fpapon commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530366347
@boris-petrov I can't see a Jira about this issue, may be I missed it :)
This is an automated m
boris-petrov commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530387875
@fpapon - I've [created a JIRA
issue](https://issues.apache.org/jira/browse/SHIRO-722).
Please tell me what to do with the failing test and I'll do
bdemers commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530392705
@fpapon @boris-petrov Agreed,
Your best bet is to overload the existing method with a new one, and just
make the old call the new with the previous defau
boris-petrov commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530730424
Do we want `NONE` as the default? Chrome is making `LAX` the default and
that is more secure than `NONE`. Perhaps Shiro should do the same?
--
boris-petrov edited a comment on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530730949
Also, what about the added methods? The test is failing because of that
also. I can overload the `buildHeaderValue` and call the new one from the ol
boris-petrov commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530730949
Also, what about the added methods? The test is failing because of that
also. I can overload the `addCookieHeader` and call the new one from the old
one,
fpapon commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530732144
@boris-petrov for me the `getSameSite` and `setSameSite` are not a problem.
This is an automated
asf-ci commented on issue #67: Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530750236
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/158/
---
bdemers commented on issue #67: [SHIRO-722] Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530858412
@boris-petrov great point on the default, it sounds like LAX might be the
way to go, a quick google shows it's that will be the default starting wit
boris-petrov commented on issue #67: [SHIRO-722] Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530864987
@bdemers - done for both points.
This is an automated message from the Apache
boris-petrov opened a new pull request #48: Add info about the SameSite cookie
flag
URL: https://github.com/apache/shiro-site/pull/48
Implementation of the flag is
[here](https://github.com/apache/shiro/pull/67).
This is an
bdemers commented on issue #67: [SHIRO-722] Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530867864
Thanks!!
This is an automated message from the Apache Git Service.
To respond to th
asf-ci commented on issue #67: [SHIRO-722] Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67#issuecomment-530872542
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/159/
---
fpapon merged pull request #67: [SHIRO-722] Add SameSite option to cookies
URL: https://github.com/apache/shiro/pull/67
This is an automated message from the Apache Git Service.
To respond to the message, please log on to Git
fpapon opened a new pull request #168: [SHIRO-684] INI parser keeps escape
characters in keys and values
URL: https://github.com/apache/shiro/pull/168
When fixing this issue, I found a bug in the `isCharEscaped` method and the
`index` usage.
---
asf-ci commented on issue #168: [SHIRO-684] INI parser keeps escape characters
in keys and values
URL: https://github.com/apache/shiro/pull/168#issuecomment-533885094
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/160
bdemers commented on issue #168: [SHIRO-684] INI parser keeps escape characters
in keys and values
URL: https://github.com/apache/shiro/pull/168#issuecomment-533905138
This seems fine to me, but we might want to add a few more test cases around
the escape?
fpapon commented on issue #168: [SHIRO-684] INI parser keeps escape characters
in keys and values
URL: https://github.com/apache/shiro/pull/168#issuecomment-533906738
Ok, I will add more tests.
This is an automated message fr
IlyaGerasimets opened a new pull request #49: Fixed a typo
URL: https://github.com/apache/shiro-site/pull/49
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
fpapon merged pull request #49: Fixed a typo
URL: https://github.com/apache/shiro-site/pull/49
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above
asf-ci commented on issue #168: [SHIRO-684] INI parser keeps escape characters
in keys and values
URL: https://github.com/apache/shiro/pull/168#issuecomment-540027279
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/161
fpapon commented on issue #168: [SHIRO-684] INI parser keeps escape characters
in keys and values
URL: https://github.com/apache/shiro/pull/168#issuecomment-540441367
@bdemers I add some tests and also add the escape char check on the value.
The Travis build failed because of a missing j
fpapon commented on issue #168: [SHIRO-684] INI parser keeps escape characters
in keys and values
URL: https://github.com/apache/shiro/pull/168#issuecomment-540638529
@bdemers Travis build is ok, I can merge ;)
Thanks!
Thi
fpapon merged pull request #168: [SHIRO-684] INI parser keeps escape characters
in keys and values
URL: https://github.com/apache/shiro/pull/168
This is an automated message from the Apache Git Service.
To respond to the mes
coheigea opened a new pull request #169: SHIRO-724 - Update Jetty, Spring,
Spring Boot, Htmlunit dependencies
URL: https://github.com/apache/shiro/pull/169
This is an automated message from the Apache Git Service.
