donnerpeter opened a new pull request #15:
URL: https://github.com/apache/velocity-engine/pull/15
this prevented garbage-collecting classloaders that accidentally happened to
be in the stack trace when Stop class was first accessed
This prevents plugin unloading in IntelliJ:
https:/
arkanovicz commented on pull request #15:
URL: https://github.com/apache/velocity-engine/pull/15#issuecomment-635961250
Thanks for the MR. Merged in master.
This is an automated message from the Apache Git Service.
To res
arkanovicz merged pull request #15:
URL: https://github.com/apache/velocity-engine/pull/15
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
wglasshusain opened a new pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
nbubna commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-669670311
Looks good to me.
This is an automated message from the Apache Git Service.
To respond to the message, please
yaverhussain opened a new pull request #17:
URL: https://github.com/apache/velocity-engine/pull/17
… null to render in StrictMode. This is particularly useful in our upcoming
change where in we want to turn StrictMode on but fear we might encounter a lot
of such errors in prod.
-
nbubna commented on pull request #17:
URL: https://github.com/apache/velocity-engine/pull/17#issuecomment-680137890
I see the flag, but it does not appear to be used to actually do anything.
This is an automated message from
yaverhussain commented on pull request #17:
URL: https://github.com/apache/velocity-engine/pull/17#issuecomment-681198639
Sorry, added
This is an automated message from the Apache Git Service.
To respond to the message, plea
yaverhussain removed a comment on pull request #17:
URL: https://github.com/apache/velocity-engine/pull/17#issuecomment-681198639
Sorry, added
This is an automated message from the Apache Git Service.
To respond to the messa
yaverhussain commented on pull request #17:
URL: https://github.com/apache/velocity-engine/pull/17#issuecomment-684767428
> I see the flag, but it does not appear to be used to actually do anything.
can see bit now?
Th
kartikey2003jain opened a new pull request #7:
URL: https://github.com/apache/velocity-tools/pull/7
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
kartikey2003jain opened a new pull request #8:
URL: https://github.com/apache/velocity-tools/pull/8
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
unnown commented on pull request #7:
URL: https://github.com/apache/velocity-tools/pull/7#issuecomment-702557161
Please mark as invalid and spam, this is an obvious attempt to get a free
t-shirt by 'contributing'(hacktoberfest)
This will also ban the user for trying to abuse the system b
unnown commented on pull request #8:
URL: https://github.com/apache/velocity-tools/pull/8#issuecomment-702557214
Please mark as invalid and spam, this is an obvious attempt to get a free
t-shirt by 'contributing'(hacktoberfest)
This will also ban the user for trying to abuse the system b
kartikey2003jain commented on pull request #8:
URL: https://github.com/apache/velocity-tools/pull/8#issuecomment-702558220
> Please mark as invalid and spam, this is an obvious attempt to get a free
t-shirt by 'contributing'(hacktoberfest)
> This will also ban the user for trying to abus
michael-o closed pull request #8:
URL: https://github.com/apache/velocity-tools/pull/8
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go
michael-o closed pull request #7:
URL: https://github.com/apache/velocity-tools/pull/7
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go
JHHAX opened a new pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9
Velocity Tools has an automatically generated error page, which echoes back
the file name unescaped. This commit sanitizes user input and fixes the XSS
Vulnerability!
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705364135
I have now used StringEscapeUtils to patch the XSS. Apologies for the
inconvenience
This is an automated me
JHHAX edited a comment on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705364135
@michael-o
I have now used StringEscapeUtils to patch the XSS. Apologies for the
inconvenience
T
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705387417
Looking at the code, it deserves to be removed altogether and replaced witth
`response#setError()`. No custom handling.
-
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705422154
Interesting.
Im not familiar with what you intend to do with `response#setError()` would
it be possible if you were to add the commit?
