[jira] [Updated] (WSS-710) Implementation of the configuration options to set KeyDerivation parameters

[ https://issues.apache.org/jira/browse/WSS-710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-710: Fix Version/s: 4.0.0 3.0.4 > Implementation of the configuration opti

Re: [VOTE] - Release Apache WSS4J 3.0.3

With 3 binding +1 votes, and 2 non-binding +1 votes, this vote passes. I'll do the release. Colm. On Mon, Feb 26, 2024 at 12:18 PM Jim Ma wrote: > > +1 > > Jim > > On Thu, Feb 22, 2024 at 10:25 PM Colm O hEigeartaigh > wrote: >> >> This is a vote to releas

[VOTE] - Release Apache WSS4J 3.0.3

This is a vote to release Apache WSS4J 3.0.3. It contains an update to use XML Security for Java 3.0.4 and functionality to support key agreement using ECDH-ES. Release notes: https://issues.apache.org/jira/projects/WSS/versions/12353796 Artifacts:

[jira] [Resolved] (WSS-706) Support for Key Agreement using ECDH-ES

[ https://issues.apache.org/jira/browse/WSS-706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-706. - Resolution: Fixed > Support for Key Agreement using ECDH

[jira] [Resolved] (WSS-709) Add more setter methods for AlgorithmSuite$AlgorithmSuiteType

[ https://issues.apache.org/jira/browse/WSS-709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-709. - Resolution: Fixed > Add more setter methods for AlgorithmSuite$AlgorithmSuiteT

[jira] [Updated] (WSS-709) Add more setter methods for AlgorithmSuite$AlgorithmSuiteType

[ https://issues.apache.org/jira/browse/WSS-709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-709: Fix Version/s: 4.0.0 3.0.3 > Add more setter methods for AlgorithmSu

[jira] [Commented] (WSS-706) Support for Key Agreement using ECDH-ES

[ https://issues.apache.org/jira/browse/WSS-706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17810963#comment-17810963 ] Colm O hEigeartaigh commented on WSS-706: - Yes that kind of workaround would be fine [~jrihtarsic

[jira] [Updated] (WSS-706) Support for Key Agreement using ECDH-ES

[ https://issues.apache.org/jira/browse/WSS-706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-706: Fix Version/s: 3.0.3 > Support for Key Agreement using ECDH

[jira] [Commented] (WSS-706) Support for Key Agreement using ECDH-ES

[ https://issues.apache.org/jira/browse/WSS-706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17810920#comment-17810920 ] Colm O hEigeartaigh commented on WSS-706: - [~jrihtarsic] I committed it to 3.0.x-fixes, however

[jira] [Updated] (WSS-706) Support for Key Agreement using ECDH-ES

[ https://issues.apache.org/jira/browse/WSS-706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-706: Fix Version/s: 4.0.0 > Support for Key Agreement using ECDH

[jira] [Resolved] (WSS-708) Support for EdDSA keys and ED25519 ED448 and signature algorithm

[ https://issues.apache.org/jira/browse/WSS-708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-708. - Resolution: Fixed > Support for EdDSA keys and ED25519 ED448 and signature algori

[jira] [Commented] (WSS-706) Support for Key Agreement using ECDH-ES

[ https://issues.apache.org/jira/browse/WSS-706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17807076#comment-17807076 ] Colm O hEigeartaigh commented on WSS-706: - Waiting for a new PR to be created against master branch

[jira] [Updated] (WSS-708) Support for EdDSA keys and ED25519 ED448 and signature algorithm

[ https://issues.apache.org/jira/browse/WSS-708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-708: Fix Version/s: 4.0.0 3.0.3 > Support for EdDSA keys and ED25519 ED

[jira] [Closed] (WSS-707) Update Santuario to fix CVE-2023-44483

[ https://issues.apache.org/jira/browse/WSS-707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-707. --- > Update Santuario to fix CVE-2023-44

[jira] [Closed] (WSS-705) Add SBOMs to published packages

[ https://issues.apache.org/jira/browse/WSS-705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-705. --- > Add SBOMs to published packages > --- > >