To respond
asf-ci commented on issue #169: SHIRO-724 - Update Jetty, Spring, Spring Boot,
Htmlunit dependencies
URL: https://github.com/apache/shiro/pull/169#issuecomment-543165040
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/
fpapon merged pull request #169: SHIRO-724 - Update Jetty, Spring, Spring Boot,
Htmlunit dependencies
URL: https://github.com/apache/shiro/pull/169
This is an automated message from the Apache Git Service.
To respond to the
fpapon commented on issue #55: SslFilter with HTTP Strict Transport Security
(HSTS)
URL: https://github.com/apache/shiro/pull/55#issuecomment-544392034
@bdemers I would like to add this PR to the next release.
I also like the ShiroPrioritizedFilterChainResolver from Stormpath that you
m
asf-ci commented on issue #55: SslFilter with HTTP Strict Transport Security
(HSTS)
URL: https://github.com/apache/shiro/pull/55#issuecomment-544401629
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/163/
bdemers commented on issue #55: SslFilter with HTTP Strict Transport Security
(HSTS)
URL: https://github.com/apache/shiro/pull/55#issuecomment-544591551
@fpapon
Sure, I can add that!
This is an automated message f
fpapon commented on issue #58: [SHIRO-337] basic cdi support
URL: https://github.com/apache/shiro/pull/58#issuecomment-545116989
@bdemers I see 2 PR related to this one:
https://github.com/apache/shiro/pull/24
https://github.com/apache/shiro/pull/56
How can we deal with it? I can st
fpapon commented on issue #86: replacement of "request.getRemoteHost()" by
"WebUtils.getRemoteAddr()"
URL: https://github.com/apache/shiro/pull/86#issuecomment-545119225
@zhengyanbin Can you fix the comments please? We can add this PR into the
next release.
---
asf-ci commented on issue #86: replacement of "request.getRemoteHost()" by
"WebUtils.getRemoteAddr()"
URL: https://github.com/apache/shiro/pull/86#issuecomment-545124519
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/
rmannibucau commented on issue #58: [SHIRO-337] basic cdi support
URL: https://github.com/apache/shiro/pull/58#issuecomment-545142038
Checked out quickly other PRs, seems they miss tests on user beans with a
normal scope and producers should likely be active only if not overriden by the
us
rmannibucau edited a comment on issue #58: [SHIRO-337] basic cdi support
URL: https://github.com/apache/shiro/pull/58#issuecomment-545142038
Checked out quickly other PRs, seems they miss tests on user beans with a
normal scope and producers should likely be active only if not overriden by
fpapon commented on issue #58: [SHIRO-337] basic cdi support
URL: https://github.com/apache/shiro/pull/58#issuecomment-545318247
@rmannibucau thanks for take a look! I agree to skip cdi1 and also to test
with owb as it's an asf project ;)
---
fpapon commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-545427664
@bdemers have you some additional check to do on this one? I think we could
merge it.
---
zhengyanbin closed pull request #86: replacement of "request.getRemoteHost()"
by "WebUtils.getRemoteAddr()"
URL: https://github.com/apache/shiro/pull/86
This is an automated message from the Apache Git Service.
To respond to
fpapon opened a new pull request #170: [SHIRO-726] Add dynamic import package
URL: https://github.com/apache/shiro/pull/170
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
asf-ci commented on issue #170: [SHIRO-726] Add dynamic import package
URL: https://github.com/apache/shiro/pull/170#issuecomment-548095846
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/165/
-
fpapon merged pull request #170: [SHIRO-726] Add dynamic import package
URL: https://github.com/apache/shiro/pull/170
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHu
jbonofre commented on issue #170: [SHIRO-726] Add dynamic import package
URL: https://github.com/apache/shiro/pull/170#issuecomment-548234236
Sorry for the delay in the review.
This is an automated message from the Apache Git
fpapon commented on issue #59: [SHIRO-617] ShiroFilter initialize
WebEnvironment on startup
URL: https://github.com/apache/shiro/pull/59#issuecomment-549028478
retest this please
This is an automated message from the Apache G
asf-ci commented on issue #59: [SHIRO-617] ShiroFilter initialize
WebEnvironment on startup
URL: https://github.com/apache/shiro/pull/59#issuecomment-549029047
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/166/Build
coheigea closed pull request #84: 1.3.x
URL: https://github.com/apache/shiro/pull/84
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to
coheigea opened a new pull request #171: Updating remaining Groovy tests to
Junit4
URL: https://github.com/apache/shiro/pull/171
This is an automated message from the Apache Git Service.