Kind Regards,
Jackson Henry
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705456118
The cheapest is to drop:
https://github.com/apache/velocity-tools/blob/098a993730c9887c03a56a99224f5a0a54b4dca1/velocity-tools-view/src/main/java/org/apache/velocity/tools/vie
ChristopherSchultz commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705591304
How can an attacker affect the file name of the Velocity template? I have
never seen an application with a template file named `
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-706034658
hi wglasshusain, can we get this one merged so the new version can be
released?
Thanks!
This is an
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-706034658
hi wglasshusain, can we get this one merged so the new version can be
released?
Thanks!
This is an
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705387417
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub a
ChristopherSchultz commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705591304
How can an attacker affect the file name of the Velocity template? I have
never seen an application with a template file named `
JHHAX edited a comment on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705364135
@michael-o
I have now used StringEscapeUtils to patch the XSS. Apologies for the
inconvenience
T
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-705364135
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and u
JHHAX closed pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to t
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-714055078
> The cheapest is to drop:
>
>
https://github.com/apache/velocity-tools/blob/098a993730c9887c03a56a99224f5a0a54b4dca1/velocity-tools-view/src/main/java/org/apache/velocity/
pwntester removed a comment on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-706034658
hi wglasshusain, can we get this one merged so the new version can be
released?
Thanks!
Th
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-714275346
hi @wglasshusain @nbubna , can we get this merged so the new version can be
released?
Thanks!
This
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-714295423
@arkanovicz If you don't mind, I'd throw this out.
This is an automated message from the Apache Git Service.
arkanovicz commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-715273301
@michael-o What do you want to throw out? The merge request or the catch
clause?
This is an automated messa
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-715345255
@arkanovicz The catch clause.
This is an automated message from the Apache Git Service.
To respond to the mes
mkienenb commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-715386248
@michael-o As I stated privately, removing the catch clause will not fix
the issue -- that's not the catch that's triggered, and it'll break backwards
compatibility (expecte
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-715655059
Thanks @mkienenb !
I am fine with whatever you all think is best. I would just like this to
patched as soon as possible.
-
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716117442
>
>
> @michael-o As I stated privately, removing the catch clause will not fix
the issue -- that's not the catch that's triggered, and it'll break backwards
compatibi
natechadwick commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716284428
This is a shared library so I can see @mkienenb point on compatibility.
They may be relying on that exception as it was documented or expected to be
thrown from that API.
natechadwick edited a comment on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716284428
This is a shared library so I can see @mkienenb point on compatibility.
They may be relying on that exception as it was documented or expected to be
thrown from th
mkienenb commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716539378
@natechadwick No, this can only cause an issue if you use the
VelocityViewServlet.error() method either directly or indirectly. It will not
affect you if you are not using t
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716550276
>
>
> This is a shared library so I can see @mkienenb point on compatibility.
They may be relying on that exception as it was documented or expected to be
thrown from
mkienenb commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716565224
@michael-o If you want to redesign how VelocityViewServlet handles errors in
a separate release and PR, that'd be fine.
For a security fix and release, we should be maki
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716575664
@mkienenb I accept this approach as intermediate step. For the next at least
minor version it'd be best to rework.
--
mkienenb commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716588542
@michael-o Thanks. Can you either cancel your review or approve the changes
so far?
This is an autom
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716663835
Please squash
This is an automated message from the Apache Git Service.
To respond to the message, please lo
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-716844480
Thank you all!
This is an automated message from the Apache Git Service.
To respond to the message, please log on
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-720907360
Hey guys,
are we going to merge?
This is an automated message from the Apache Git Service.
To respond to the m
michael-o commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-721010302
Please squash
This is an automated message from the Apache Git Service.
To respond to the message, please log
JHHAX commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-722136523
Done!
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHu
michael-o merged pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go
martin-g opened a new pull request #10:
URL: https://github.com/apache/velocity-tools/pull/10
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above
martin-g opened a new pull request #18:
URL: https://github.com/apache/velocity-engine/pull/18
Remove unused imports in `OldPropertiesTestCase`. It failed compiling on my
local because I use JDK 15 by default.
