Re: Cutting 9.1.2 release?
+1 and thanks Richard for raising attention on CVE-2023-46589 which is fairly new Le mer. 29 nov. 2023 à 12:51, Richard Zowalla a écrit : > > +1 and yes, CVE-2023-46589 is missing. > > Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan Gallimore: > > +1 > > > > I think there's one CVE to patch before release: CVE-2023-46589 which > > I'm > > happy to do. I'm also happy to cut the release as its been a while > > since I > > last did it. > > > > Jon > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > jlmonte...@tomitribe.com> wrote: > > > > > Hi all, > > > > > > There are a couple of CVEs attached to the latest 9.x release. Is > > > it time > > > to cut a release? > > > > > > Best > > > -- > > > Jean-Louis Monteiro > > > http://twitter.com/jlouismonteiro > > > http://www.tomitribe.com > > > >
Re: Cutting 9.1.2 release?
+1 and yes, CVE-2023-46589 is missing. Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan Gallimore: > +1 > > I think there's one CVE to patch before release: CVE-2023-46589 which > I'm > happy to do. I'm also happy to cut the release as its been a while > since I > last did it. > > Jon > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > jlmonte...@tomitribe.com> wrote: > > > Hi all, > > > > There are a couple of CVEs attached to the latest 9.x release. Is > > it time > > to cut a release? > > > > Best > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > > signature.asc Description: This is a digitally signed message part
Re: Cutting 9.1.2 release?
+1 I think there's one CVE to patch before release: CVE-2023-46589 which I'm happy to do. I'm also happy to cut the release as its been a while since I last did it. Jon On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < jlmonte...@tomitribe.com> wrote: > Hi all, > > There are a couple of CVEs attached to the latest 9.x release. Is it time > to cut a release? > > Best > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com >
Cutting 9.1.2 release?
Hi all, There are a couple of CVEs attached to the latest 9.x release. Is it time to cut a release? Best -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com
Re: [PR] TOMEE-4284 - Implement tomee.mp.jwt.allow.no-exp property over mp.jwt.tomee.allow.no-exp (tomee)
Hi,
it might be related to the recent changes related to logging.
Fixing it would be great to avoid breaking the build.
Gruß
Richard
Am Mittwoch, dem 29.11.2023 um 10:01 +0100 schrieb Zoltán Tichov:
> Hi!
>
> Yes, I can include, but I made itest that were all green under 9.0
> but they
> failed under 10.x.
> Errors may be caused by the server issuing different log messages in
> version 10 than in version 9.
> Should I fix them or is it OK later?
>
> Thanks:
> Zoltán
>
>
> On Wed, Nov 29, 2023 at 8:37 AM rzo1 (via GitHub)
> wrote:
>
> >
> > rzo1 commented on code in PR #990:
> > URL:
> > https://github.com/apache/tomee/pull/990#discussion_r1408864908
> >
> >
> > ##
> >
> > mp-
> > jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthC
> > onfigurationProperties.java:
> > ##
> > @@ -117,6 +119,15 @@ private JWTAuthConfiguration
> > createJWTAuthConfiguration() {
> >
> > config.getOptionalValue("mp.jwt.decrypt.key.algorithm",
> > String.class).orElse(null),
> >
> > config.getOptionalValue("mp.jwt.verify.publickey.algorithm",
> > String.class).orElse(null));
> > }
> > +
> > + private Boolean queryAllowExp(){
> >
> > Review Comment:
> > @tichovz Can you include the feedback provided by Romain? :)
> >
> >
> >
> > --
> > This is an automated message from the Apache Git Service.
> > To respond to the message, please log on to GitHub and use the
> > URL above to go to the specific comment.
> >
> > To unsubscribe, e-mail: dev-unsubscr...@tomee.apache.org
> >
> > For queries about this service, please contact Infrastructure at:
> > us...@infra.apache.org
> >
> >
signature.asc
Description: This is a digitally signed message part
Re: [PR] TOMEE-4284 - Implement tomee.mp.jwt.allow.no-exp property over mp.jwt.tomee.allow.no-exp (tomee)
Hi!
Yes, I can include, but I made itest that were all green under 9.0 but they
failed under 10.x.
Errors may be caused by the server issuing different log messages in
version 10 than in version 9.
Should I fix them or is it OK later?
Thanks:
Zoltán
On Wed, Nov 29, 2023 at 8:37 AM rzo1 (via GitHub) wrote:
>
> rzo1 commented on code in PR #990:
> URL: https://github.com/apache/tomee/pull/990#discussion_r1408864908
>
>
> ##
>
> mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/config/JWTAuthConfigurationProperties.java:
> ##
> @@ -117,6 +119,15 @@ private JWTAuthConfiguration
> createJWTAuthConfiguration() {
> config.getOptionalValue("mp.jwt.decrypt.key.algorithm",
> String.class).orElse(null),
>
> config.getOptionalValue("mp.jwt.verify.publickey.algorithm",
> String.class).orElse(null));
> }
> +
> +private Boolean queryAllowExp(){
>
> Review Comment:
>@tichovz Can you include the feedback provided by Romain? :)
>
>
>
> --
> This is an automated message from the Apache Git Service.
> To respond to the message, please log on to GitHub and use the
> URL above to go to the specific comment.
>
> To unsubscribe, e-mail: dev-unsubscr...@tomee.apache.org
>
> For queries about this service, please contact Infrastructure at:
> us...@infra.apache.org
>
>