Re: [VOTE] - Release Apache WSS4J 3.0.2 / 2.4.3

With 3 binding +1 votes, and no other votes, this vote passes. I'll do the release. Colm. On Tue, Oct 31, 2023 at 9:11 AM Alessio Soldano wrote: > > +1 > > thanks! > > On Tue, Oct 24, 2023 at 10:59 AM Colm O hEigeartaigh > wrote: >> >> This is a vote to rel

[VOTE] - Release Apache WSS4J 3.0.2 / 2.4.3

This is a vote to release Apache WSS4J 3.0.2 and 2.4.3. The main fix is an upgrade to XML Security to pick up a recent CVE fix. 3.0.2: Artifacts: https://repository.apache.org/content/repositories/orgapachews-1099/ Issues Fixed:

[jira] [Resolved] (WSS-707) Update Santuario to fix CVE-2023-44483

[ https://issues.apache.org/jira/browse/WSS-707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-707. - Resolution: Fixed > Update Santuario to fix CVE-2023-44

[jira] [Created] (WSS-707) Update Santuario to fix CVE-2023-44483

Colm O hEigeartaigh created WSS-707: --- Summary: Update Santuario to fix CVE-2023-44483 Key: WSS-707 URL: https://issues.apache.org/jira/browse/WSS-707 Project: WSS4J Issue Type: Bug

[jira] [Resolved] (WSS-705) Add SBOMs to published packages

[ https://issues.apache.org/jira/browse/WSS-705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-705. - Resolution: Fixed > Add SBOMs to published packa

[jira] [Updated] (WSS-705) Add SBOMs to published packages

[ https://issues.apache.org/jira/browse/WSS-705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-705: Fix Version/s: (was: 2.3.5) > Add SBOMs to published packa

[jira] [Created] (WSS-705) Add SBOMs to published packages

Colm O hEigeartaigh created WSS-705: --- Summary: Add SBOMs to published packages Key: WSS-705 URL: https://issues.apache.org/jira/browse/WSS-705 Project: WSS4J Issue Type: Task

[jira] [Updated] (WSS-704) Upgrade to XML Security 4.0.0

[ https://issues.apache.org/jira/browse/WSS-704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-704: Fix Version/s: 4.0.0 > Upgrade to XML Security 4.

[jira] [Created] (WSS-704) Upgrade to XML Security 4.0.0

Colm O hEigeartaigh created WSS-704: --- Summary: Upgrade to XML Security 4.0.0 Key: WSS-704 URL: https://issues.apache.org/jira/browse/WSS-704 Project: WSS4J Issue Type: Task

[jira] [Resolved] (WSS-703) Upgrade to OpenSAML v5

[ https://issues.apache.org/jira/browse/WSS-703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-703. - Resolution: Fixed > Upgrade to OpenSAML v5 > -- > >

[jira] [Created] (WSS-703) Upgrade to OpenSAML v5

Colm O hEigeartaigh created WSS-703: --- Summary: Upgrade to OpenSAML v5 Key: WSS-703 URL: https://issues.apache.org/jira/browse/WSS-703 Project: WSS4J Issue Type: Task Reporter

[jira] [Commented] (WSS-702) Process hangs when a signature is added and server not reachable

[ https://issues.apache.org/jira/browse/WSS-702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17766266#comment-17766266 ] Colm O hEigeartaigh commented on WSS-702: - OK closing ticket. > Process hangs when a signat

[jira] [Resolved] (WSS-702) Process hangs when a signature is added and server not reachable

[ https://issues.apache.org/jira/browse/WSS-702?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-702. - Resolution: Fixed > Process hangs when a signature is added and server not reacha

WSS4J branches

FYI I created a new 3_0_x-fixes branch for WSS4J and bumped master to 4.0.0-SNAPSHOT. I am going to merge an update to XML Security 4.0.0-SNAPSHOT and also OpenSAML 5.x. WSS4J 4.0.0-SNAPSHOT will require Java 17. Colm. - To

Re: [VOTE] XmlSchema 2.3.1

+1, all CXF tests pass with it. Colm. On Fri, Sep 8, 2023 at 7:38 AM Oscar Westra van Holthe - Kind wrote: > > Hi all, > > +1 (non-binding) to release version 2.3.1. > > I've successfully run the tests on my project that depends on the > xmlschema-walker artefact, that requires one of the

[jira] [Commented] (WSS-701) Support for X509PKIPathv1 in WSSecEncryptKey is missing