This is an aut
arkanovicz commented on pull request #18:
URL: https://github.com/apache/velocity-engine/pull/18#issuecomment-731577067
From seeing the output, the failing test looks like a test isolation leak
between `ugly1.vtl` and `ugly2.vtl` : ugly2 defines the `#foo` macro to render
`bar`, `ugly1` ou
martin-g commented on pull request #18:
URL: https://github.com/apache/velocity-engine/pull/18#issuecomment-732118081
I think I figured it out:
it seems on TravisCI `File[] directoryListing = dir.listFiles();` returns
first "ugly2.vtl" and then `ugly.vtl" and due to this the context for
arkanovicz commented on pull request #18:
URL: https://github.com/apache/velocity-engine/pull/18#issuecomment-732120216
Oh, well done. Hadn't thought of that.
Yes, squash, please.
This is an automated message from the
martin-g commented on pull request #18:
URL: https://github.com/apache/velocity-engine/pull/18#issuecomment-732124319
Squashed and force-pushed!
TravisCI is happy!
This is an automated message from the Apache Git Service.
arkanovicz merged pull request #18:
URL: https://github.com/apache/velocity-engine/pull/18
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
martin-g commented on pull request #10:
URL: https://github.com/apache/velocity-tools/pull/10#issuecomment-736296569
@arkanovicz Any comments on this PR ?
This is an automated message from the Apache Git Service.
To respo
arkanovicz commented on pull request #10:
URL: https://github.com/apache/velocity-tools/pull/10#issuecomment-736384604
It looks fine to me.
This is an automated message from the Apache Git Service.
To respond to the message,
arkanovicz merged pull request #10:
URL: https://github.com/apache/velocity-tools/pull/10
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
No description provided.
This is an automated message from the Apache Git Service.
To respond to the messa
pwntester edited a comment on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
hi @wglasshusain @nbubna, any update on this?
This is an automated message from the Apache Git Ser
martin-g commented on a change in pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#discussion_r553891428
##
File path:
velocity-engine-core/src/test/java/org/apache/velocity/test/SecureIntrospectionTestCase.java
##
@@ -163,14 +166,35 @@ public void setP
martin-g commented on a change in pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#discussion_r553891428
##
File path:
velocity-engine-core/src/test/java/org/apache/velocity/test/SecureIntrospectionTestCase.java
##
@@ -163,14 +166,35 @@ public void setP
pwntester commented on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
No description provided.
This is an automated message from the Apache Git Service.
To respond to the messa
pwntester edited a comment on pull request #16:
URL: https://github.com/apache/velocity-engine/pull/16#issuecomment-756661745
hi @wglasshusain @nbubna, any update on this?
This is an automated message from the Apache Git Ser
martin-g opened a new pull request #1:
URL: https://github.com/apache/velocity-site/pull/1
Fix few minor typos in README.txt
This is an automated message from the Apache Git Service.
To respond to the message, please log on t
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-759459067
I have the feeling that the information in the README.txt is not accurate
anymore. There is no `tools/` folder and I was not able to generate `.html`
files out of the `.mdtext`
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-763549171
Any comments on the proposed changes ?
This is an automated message from the Apache Git Service.
To respond to
ation to gitbox) are [here](http://velocity.apache.org/site-building.html).
The remaining looks ok.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use th
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-763567932
So it still uses Apache CMS ? I thought this service is no more available
and all projects have to use static site generators (like the mentioned
`pelican`).
I'll see how th
arkanovicz commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-763601546
It just uses a local checkout of the Apache CMS (without the CMS feature
itself, of course). The plan is to move to something else (maybe
[Pelican](https://github.com/getpeli
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-767572121
I am not sure I will be able to do it with Apache CMS :-/
Disclaimer: I am not very deep into Python!
I use Ubuntu 20.10 and there is no `pip2` package anymore, so I am
arkanovicz commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-767603518
I have the same ubuntu, but with a python 2.7 markdown in
`/usr/local/lib/python2.7/dist-packages/markdown/`, so I imagine it was
installed by pip2.