To respond to the message, please log
asf-ci commented on issue #171: Updating remaining Groovy tests to Junit4
URL: https://github.com/apache/shiro/pull/171#issuecomment-549783254
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/167/
--
fpapon merged pull request #171: Updating remaining Groovy tests to Junit4
URL: https://github.com/apache/shiro/pull/171
This is an automated message from the Apache Git Service.
To respond to the message, please log on to Gi
coheigea opened a new pull request #172: Switch to gmavenplus and update groovy
URL: https://github.com/apache/shiro/pull/172
This means we can now run the groovy tests with JDK 11.
This is an automated message from the Apache
asf-ci commented on issue #172: Switch to gmavenplus and update groovy
URL: https://github.com/apache/shiro/pull/172#issuecomment-550309920
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/168/
-
fpapon merged pull request #172: Switch to gmavenplus and update groovy
URL: https://github.com/apache/shiro/pull/172
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHu
coheigea opened a new pull request #173: Get the aspectj modules passing with
JDK 11
URL: https://github.com/apache/shiro/pull/173
The current aspectj maven plugin appears dead - so switch to use a fork
which supports JDK 11
asf-ci commented on issue #173: Get the aspectj modules passing with JDK 11
URL: https://github.com/apache/shiro/pull/173#issuecomment-551028011
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/169/
fpapon merged pull request #173: Get the aspectj modules passing with JDK 11
URL: https://github.com/apache/shiro/pull/173
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
coheigea opened a new pull request #174: Add javax.annotation dependency to get
guice + some of the samples wo…
URL: https://github.com/apache/shiro/pull/174
…rking with JDK11
This is an automated message from the Apache Git
asf-ci commented on issue #174: Add javax.annotation dependency to get guice +
some of the samples wo…
URL: https://github.com/apache/shiro/pull/174#issuecomment-551581488
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-p
fpapon merged pull request #174: Add javax.annotation dependency to get guice +
some of the samples wo…
URL: https://github.com/apache/shiro/pull/174
This is an automated message from the Apache Git Service.
To respond to th
coheigea opened a new pull request #175: Fixing spring_hibernate sample with
JDK11
URL: https://github.com/apache/shiro/pull/175
This is an automated message from the Apache Git Service.
To respond to the message, please log
asf-ci commented on issue #175: Fixing spring_hibernate sample with JDK11
URL: https://github.com/apache/shiro/pull/175#issuecomment-552391427
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/171/
--
fpapon merged pull request #175: Fixing spring_hibernate sample with JDK11
URL: https://github.com/apache/shiro/pull/175
This is an automated message from the Apache Git Service.
To respond to the message, please log on to Gi
coheigea opened a new pull request #176: SHIRO-728 - Update Spring Boot to
2.1.10
URL: https://github.com/apache/shiro/pull/176
This is an automated message from the Apache Git Service.
To respond to the message, please log
asf-ci commented on issue #176: SHIRO-728 - Update Spring Boot to 2.1.10
URL: https://github.com/apache/shiro/pull/176#issuecomment-552543836
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/172/
---
fpapon merged pull request #176: SHIRO-728 - Update Spring Boot to 2.1.10
URL: https://github.com/apache/shiro/pull/176
This is an automated message from the Apache Git Service.
To respond to the message, please log on to Git
coheigea opened a new pull request #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177
I couldn't get two of the samples working with JDK11, so this patch disables
running those two samples with JDK11. I also updated the dependencies in the
JAX-RS demo.
--
fpapon commented on issue #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177#issuecomment-552876823
@coheigea Thanks!
There is a JIRA about building on JDK11:
https://issues.apache.org/jira/browse/SHIRO-690
And I add some specific builds on Jenkins
asf-ci commented on issue #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177#issuecomment-552877957
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/173/
---
asf-ci commented on issue #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177#issuecomment-552878338
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr-jdk11/1/Build result:
FAILURE[...truncat
Staryjir commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-552901652
Any updates about fix for this issue? I can confirm that this issue is a
problem for apache shiro versio
asf-ci commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-552903516
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org
fpapon commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-552906478
@Staryjir We are actually adding some unit tests, it will be available next
week in the 1.5.0 release.
--
fpapon merged pull request #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
coheigea commented on issue #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177#issuecomment-553382687
@fpapon Looks like you merged just after I pushed an update to the branch
:-) The update was to fix the javadoc stuff for JDK11, so I think we can
resolve SHI
fpapon commented on issue #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177#issuecomment-553383574
@coheigea Yes I didn't see your commit before merge, it was just in time :-)
I will resolve the issue in Jira.
Thanks for fixing this!
