appreciate some comments on this, either here or at GH. It's a strong opinion but it's only my opinion, I'd welcome any other POV on how to tackle this kind of issues, specially if you feel otherwise. thx + best regards, juan pablo On Fri, Sep 23, 2022 at 11:32 PM GitBox wrote: > >

Re: Policy on matchEnglishPlurals?

Hi, I'd say you've found all the documentation that there is about that :-/ Basically if the jspwiki.translatorReader.matchEnglishPlurals property is set to true, then pages ending with 's' are considered the same as their singular form when linking between them. It does not prevent you from

Re: Upgrading jdk requirement?

Hiya! been on holidays and with a lot of $dayjob after that, just wanted to close this, so it doesn't slip through. Let's say next version will be 2.12.0, instead of 2.11.4, and it will require JDK-11? As for when to upgrade the JDK requirement, let's just ask the question every minor release, if

Upgrading jdk requirement?

Hi all, As noted some days ago, may be out is time to upgrade the jdk requirement? Currently we're on jdk8, which is quite behind current LTS, and given the new jdk release cycle, it'll be easy to be in this situation again, so a couple of questions: - should we upgrade? To which jdk? Other than

Re: ClassCastException on application reboot

Hiya, Given there's no jspwiki code in that stack trace, my guess would be either a jspwiki serialization file has been serialized with one jdk and it's been tried to be deserialized with another, or something similar with the JSPs under Tomcat's work directory? Maybe clearing tomcat's and/or

[DRAFT] 2022-08 Board report

: new 4ad107b [DRAFT] 2022-08 Board report 4ad107b is described below commit 4ad107ba7bbb56632a7ac9f7d224efde612af95e Author: Juan Pablo Santos Rodríguez AuthorDate: Tue Aug 9 14:40:12 2022 +0200 [DRAFT] 2022-08 Board report --- board-reports/2022-08.txt | 41

Re: Is 2.11.3 a drop-in replacement for 2.11.2?

Hi Murray, there's also a jspwiki-http (IIRC) artifact which contains the csrf filter. It's completely pluggable, so if you don't include it, everything will continue same as before, it'll be safe to upgrade the jars. However, if you do include it, both JSPs and js files should be upgraded too

Re: LinkParsingOperations improvements?

Hi Murray, (apologies for the brevity, is really late in here, and won't be having too much time next few days..) I extracted the LinkParserOperations to be able to reuse it when developing other parsers; f.ex., you can see it also at the MarkdownParser [#1], and at the LinkTag custom tag [#2]

CVE-2022-34158: Apache JSPWiki: User Group Privilege Escalation

Severity: critical Description: A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to

CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin

Severity: moderate Description: A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Mitigation: Apache JSPWiki

CVE-2022-28731: Apache JSPWiki CSRF in UserPreferences.jsp

Severity: critical Description: A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

CVE-2022-28730: Apache JSPWiki Cross-site scripting vulnerability on AJAXPreview.jsp

Severity: moderate Description: A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages

CVE-2022-27166: Apache JSPWiki: XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2

Severity: moderate Description: A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim Credit: Issue was

[ANNOUNCE] Apache JSPWiki 2.11.3 released

The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.3. This is the fourth release on the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

Re: svn commit: r56073 [1/2] - in /release/jspwiki: 2.11.2/ 2.11.3/ 2.11.3/binaries/ 2.11.3/binaries/portable/ 2.11.3/binaries/webapp/ 2.11.3/source/ 2.11.3/wikipages/

h the URL resolution on the response.sendRedirect) > > dirk > > > On Wed, Aug 3, 2022 at 12:54 AM Juan Pablo Santos Rodríguez < > juanpablo.san...@gmail.com> wrote: > > > Hi Dirk, > > > > I've committed to the release area and released the repo from stag

Re: svn commit: r56073 [1/2] - in /release/jspwiki: 2.11.2/ 2.11.3/ 2.11.3/binaries/ 2.11.3/binaries/portable/ 2.11.3/binaries/webapp/ 2.11.3/source/ 2.11.3/wikipages/