[ https://issues.apache.org/jira/browse/WSS-701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17747756#comment-17747756 ] Colm O hEigeartaigh commented on WSS-701: - Hi, can you submit a pull request for the change

[jira] [Commented] (WSS-700) WSSecEncrypt cannot set Security Provider

[ https://issues.apache.org/jira/browse/WSS-700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1772#comment-1772 ] Colm O hEigeartaigh commented on WSS-700: - I've added it for WSSecSignature as requested

[jira] [Commented] (WSS-700) WSSecEncrypt cannot set Security Provider

[ https://issues.apache.org/jira/browse/WSS-700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1770#comment-1770 ] Colm O hEigeartaigh commented on WSS-700: - [~phax] I'm not sure it makes sense to add a Provider

[jira] [Closed] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold

[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-693. --- > Check for CVE/CVSS scores and fail build is severity is over a thresh

[jira] [Closed] (WSS-699) org.apache.wss4j.dom.transform.STRTransform not compliant with Oracle spec

[ https://issues.apache.org/jira/browse/WSS-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-699. --- > org.apache.wss4j.dom.transform.STRTransform not compliant with Oracle s

[jira] [Closed] (WSS-700) WSSecEncrypt cannot set Security Provider

[ https://issues.apache.org/jira/browse/WSS-700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-700. --- > WSSecEncrypt cannot set Security Provi

Re: [VOTE] - Release Apache WSS4J 3.0.1, 2.4.2, 2.3.4

With 3 binding +1 votes, and two non-binding +1 votes, this vote passes. I'll do the release. Colm. On Fri, Jul 14, 2023 at 1:48 AM Jim Ma wrote: > > +1 > > On Wed, Jul 12, 2023 at 11:55 PM Colm O hEigeartaigh > wrote: >> >> This is a vote to release Apach

[VOTE] - Release Apache WSS4J 3.0.1, 2.4.2, 2.3.4

This is a vote to release Apache WSS4J 3.0.1, 2.4.2, 2.3.4. 3.0.1: - Issues fixed: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310063=12352384 - Git tag: https://github.com/apache/ws-wss4j/releases/tag/wss4j-3.0.1 - Artifacts:

[jira] [Resolved] (WSS-699) org.apache.wss4j.dom.transform.STRTransform not compliant with Oracle spec

[ https://issues.apache.org/jira/browse/WSS-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-699. - Resolution: Fixed > org.apache.wss4j.dom.transform.STRTransform not compliant with Ora

[jira] [Updated] (WSS-699) org.apache.wss4j.dom.transform.STRTransform not compliant with Oracle spec

[ https://issues.apache.org/jira/browse/WSS-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-699: Fix Version/s: 2.4.2 3.0.1 > org.apache.wss4j.dom.transform.STRTransf

[jira] [Updated] (WSS-700) WSSecEncrypt cannot set Security Provider

[ https://issues.apache.org/jira/browse/WSS-700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-700: Fix Version/s: 3.0.1 > WSSecEncrypt cannot set Security Provi

[jira] [Resolved] (WSS-700) WSSecEncrypt cannot set Security Provider

[ https://issues.apache.org/jira/browse/WSS-700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-700. - Resolution: Fixed > WSSecEncrypt cannot set Security Provi

[jira] [Commented] (WSS-700) WSSecEncrypt cannot set Security Provider

[ https://issues.apache.org/jira/browse/WSS-700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741511#comment-17741511 ] Colm O hEigeartaigh commented on WSS-700: - I added a new constructor for WSSecEncrypt that passes

[jira] [Updated] (WSS-700) WSSecEncrypt cannot set Security Provider

[ https://issues.apache.org/jira/browse/WSS-700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-700: Fix Version/s: 2.3.4 2.4.2 > WSSecEncrypt cannot set Security Provi

[jira] [Resolved] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold

[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-693. - Resolution: Fixed > Check for CVE/CVSS scores and fail build is severity is o

[jira] [Updated] (WSS-693) Check for CVE/CVSS scores and fail build is severity is over a threshold

[ https://issues.apache.org/jira/browse/WSS-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-693: Fix Version/s: 2.3.4 2.4.2 > Check for CVE/CVSS scores and fail bu

