Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-03-04 Thread Jacopo Cappellato
+1 Jacopo Cappellato On Thu, Feb 27, 2020 at 10:49 AM Jacopo Cappellato < jacopo.cappell...@gmail.com> wrote: > This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01": > this is the first release, containing the framework, applications and all > the plugins from the 17.12

Re: Impersonation feature, was: Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-03-03 Thread Pierre Smits
Are we confident that documentation and/or logging/audit capabilities are up to (potential) expectations? Met vriendelijke groet, Pierre Smits *Proud* *contributor** of* Apache OFBiz since 2008 (without privileges) *Apache Trafodion ,

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Aditya Sharma
+1 Thanks and regards, Aditya Sharma On Fri, Feb 28, 2020 at 3:17 PM Michael Brohl wrote: > There is no impersonation functionality in 17.12. The findings are > either documentation or "constants" which do not affect the functionality. > > For 17.12.02 we should remove the documentation

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Michael Brohl
There is no impersonation functionality in 17.12. The findings are either documentation or "constants" which do not affect the functionality. For 17.12.02 we should remove the documentation artefacts for the impersonation feature, but IMO this is no showstopper for the 17.12.01 release.

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Taher Alkhateeb
+1 On Fri, Feb 28, 2020, 12:37 PM Gil Portenseigne wrote: > +1 > > On Thu, Feb 27, 2020 at 06:09:34PM +0100, Michael Brohl wrote: > > +1 > > > > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01  > > ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip > > sha check of file:

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Gil Portenseigne
+1 On Thu, Feb 27, 2020 at 06:09:34PM +0100, Michael Brohl wrote: > +1 > > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01  > ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip > sha check of file: apache-ofbiz-17.12.01.zip > Using sha file: apache-ofbiz-17.12.01.zip.sha512 >

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Pierre Smits
I found 3 artefacts relating to the impersonation aspects. - CommonEvents.java - security.adoc - sy-impersonation.adoc Met vriendelijke groet, Pierre Smits *Proud* *contributor** of* Apache OFBiz since 2008 (without privileges) *Apache Trafodion

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Nicolas Malin
+1 All work from my part Nicolas On 27/02/2020 10:49, Jacopo Cappellato wrote: > This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01": > this is the first release, containing the framework, applications and all > the plugins from the 17.12 release branches. > > The release

Re: Impersonation feature, was: Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Gil Portenseigne
You understand correctly, and moreover a specific permission must be granted to allow the user to impersonate another one. And we even added another security to not allow impersonating a user with more permission than ourselves. When we contributed the feature, it was discussed, and improved

Impersonation feature, was: Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-28 Thread Michael Brohl
*creating a new thread to leave the vote thread untouched* In my understanding from the previous threads about the impersonation features, it is disabled by default and must be enabled explicitly. Using this feature and dealing with the consequences is up to the user then. So I see no valid

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Gil Portenseigne
Hello Pierre, If you are talking about impersonation feature, that is not in the 17.12 branch. In either way, administrative tools, if we got access to it, allow what your are saying. But there is no security issue that grant these privilege we are aware of. If you do, please share to the

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Swapnil M Mane
+1 Best regards, Swapnil M Mane, ofbiz.apache.org On Thu, Feb 27, 2020 at 3:20 PM Jacopo Cappellato < jacopo.cappell...@gmail.com> wrote: > This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01": > this is the first release, containing the framework, applications and all >

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Suraj Khurana
+1 -- Best Regards, Suraj Khurana www.hotwax.co On Thu, Feb 27, 2020 at 3:20 PM Jacopo Cappellato < jacopo.cappell...@gmail.com> wrote: > This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01": > this is the first release, containing the framework, applications and all > the

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Pawan Verma
+1 -- Thanks & Regards Pawan Verma On Fri, Feb 28, 2020 at 7:30 AM Pierre Smits wrote: > And/or contains elements that provide criminal parties information to > impersonate valid users. > > Met vriendelijke groet, > > Pierre Smits > *Proud* *contributor** of* Apache OFBiz

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Pierre Smits
And/or contains elements that provide criminal parties information to impersonate valid users. Met vriendelijke groet, Pierre Smits *Proud* *contributor** of* Apache OFBiz since 2008 (without privileges) *Apache Trafodion , Vice

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Pierre Smits
-1 As this release contains software elements that will enable criminal parties to gain access to the implemented OFBiz system of a user (a business organisation) and impersonate valid users with the intent to bring harm to the aforementioned business organisation through transactions registered

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Nicola Mazzoni
+1 Il gio 27 feb 2020, 18:40 Jacques Le Roux ha scritto: > +1 > > Jacques > > Le 27/02/2020 à 18:09, Michael Brohl a écrit : > > +1 > > > > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01  > ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip > > sha check of file:

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Jacques Le Roux
+1 Jacques Le 27/02/2020 à 18:09, Michael Brohl a écrit : +1 ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01  ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip sha check of file: apache-ofbiz-17.12.01.zip Using sha file: apache-ofbiz-17.12.01.zip.sha512

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Michael Brohl
+1 ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01  ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip sha check of file: apache-ofbiz-17.12.01.zip Using sha file: apache-ofbiz-17.12.01.zip.sha512 apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B

[VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

2020-02-27 Thread Jacopo Cappellato
This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01": this is the first release, containing the framework, applications and all the plugins from the 17.12 release branches. The release files can be downloaded from here: https://dist.apache.org/repos/dist/dev/ofbiz/ and are: *