Hi Dirk, I've committed to the release area and released the repo from staging, so most probably they're on central now. F.ex., https://repo1.maven.org/maven2/org/apache/jspwiki/jspwiki-api/2.11.3/ is already available and probably syncing to other mirrors. I had similar issues when editing the

[RESULT][VOTE] Release JSPWiki version 2.11.3

Hi, +72 hours passed, we have 5 +1 votes - Arturo Bernal - Dirk Frederickx* - Harry Metske* - Murray Altheim - Juan Pablo Santos* (* denoting PMC binding vote) so the vote passes :-) I'll proceed with the release There are a couple of post release actions: - fix missing AL headers, there's

Re: [VOTE] Release JSPWiki version 2.11.3

e JSPWiki test extensions not using public api SKIPPED > > Summary #2: so, even with Java 8 installed I wasn't able to build JSPWiki, > with > just "mvn install test" from the download. > > I tried yet a third time with Java 8 but am still failing when trying

Re: [VOTE] Release JSPWiki version 2.11.3

and my +1 cheers, juan pablo On Sat, Jul 30, 2022 at 2:58 PM Juan Pablo Santos Rodríguez < juanpa...@apache.org> wrote: > This is a release vote for Apache JSPWiki, version 2.11.3. The vote will > be open for at least 72 hours from now. > > It fixes the following

[VOTE] Release JSPWiki version 2.11.3

This is a release vote for Apache JSPWiki, version 2.11.3. The vote will be open for at least 72 hours from now. It fixes the following issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310732=12351386 You can see a curated changelog at

Re: GraphReferenceManager

, juan pablo El vie, 29 jul 2022 4:39, Murray Altheim escribió: > On 2022/07/29 6:01, Juan Pablo Santos Rodríguez wrote: > > Hi Murray, > > > > ahh ok, now I see, so I guess we could start by making the reference > > manager pluggable through a wiki property, so anyone wis

Re: GraphReferenceManager

gt; On 26/07/22 6:30 am, Juan Pablo Santos Rodríguez wrote: > > Hi Murray! > > > > nice to see you on the dev list again :-) > > Yes, thanks, good to see you as well. Many years... .. . > > > lots of interesting points on your email, my POV on them: > > &g

Re: GraphReferenceManager

Hi Murray! nice to see you on the dev list again :-) lots of interesting points on your email, my POV on them: - re. GraphReferenceManager: I fail to see how it works, would you mind sharing a concrete example? it is not clear to me if it needs a syntax change or not, or if the current syntax

Incoming 2.11.3 vote+release

Hi! Don't know for others, but I plan to do some minor dependency updates throughout the weekend, having in mind starting a release vote next Monday/Tuesday, if nothing steps in. This release should fix a number of security issues, so every additional testing that can be done in order to ensure

Estimating memory requirements for JSPWiki

Hi, some of the last pushes introduced a profile that allows to measure the memory taken by different JSPWiki objects, which comes handy f.ex., if trying to customize your cache. To activate it, from the root module, execute mvn test -Dtest=MemoryProfiling -pl jspwiki-main (note that the test

Re: Where do ajax post calls get started?

[...] data: { page: Wiki.PageName, wikimarkup: "[{Groups}]()", 'X-XSRF-TOKEN': wiki.CsrfProtection }, best regards, juan pablo On Fri, Jul 1, 2022 at 5:13 PM Juan Pablo Santos Rodríguez wrote: > > Hi, > > I'm writing a csrf prevention filter for post requests on JSPWiki.

Where do ajax post calls get started?

Hi, I'm writing a csrf prevention filter for post requests on JSPWiki. So far everything is going fine looking for posts requests via ajax: preview is started by an AJAX POST call to AJAXPreview.jsp, but I can't find where the call is started. The only place that seems to be calling is

[DRAFT] Board report for 2022/04

Hi, please see below draft for upcoming board meeting. As usual, any comments, edits, etc. are more than welcome. cheers, juan pablo +## Description: +The mission of JSPWiki is the creation and maintenance of software related to +Leading open source WikiWiki engine, feature-rich and built

Re: Markdown support inside JSPWiki

/Wiki.Snips.Markdown.js [#2]: https://jspwiki-wiki.apache.org/Wiki.jsp?page=Wiki%20Syntax On Mon, Jan 17, 2022 at 11:57 PM Dirk Frederickx wrote: > > Hi Juan, > > >> inline feedback, > > > On Mon, Jan 17, 2022 at 12:43 AM Juan Pablo Santos Rodríguez < > juanpablo.san..