Re: Regarding No message with ID "badElement" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"

Hi, You need to call WSSConfig.init() before any call to org.apache.xml.security.Init.init(). For example see: https://github.com/apache/ws-wss4j/blob/4c5dda00904ea7217b4e0add80024973313466ea/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureWSS651Test.java#L65 Colm. On Wed,

[jira] [Closed] (WSS-687) Upgrade OpenSAML to v4.1.x

[ https://issues.apache.org/jira/browse/WSS-687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-687. --- > Upgrade OpenSAML to v4.1.x > -- > >

[jira] [Closed] (WSS-695) Unmarshalling failure with OpenSAML 4

[ https://issues.apache.org/jira/browse/WSS-695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-695. --- > Unmarshalling failure with OpenSAM

[jira] [Closed] (WSS-694) Move wss4j to native jakarta namespace

[ https://issues.apache.org/jira/browse/WSS-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-694. --- > Move wss4j to native jakarta namesp

[jira] [Closed] (WSS-696) Upgrade ehcache to 3.10.0 with jakarta classfier

[ https://issues.apache.org/jira/browse/WSS-696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-696. --- > Upgrade ehcache to 3.10.0 with jakarta classf

Re: [VOTE] - Release Apache WSS4J 3.0.0

With 5 +1 votes, and no other votes, this vote passes. I'll do the release. Colm. On Sun, Oct 9, 2022 at 3:43 AM Jim Ma wrote: > > +1 > > On Thu, Oct 6, 2022 at 4:39 PM Alessio Soldano wrote: >> >> +1 >> >> Thanks! >> >> On Tue, Oct 4

[VOTE] - Release Apache WSS4J 3.0.0

This is a vote to release Apache WSS4J 3.0.0. This is a new major release which has transitioned to the jakarta namespace, and contains new major dependency upgrades for OpenSAML (4.x) and XML Security (3.x). It is designed to be used with CXF 4.0.0. Artifacts:

[jira] [Resolved] (WSS-698) No way to call requestData.setSignatureProvider() in WSS4JOutInterceptor and WSS4JInInterceptor

[ https://issues.apache.org/jira/browse/WSS-698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-698. - Resolution: Not A Problem You have the option of overriding the WSHandler doSenderAction

Re: WSS4j 3.0.0

Hi Jim, At this point I don't have anything else to do for WSS4J itself. I have some work to do on a new Santuario release, I'm hoping to get this done over the next 2/3 weeks. I also want to review some outstanding CXF issues to see if there's anything that needs to go into WSS4J before the

Re: javax servlet class in opensaml 4.2.0

Hi Jim, >From a quick glance, most if not all of these are in parts of OpenSAML that aren't used by WSS4J. Ultimately if all the tests (including CXF) pass without any problems then I suppose we're OK? Colm. On Mon, May 30, 2022 at 7:22 AM Jim Ma wrote: > > Hi Colm, > I searched the javax

Re: [VOTE] Release Apache Axiom 1.4.0

+1. The year in the NOTICE file should be updated to 2022 for the next release. Colm. On Tue, May 24, 2022 at 12:30 AM Daniel Kulp wrote: > > +1 > > Dan > > > On May 14, 2022, at 5:11 PM, robertlazarski wrote: > > This is a vote to release Apache Axiom 1.4.0 > > Git tag:

[jira] [Commented] (WSS-697) OpenSAMLUtil overrides OpenSAML configured by OpenSAML’s InitializationService

[ https://issues.apache.org/jira/browse/WSS-697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17535116#comment-17535116 ] Colm O hEigeartaigh commented on WSS-697: - What change do you suggest to be made to how the manually

[jira] [Resolved] (WSS-696) Upgrade ehcache to 3.10.0 with jakarta classfier

[ https://issues.apache.org/jira/browse/WSS-696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-696. - Resolution: Fixed > Upgrade ehcache to 3.10.0 with jakarta classf

[jira] [Resolved] (WSS-687) Upgrade OpenSAML to v4.1.x

[ https://issues.apache.org/jira/browse/WSS-687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-687. - Resolution: Fixed > Upgrade OpenSAML to v4.

[jira] [Updated] (WSS-687) Upgrade OpenSAML to v4.1.x

[ https://issues.apache.org/jira/browse/WSS-687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-687: Fix Version/s: 3.0.0 > Upgrade OpenSAML to v4.

