[GitHub] aledsage commented on issue #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60

aledsage commented on issue #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60 URL: https://github.com/apache/brooklyn-server/pull/1039#issuecomment-462410666 We use various deprecated bouncycastle classes (e.g. in `org.apache.brooklyn.util.core.crypto.SecureKeys`). That

[GitHub] kemitix commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18

kemitix commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18 URL: https://github.com/apache/brooklyn-server/pull/1041#issuecomment-462409516 @aledsage `commons-compress` 1.18 no longer has that dependency. I'll try taking it out and remove it from the bundle,

Jenkins build is back to normal : brooklyn-master-build-docker #1445

See

[GitHub] asfgit merged pull request #1037: tidy string/primitive coercion

asfgit merged pull request #1037: tidy string/primitive coercion URL: https://github.com/apache/brooklyn-server/pull/1037 This is an automated message from the Apache Git Service. To respond to the message, please log on

[GitHub] kemitix commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18

kemitix commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18 URL: https://github.com/apache/brooklyn-server/pull/1041#issuecomment-462402485 @aledsage Look like it might have been an overzealous use of IntelliJ's extracting a version value as a property. I'll

[GitHub] aledsage commented on issue #1040: [WIP] [Security] Bump logback.version from 1.0.7 to 1.2.3

aledsage commented on issue #1040: [WIP] [Security] Bump logback.version from 1.0.7 to 1.2.3 URL: https://github.com/apache/brooklyn-server/pull/1040#issuecomment-462405430 Test failure in jenkins is: ``` [ERROR] Failed to execute goal

[GitHub] aledsage commented on issue #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60

aledsage commented on issue #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60 URL: https://github.com/apache/brooklyn-server/pull/1039#issuecomment-462407963 Also not sure if sshj will work properly when compiled against v1.51 and then using v1.60: ``` [INFO] | |

[GitHub] ahgittin commented on issue #1037: tidy string/primitive coercion

ahgittin commented on issue #1037: tidy string/primitive coercion URL: https://github.com/apache/brooklyn-server/pull/1037#issuecomment-462466437 server-side testing looks broken or slow -- tests pass locally now. merging.

[GitHub] kemitix commented on issue #1035: DO NOT MERGE Use dependencyManagement from Karaf as a bom

kemitix commented on issue #1035: DO NOT MERGE Use dependencyManagement from Karaf as a bom URL: https://github.com/apache/brooklyn-server/pull/1035#issuecomment-462401058 @aledsage Updated: Overriding the dependency, much as karaf appear to do themselves, fixes this.

[GitHub] aledsage commented on issue #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60

aledsage commented on issue #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60 URL: https://github.com/apache/brooklyn-server/pull/1039#issuecomment-462406602 Note that from other karaf features in brooklyn, we'll also get the older version installed (v1.51). I'm not sure

[GitHub] kemitix commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18

kemitix commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18 URL: https://github.com/apache/brooklyn-server/pull/1041#issuecomment-462406074 @aledsage Okay, I'll check what version goes with 1.18 and add a comment to both that they need to be updated as a

[GitHub] aledsage commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18

aledsage commented on issue #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18 URL: https://github.com/apache/brooklyn-server/pull/1041#issuecomment-462399243 @kemitix how does this relate in `brooklyn-server/karaf/features/src/main/feature/feature.xml`: ```

Build failed in Jenkins: brooklyn-master-build-docker-pipeline #146

See -- [...truncated 135210 lines...] Progress (1): 1.3/1.5 MB Progress (1): 1.3/1.5 MB Progress (1): 1.3/1.5 MB Progress (1): 1.3/1.5 MB Progress (1): 1.3/1.5 MB

[GitHub] ahgittin opened a new pull request #1042: bump commons-compress

ahgittin opened a new pull request #1042: bump commons-compress URL: https://github.com/apache/brooklyn-server/pull/1042 from 1.4 to 1.4.1 to avoid being flagged as a CVE (both very old versions, not tested with 1.18, but 1.4.1 has the fix in question)

[GitHub] asfgit merged pull request #1038: [WIP] [Security] Bump xstream from 1.4.8 to 1.4.11.1

asfgit merged pull request #1038: [WIP] [Security] Bump xstream from 1.4.8 to 1.4.11.1 URL: https://github.com/apache/brooklyn-server/pull/1038 This is an automated message from the Apache Git Service. To respond to the

[GitHub] ahgittin commented on issue #1038: [WIP] [Security] Bump xstream from 1.4.8 to 1.4.11.1

ahgittin commented on issue #1038: [WIP] [Security] Bump xstream from 1.4.8 to 1.4.11.1 URL: https://github.com/apache/brooklyn-server/pull/1038#issuecomment-462597312 don't think anything else is needed? merging. This is