Introducing Engine lifecycle extensions

Hi all, latest push on master introduces engine lifecycle extensions as another JSPWiki extension point. It allows custom components (plugins, filters, etc.) to be aware of Engine's initialization and shutdown, without having to deep dive on Engine's internals. Examples of

[CVE-2022-24948] Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen

Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.1 Description A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to

[CVE-2022-24947] Apache JSPWiki CSRF Account Takeover

Severity Critical Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.1 Description Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Mitigation Apache JSPWiki users should upgrade to 2.11.2 or later.

[ANNOUNCE] Apache JSPWiki 2.11.2 released

The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.2. This is the third release on the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[RESULT][VOTE] Release JSPWiki version 2.11.2

: > > +1 > > Tx > dirk > > On Tue, Feb 22, 2022 at 9:59 AM Harry Metske wrote: > > > +1 > > > > thanks, > > Harry > > > > > > On Mon, 21 Feb 2022 at 23:12, Juan Pablo Santos Rodríguez < > > juanpa...@apache.org> wrote:

Re: [VOTE] Release JSPWiki version 2.11.2

My +1, best regards, juan pablo El lun., 21 feb. 2022 23:12, Juan Pablo Santos Rodríguez < juanpa...@apache.org> escribió: > This is a release vote for Apache JSPWiki, version 2.11.2. The vote > will be open for at least 72 hours from now. > > It fixes the following

[VOTE] Release JSPWiki version 2.11.2

This is a release vote for Apache JSPWiki, version 2.11.2. The vote will be open for at least 72 hours from now. It fixes the following issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310732=12351120 You can see a curated changelog at

Re: Markdown support inside JSPWiki

is progressing. > > Happy to help on building the markdown support into the editor. > The SNIP editor is build to be pluggable, and this would be a good test > case. > You should only provide a specific "Markdown.Snipe.Command.js" file. > > Would you have a specific markd

Markdown support inside JSPWiki

Hi, last push completed markdown support on the WYIWYG editor. Right now there's a markdown parser, a markdown renderer, a WYIWYG editor renderer, and an html from the WYIWYG editor to markdown syntax converter. [#1] has a bit more info on this. The only item left, in order to have full Markdown

[ JDBC | XML] user databases not allowing empty wiki names

Hi, with last push, both JDBCUserDatabase and XMLUserDatabase will not allow empty or null wiki names on the getWikiNames() method. Previously it was only not allowing null wiki names. In XMLUserDatabase, the reasoning behind this change is that JDom returns an empty string when querying for

Re: [jspwiki] 02/03: Merge branch 'master' of https://github.com/apache/jspwiki

Hi, I had a rather big push in the works, so I've verified those commits; as their content seemed ok to me, I've proceeded with the push. best regards, juan pablo On 2022/01/12 07:15:14 Dirk Frederickx wrote: > Hi, > > I wanted to push a single update (XSS vuln.) to the repo this morning,

[DRAFT] 2022-01 board report

Hi, as usual, please see below draft for this quarter's board report. Any edits, comments, etc. are more than welcome. The report is due to next Wednesday, so apologies on sending the draft this late, I'll try to have it prepared with more time for next report. cheers, juan pablo +++

[ANNOUNCE] Apache JSPWiki 2.11.1 released

The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.1. This is the second release on the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[RESULT][VOTE] Release JSPWiki version 2.11.1

gt; +1 from me. > > Kind regards, > David V > > On Thu, Dec 16, 2021 at 4:19 AM Harry Metske wrote: > > > +1 > > > > thanks, > > Harry > > > > > > > > Op wo 15 dec. 2021 om 17:57 schreef Juan Pablo Santos Rodríguez < > > j