[jira] [Commented] (WSS-687) Upgrade OpenSAML to v4.1.x

[ https://issues.apache.org/jira/browse/WSS-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17522800#comment-17522800 ] Colm O hEigeartaigh commented on WSS-687: - That's a good idea Rob. I'm not concerned about the issue

[jira] [Commented] (WSS-687) Upgrade OpenSAML to v4.1.x

[ https://issues.apache.org/jira/browse/WSS-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17522265#comment-17522265 ] Colm O hEigeartaigh commented on WSS-687: - Is there a way we can only get the Opensaml artifacts

[jira] [Resolved] (WSS-695) Unmarshalling failure with OpenSAML 4

[ https://issues.apache.org/jira/browse/WSS-695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-695. - Resolution: Fixed > Unmarshalling failure with OpenSAM

[jira] [Created] (WSS-695) Unmarshalling failure with OpenSAML 4

Colm O hEigeartaigh created WSS-695: --- Summary: Unmarshalling failure with OpenSAML 4 Key: WSS-695 URL: https://issues.apache.org/jira/browse/WSS-695 Project: WSS4J Issue Type: Improvement

[jira] [Commented] (WSS-655) Support outbound Streaming WS-Security MTOM

[ https://issues.apache.org/jira/browse/WSS-655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17516927#comment-17516927 ] Colm O hEigeartaigh commented on WSS-655: - It can be tested against the "DOM" implementat

[jira] [Resolved] (WSS-694) Move wss4j to native jakarta namespace

[ https://issues.apache.org/jira/browse/WSS-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-694. - Resolution: Fixed > Move wss4j to native jakarta namesp

[jira] [Updated] (WSS-694) Move wss4j to native jakarta namespace

[ https://issues.apache.org/jira/browse/WSS-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-694: Fix Version/s: 3.0.0 > Move wss4j to native jakarta namesp

Re: [VOTE] - Release Apache WSS4J 2.4.1

With 3 binding +1 votes, and no other votes, this vote passes. Colm. On Thu, Feb 17, 2022 at 11:27 PM Alessio Soldano wrote: > > +1 > > Thanks! > > On Fri, Feb 11, 2022 at 3:26 PM Colm O hEigeartaigh > wrote: >> >> This is a vote to release Apac

Re: Should WSS4J fail release builds for High CVE findings ?

Hi Rob, Yes please prepare a PR and I'll review. If you could add an empty file as well so that we can easily add false positives, that would be great. Colm. On Sat, Feb 12, 2022 at 11:10 PM Rob Leland wrote: > > I noticed that the wss4J build mainly uses the OWASP dependency-check-plugin >

[VOTE] - Release Apache WSS4J 2.4.1

This is a vote to release Apache WSS4J 2.4.1. It fixes an issue with the timestamp in the WSS4J jars being invalid. Artifacts: https://repository.apache.org/content/repositories/orgapachews-1088/ Git tag: https://github.com/apache/ws-wss4j/releases/tag/wss4j-2.4.1 +1 from me. Colm.

Re: A jakarta namespace version

i.e project leadership. > > I'm on the PMC however I help maintain another Web Services project: Axiom. > > For the WSS4J project, the release manager has been this individual below. > > Colm O hEigeartaigh > > You may want to wait for him to respond. Or the VP of the We

[jira] [Resolved] (WSS-690) No bundle jar available for Apache WSS4J » 2.4.0

[ https://issues.apache.org/jira/browse/WSS-690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-690. - Resolution: Won't Fix > No bundle jar available for Apache WSS4J » 2.