The error you get
martin-g opened a new pull request #2:
URL: https://github.com/apache/velocity-site/pull/2
Trying to update the web site with the changes from
https://github.com/apache/velocity-site/pull/1 but the generated HTML is not
the expected. A big part of it is lost...
Here is the script I
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-768151773
@arkanovicz Thanks for the new url! The markdown module has been installed
successfully for Python2 here! I also needed to install Perl's LWP::Simple
(`cpan install LWP::Simple
arkanovicz commented on pull request #2:
URL: https://github.com/apache/velocity-site/pull/2#issuecomment-768201338
Here is [a patched
version](https://gist.github.com/arkanovicz/acf7c1249437e701f586a2773ac74f62)
of the apache-cms' markdown daemon which produces some log in
`/tmp/markdown
martin-g commented on pull request #2:
URL: https://github.com/apache/velocity-site/pull/2#issuecomment-768247905
`/tmp/markdown.debug.log` produces `INFO:root:Markdown daemon running.`.
`/tmp/markdown.error.log` remains empty.
> Which parts aren't generated?
See the diff i
arkanovicz commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-768555706
It's not the python markdown daemon which is at fault, but the perl building
script. The missing parts all correspond to dynamic sections in the
[skeleton](https://github.com
arkanovicz opened a new pull request #3:
URL: https://github.com/apache/velocity-site/pull/3
Dockerized site builder.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHu
arkanovicz merged pull request #3:
URL: https://github.com/apache/velocity-site/pull/3
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go
arkanovicz commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-769053568
The dockerized site builder is functional.
The single shell script `velocity-site/builder/bin/builder.sh` should do all
the work.
I think your setup was lacking
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-769069374
I am testing it now!
But you pushed to `trunk` branch while the README file says: `Note: the
branch trnk is obsolete. Please use the master branch.`
---
to
../velocity-site-production is. I cannot push there, so I need to add my fork
as a Git remote anyway. GitBox is not really useful for contributors
This is an automated message from the Apache Git Service.
To respond to the
cloning to
../velocity-site-production is. I cannot push there, so I need to add my fork
as a Git remote anyway. GitBox is not really useful for contributors
This is an automated message from the Apache Git Service.
To respond to the
arkanovicz opened a new pull request #4:
URL: https://github.com/apache/velocity-site/pull/4
Dockerized site builder.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to G
arkanovicz merged pull request #4:
URL: https://github.com/apache/velocity-site/pull/4
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go
arkanovicz commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-76910
Sorry for the branches error. Yes, you have to use master. The default
branch on github is still trunk but the fix is ongoing.
The cloning of the production branch now
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-769695092
Everything works fine now!
Both this PR and https://github.com/apache/velocity-site/pull/2 are ready to
be merged !
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-769695261
Actually I will update the README with the new site building steps
This is an automated message from the Apache
martin-g edited a comment on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-769695261
Actually with this PR I will update the README with the new site building
steps
This is an automated me
martin-g opened a new pull request #5:
URL: https://github.com/apache/velocity-site/pull/5
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
martin-g closed pull request #1:
URL: https://github.com/apache/velocity-site/pull/1
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to
martin-g commented on pull request #1:
URL: https://github.com/apache/velocity-site/pull/1#issuecomment-769717987
Closing in favor of https://github.com/apache/velocity-site/pull/5
This is an automated message from the Apache
martin-g commented on pull request #2:
URL: https://github.com/apache/velocity-site/pull/2#issuecomment-769718517
This PR is ready for review.
I've created it by following the steps described in
https://github.com/apache/velocity-site/pull/5
---
martin-g commented on pull request #5:
URL: https://github.com/apache/velocity-site/pull/5#issuecomment-769718964
At the moment README is a .txt file. IMO it would be better to convert it to
.md but in a separate PR.
This is
arkanovicz commented on pull request #5:
URL: https://github.com/apache/velocity-site/pull/5#issuecomment-769723640
Nice!
Yres, an md file would be better.
And it should be mentioned somewhere that one needs to have docker installed
to use the site builder.
-
1 - 100 of 188 matches
Mail list logo