Re: [VOTE] Release JSPWiki version 2.11.1

My +1 best regards, juan pablo On Wed, Dec 15, 2021 at 5:57 PM Juan Pablo Santos Rodríguez wrote: > > This is a release vote for Apache JSPWiki, version 2.11.1. The vote > will be open for at least 72 hours from now. > > It fixes the following issues: > https://issues.apac

[VOTE] Release JSPWiki version 2.11.1

This is a release vote for Apache JSPWiki, version 2.11.1. The vote will be open for at least 72 hours from now. It fixes the following issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310732=12350872 You can see a curated changelog at

[SECURITY] Apache JSPWiki affected by Apache Log4J CVE-2021-44228

Hi all, apologies for the cross-posting, please see below notice on how to mitigate recent Log4J's RCE on existing JSPWiki 2.11.0 installations. * 2021-12-13, Apache JSPWiki affected by Apache Log4J

Re: textToHtml methods from WikiEngine + ReferringPagesPlugin [was: Re: [ANNOUNCE] Apache JSPWiki 2.11.0 released]

p folder? > > Gary > > On 12/7/2021 4:15 PM, Gary Kephart wrote: > > Juan Pablo, > > I found a folder named "lucene" in the working directory and delete that, > then stopped and restarted Wildfly. No change, sadly, in either the search > or WikiCategory. > >

Re: textToHtml methods from WikiEngine + ReferringPagesPlugin [was: Re: [ANNOUNCE] Apache JSPWiki 2.11.0 released]

ting this on my local machine for the first time before I put it on > my hosted account. > > Gary > > On 12/7/2021 2:54 AM, Juan Pablo Santos Rodríguez wrote: > > Hi Gary, > > > > cc'ing dev@j.a.o, as others migth find this interesting / being able > > to help too

textToHtml methods from WikiEngine + ReferringPagesPlugin [was: Re: [ANNOUNCE] Apache JSPWiki 2.11.0 released]

ne.textToHTML(context, wlink); > > > > What's the new way of doing this? This is in the old ImageMapPlus > > plugin that I downloaded and recompiled to work for M6. > > > > Gary > > > > On 11/23/2021 3:13 AM, Juan Pablo Santos Rodríguez wrote: > >>

[CVE-2021-44140] Apache JSPWiki Arbitrary file deletion on logout

Severity Critical Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M8 Description Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance by using a carefuly crafted http request on logout, given that those files are reachable to the

[ANNOUNCE] Apache JSPWiki 2.11.0 released

The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0. This is the first release after eight milestones on the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[RESULT][VOTE] Release JSPWiki version 2.11.0 (RC2)

gt; On Fri, Nov 19, 2021 at 3:03 AM David Vittor wrote: > > > +1 > > > > On Fri, Nov 19, 2021 at 10:54 AM Juan Pablo Santos Rodríguez < > > juanpablo.san...@gmail.com> wrote: > > > > > my +1 > > > > > > > > > best

Re: [VOTE] Release JSPWiki version 2.11.0 (RC2)

my +1 best regards, jp On Fri, Nov 19, 2021 at 12:51 AM Juan Pablo Santos Rodríguez < juanpa...@apache.org> wrote: > This is a release vote for Apache JSPWiki, version 2.11.0. The vote will > be open for at least 72 hours from now. > > It fixes the following

[VOTE] Release JSPWiki version 2.11.0 (RC2)

This is a release vote for Apache JSPWiki, version 2.11.0. The vote will be open for at least 72 hours from now. It fixes the following issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310732=12345152 You can see a curated changelog at

[CANCEL][VOTE] Release JSPWiki version 2.11.0

with the aforementioned fix. I expect the new RC to be cut before next week. best regards, juan pablo On Mon, Nov 8, 2021 at 1:50 PM Juan Pablo Santos Rodríguez < juanpablo.san...@gmail.com> wrote: > Hi, > > Thanks both for the quick responses :-) > > Although we have en

  1   2   3   4   5   >