[jira] [Commented] (WSS-690) No bundle jar available for Apache WSS4J » 2.4.0

[ https://issues.apache.org/jira/browse/WSS-690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445760#comment-17445760 ] Colm O hEigeartaigh commented on WSS-690: - We don't ship a binary distribution any more, as projects

Re: [VOTE] - Release Apache WSS4J 2.4.0

eck for > null, so I would need to look at the change in a larger context to determine > if an issue was introduced. > > On Fri, Nov 12, 2021 at 4:40 AM Colm O hEigeartaigh > wrote: >> >> What change are you referring to, can you point me to a line of code? >>

Re: [VOTE] - Release Apache WSS4J 2.4.0

What change are you referring to, can you point me to a line of code? Colm. On Tue, Nov 9, 2021 at 9:50 PM Rob Leland wrote: > > Was the change from "".equals(var) to var.length evaluated for NPE errors? > The previous method NPE were avoided. > > On Tue, Nov 9, 2021,

Re: [VOTE] - Release Apache WSS4J 2.4.0

Thanks everyone, the vote passes with 6 +1 votes, at least 3 of them binding. Colm. On Mon, Nov 8, 2021 at 11:26 PM Sagara Gunathunga wrote: > > +1 > > Thanks! > > On Tuesday, November 2, 2021, Colm O hEigeartaigh wrote: >> >> This is a vote to release A

[VOTE] - Release Apache WSS4J 2.4.0

This is a vote to release Apache WSS4J 2.4.0. Even though this is a new major release, the changes are somewhat minimal - the main purpose of the release is to pick up a new major version of Apache Santuario (2.3.0). Git tag: https://github.com/apache/ws-wss4j/releases/tag/wss4j-2.4.0 Artifacts:

[jira] [Commented] (WSS-643) NullPointerException in getCacheManager

[ https://issues.apache.org/jira/browse/WSS-643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434353#comment-17434353 ] Colm O hEigeartaigh commented on WSS-643: - The NPE only happens when there is a problem with setting

Dependabot

Hi, I am disabling dependabot for Axiom + WSS4J, as it was brought to my attention recently that it's against ASF policy to allow a tool write-access to code repositories: https://lists.apache.org/thread.html/r5b376dd196b84a54e0e08ffa371233a2fa9c65c4ce25c97bd27c666a%40%3Cbuilds.apache.org%3E

Re: [VOTE] - Release Apache WSS4J 2.2.7

With 5 +1 votes, including at least 3 binding +1 votes, this vote passes - I'll do the release. Colm. On Fri, Sep 17, 2021 at 8:17 PM Alessio Soldano wrote: > > +1 > Thanks > > On Tuesday, September 14, 2021, Colm O hEigeartaigh > wrote: > > This is a vote to re

Re: [VOTE] - Release Apache WSS4J 2.3.3

With 5 +1 votes, including at least 3 binding +1 votes, this vote passes - I'll do the release. Colm. On Fri, Sep 17, 2021 at 8:17 PM Alessio Soldano wrote: > > +1 > Thanks > > On Tuesday, September 14, 2021, Colm O hEigeartaigh > wrote: > > This is a vote to re

Re: [VOTE] Apache XMLSchema-2.3.0

+1. Colm. On Wed, Sep 15, 2021 at 12:32 PM Freeman Fang wrote: > > +1 > > Thanks! > Freeman > > On Tue, Sep 14, 2021 at 2:49 PM Daniel Kulp wrote: >> >> The primary change in this release is adding support for Java 17 and >> dropping support for Java 7. It also contains a few bug fixes: >>

Re: [VOTE] Release Apache Neethi 3.2.0

+1. Colm. On Wed, Sep 15, 2021 at 12:31 PM Freeman Fang wrote: > > +1 > > Thanks > Freeman > > On Tue, Sep 14, 2021 at 2:47 PM Daniel Kulp wrote: >> >> This is a vote to release Neethi 3.2.0. Updates include: >> >> >> 1) Support Java 7 has been dropped, but support for Java 17 has been >>

[jira] [Commented] (WSS-688) Signatures created with Merlin start being invalid after changing key-store a few times

[ https://issues.apache.org/jira/browse/WSS-688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17415406#comment-17415406 ] Colm O hEigeartaigh commented on WSS-688: - The signature verification errors would appear in Apache

[VOTE] - Release Apache WSS4J 2.2.7

This is a vote to release Apache WSS4J 2.2.7. It contains a few trivial code changes as well as updates to fix CVE issues in a few dependencies. This is the last anticipated release of WSS4J 2.2.x. Artifacts: https://repository.apache.org/content/repositories/orgapachews-1082/ Git tag:

[VOTE] - Release Apache WSS4J 2.3.3

This is a vote to release Apache WSS4J 2.3.3. It contains a few trivial code changes as well as updates to fix CVE issues in a few dependencies. Artifacts: https://repository.apache.org/content/repositories/orgapachews-1081/ Git tag: https://github.com/apache/ws-wss4j/releases/tag/wss4j-2.3.3 +1

[jira] [Commented] (WSS-688) Signatures created with Merlin start being invalid after changing key-store a few times

[ https://issues.apache.org/jira/browse/WSS-688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17408865#comment-17408865 ] Colm O hEigeartaigh commented on WSS-688: - If you turn on debug logging you should see exactly where

[jira] [Commented] (WSS-688) Signatures created with Merlin start being invalid after changing key-store a few times

[ https://issues.apache.org/jira/browse/WSS-688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17407094#comment-17407094 ] Colm O hEigeartaigh commented on WSS-688: - What stack trace do you see in the logs when it starts

[jira] [Commented] (WSS-687) Upgrade OpenSAML to v4.1.x

[ https://issues.apache.org/jira/browse/WSS-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17396679#comment-17396679 ] Colm O hEigeartaigh commented on WSS-687: - WSS4J master (2.5.0-SNAPSHOT) has moved to Java 11

Re: DOMX509IssuerSerial WCF compatability

Hi Rob, Any contributions are welcome! I would prefer not to introduce a dependency on powermock, it shouldn't be too much extra work to verify the changes in a test. Colm. On Wed, Jul 14, 2021 at 11:07 PM Rob Leland wrote: > > For instance, > > Would the developers be open to adding a

Re: [VOTE] Release Apache Axiom 1.3.0

+1. Colm. On Thu, Jul 1, 2021 at 10:29 PM robertlazarski wrote: > > This is a vote to release Apache Axiom 1.3.0 > > Git tag: https://github.com/apache/ws-axiom/releases/tag/1.3.0 > > Distributions: https://dist.apache.org/repos/dist/dev/ws/axiom/ > > Maven artifacts: >

[jira] [Resolved] (WSS-686) org.apache.ws.security.util.XmlSchemaDateFormat no longer in 2.3.x

[ https://issues.apache.org/jira/browse/WSS-686?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-686. - Resolution: Won't Fix > org.apache.ws.security.util.XmlSchemaDateFormat no longer in 2.

[jira] [Commented] (WSS-686) org.apache.ws.security.util.XmlSchemaDateFormat no longer in 2.3.x

[ https://issues.apache.org/jira/browse/WSS-686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17359817#comment-17359817 ] Colm O hEigeartaigh commented on WSS-686: - It was removed as part of https://issues.apache.org/jira

Re: Axis2 needs an Axiom release

Hi Robert, I am active on some of the Apache WS projects (e.g. WSS4J), but I'm not involved with Axiom. Andreas (https://github.com/veithen) is the only active participant in Axiom in the project. Does the current 1.2.x branch (https://github.com/apache/ws-axiom/commits/1.2.x) have everything

[jira] [Closed] (WSS-685) Signature before timestamp results in signing after encryption

[ https://issues.apache.org/jira/browse/WSS-685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed WSS-685. --- > Signature before timestamp results in signing after encrypt

Re: [VOTE] - Release Apache WSS4J 2.3.2

With 3 binding +1 votes, and no other votes, this vote passes - I'll do the release. Colm. On Mon, May 24, 2021 at 10:05 AM Alessio Soldano wrote: > > +1 > > Thanks! > > On Tue, May 18, 2021 at 10:41 AM Colm O hEigeartaigh > wrote: >> >> This is a vote to re

[VOTE] - Release Apache WSS4J 2.3.2

This is a vote to release Apache WSS4J 2.3.2. It only fixes a single bug (https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310063=12349519), but it contains OpenSAML and Apache Santuario upgrades, as well as a security fix for Guava, and an update for Joda-Time. Artifacts:

WSS4J 2.3.2 release next week

Hi, I plan to call a vote on WSS4J 2.3.2 early next week. Let me know ASAP if there are any other changes required. Colm. - To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail:

[jira] [Resolved] (WSS-685) Signature before timestamp results in signing after encryption

[ https://issues.apache.org/jira/browse/WSS-685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved WSS-685. - Resolution: Fixed > Signature before timestamp results in signing after encrypt

  1   2   3   4   5   6   7   8   9   10   >