---
asf-ci commented on issue #177: Get build working with JDK11
URL: https://github.com/apache/shiro/pull/177#issuecomment-553401239
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/174/
---
coheigea opened a new pull request #178: SHIRO-729 - Updating Quartz to 2.3.2
URL: https://github.com/apache/shiro/pull/178
Tested the feature loads on Karaf as well.
This is an automated message from the Apache Git Service.
T
asf-ci commented on issue #178: SHIRO-729 - Updating Quartz to 2.3.2
URL: https://github.com/apache/shiro/pull/178#issuecomment-554314582
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr-jdk11/4/
---
asf-ci commented on issue #178: SHIRO-729 - Updating Quartz to 2.3.2
URL: https://github.com/apache/shiro/pull/178#issuecomment-554321102
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/175/
---
fpapon merged pull request #178: SHIRO-729 - Updating Quartz to 2.3.2
URL: https://github.com/apache/shiro/pull/178
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub
fpapon opened a new pull request #179: Remove maven-gpg-plugin to force using
apache pom parent settings
URL: https://github.com/apache/shiro/pull/179
This is an automated message from the Apache Git Service.
To respond to t
asf-ci commented on issue #179: Remove maven-gpg-plugin to force using apache
pom parent settings
URL: https://github.com/apache/shiro/pull/179#issuecomment-554550714
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr-jdk
asf-ci commented on issue #179: Remove maven-gpg-plugin to force using apache
pom parent settings
URL: https://github.com/apache/shiro/pull/179#issuecomment-554564988
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/176
fpapon merged pull request #179: Remove maven-gpg-plugin to force using apache
pom parent settings
URL: https://github.com/apache/shiro/pull/179
This is an automated message from the Apache Git Service.
To respond to the mes
coheigea opened a new pull request #180: Adding some more ehcache unit tests
URL: https://github.com/apache/shiro/pull/180
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
asf-ci commented on issue #180: Adding some more ehcache unit tests
URL: https://github.com/apache/shiro/pull/180#issuecomment-554977793
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/177/
asf-ci commented on issue #180: Adding some more ehcache unit tests
URL: https://github.com/apache/shiro/pull/180#issuecomment-554979680
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr-jdk11/6/Failed Tests: 1Shiro-pr-jd
fpapon commented on issue #180: Adding some more ehcache unit tests
URL: https://github.com/apache/shiro/pull/180#issuecomment-555005556
retest this please
This is an automated message from the Apache Git Service.
To respond t
asf-ci commented on issue #180: Adding some more ehcache unit tests
URL: https://github.com/apache/shiro/pull/180#issuecomment-555013227
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr-jdk11/7/Failed Tests: 1Shiro-pr-jd
asf-ci commented on issue #180: Adding some more ehcache unit tests
URL: https://github.com/apache/shiro/pull/180#issuecomment-555013450
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/178/
fpapon merged pull request #180: Adding some more ehcache unit tests
URL: https://github.com/apache/shiro/pull/180
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub a
fpapon merged pull request #50: Release Shiro 1.4.2
URL: https://github.com/apache/shiro-site/pull/50
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
UR
fpapon opened a new pull request #50: Release Shiro 1.4.2
URL: https://github.com/apache/shiro-site/pull/50
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
fpapon commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-555209503
@tomsun28 can you add some utests?
This i
fpapon edited a comment on issue #127: [SHIRO-682] fix the potential threat
when use "uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-555209503
@tomsun28 can you add some utests like:
- /resource
- /resource/
- /resource///
Let me k
fpapon edited a comment on issue #127: [SHIRO-682] fix the potential threat
when use "uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-555209503
@tomsun28 can you add some utests like:
- /resource
- /resource/
- /resource///
tomsun28 commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-555381366
@fpapon ok i will add it tonight
This i
asf-ci commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-555478146
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org
tomsun28 opened a new pull request #181: [SHIRO-682]Uri match fix and unit tests
URL: https://github.com/apache/shiro/pull/181
fix[shiro-682] and add some unit test
This is an automated message from the Apache Git Service.
To
asf-ci commented on issue #127: [SHIRO-682] fix the potential threat when use
"uri = uri + '/' " to bypassed shi…
URL: https://github.com/apache/shiro/pull/127#issuecomment-555483635
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org
tomsun28 closed pull request #181: [SHIRO-682]Uri match fix and unit tests
URL: https://github.com/apache/shiro/pull/181
This is an automated message from the Apache Git Service.
To respond to the message, please log on to Gi
asf-ci commented on issue #181: [SHIRO-682]Uri match fix and unit tests
URL: https://github.com/apache/shiro/pull/181#issuecomment-555485900
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/180/
401 - 500 of 1072 matches
Mail list logo