[GitHub] ahgittin commented on issue #1040: [WIP] [Security] Bump logback.version from 1.0.7 to 1.2.3

ahgittin commented on issue #1040: [WIP] [Security] Bump logback.version from 1.0.7 to 1.2.3 URL: https://github.com/apache/brooklyn-server/pull/1040#issuecomment-462598937 unsurprising that this jump caused issues. this CVE doesn't seem to upset users so not a priority -- and lots of

Build failed in Jenkins: brooklyn-master-build-docker #1449

See -- [...truncated 15.89 MB...] at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:227) at

Build failed in Jenkins: brooklyn-master-build-docker #1450

See -- [...truncated 14.69 MB...] at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:227) at

[GitHub] ahgittin commented on issue #1036: Fix session cleaner

ahgittin commented on issue #1036: Fix session cleaner URL: https://github.com/apache/brooklyn-server/pull/1036#issuecomment-462268046 two fixes. also could you remove the `log.debug` i accidentally committed on line 218 ? :) thx

[GitHub] kemitix opened a new pull request #1038: [WIP] [Security] Bump xstream from 1.4.8 to 1.4.11.1

kemitix opened a new pull request #1038: [WIP] [Security] Bump xstream from 1.4.8 to 1.4.11.1 URL: https://github.com/apache/brooklyn-server/pull/1038 Bumps [xstream](https://github.com/x-stream/xstream) from 1.4.8 to 1.4.11.1. **This update includes security fixes.**

[GitHub] kemitix opened a new pull request #1040: [WIP] [Security] Bump logback.version from 1.0.7 to 1.2.3

kemitix opened a new pull request #1040: [WIP] [Security] Bump logback.version from 1.0.7 to 1.2.3 URL: https://github.com/apache/brooklyn-server/pull/1040 Bumps `logback.version` from 1.0.7 to 1.2.3. Updates `logback-classic` from 1.0.7 to 1.2.3. **This update includes security

[GitHub] kemitix opened a new pull request #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60

kemitix opened a new pull request #1039: [WIP] [Security] Bump bouncycastle.version from 1.51 to 1.60 URL: https://github.com/apache/brooklyn-server/pull/1039 Bumps `bouncycastle.version` from 1.51 to 1.60. Updates `bcprov-ext-jdk15on` from 1.51 to 1.60. **This update includes

[GitHub] kemitix opened a new pull request #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18

kemitix opened a new pull request #1041: [WIP] [Security] Bump commons-compress from 1.4 to 1.18 URL: https://github.com/apache/brooklyn-server/pull/1041 Bumps commons-compress from 1.4 to 1.18. **This update includes security fixes.** Vulnerabilities fixed *Sourced from

[GitHub] aledsage commented on issue #1037: tidy string/primitive coercion

aledsage commented on issue #1037: tidy string/primitive coercion URL: https://github.com/apache/brooklyn-server/pull/1037#issuecomment-462272662 @ahgittin test failure looks related to changes (`TypeCoercionsTest.testCoercePrimitiveFailures`): ``` java.lang.AssertionError: Error

[GitHub] aledsage commented on issue #1037: tidy string/primitive coercion

aledsage commented on issue #1037: tidy string/primitive coercion URL: https://github.com/apache/brooklyn-server/pull/1037#issuecomment-462274678 Other than failing unit test, LGTM. Happy for this to be merged once that is fixed @ahgittin

[GitHub] asfgit merged pull request #1036: Fix session cleaner

asfgit merged pull request #1036: Fix session cleaner URL: https://github.com/apache/brooklyn-server/pull/1036 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use

[GitHub] ahgittin commented on issue #122: Change NO-CONNECTION error message

ahgittin commented on issue #122: Change NO-CONNECTION error message URL: https://github.com/apache/brooklyn-ui/pull/122#issuecomment-462294694 LGTM This is an automated message from the Apache Git Service. To respond to the

[GitHub] kemitix opened a new pull request #278: Replace reference to AMP with Brooklyn

kemitix opened a new pull request #278: Replace reference to AMP with Brooklyn URL: https://github.com/apache/brooklyn-docs/pull/278 This is an automated message from the Apache Git Service. To respond to the message, please

[GitHub] duncangrant merged pull request #278: Replace reference to AMP with Brooklyn

duncangrant merged pull request #278: Replace reference to AMP with Brooklyn URL: https://github.com/apache/brooklyn-docs/pull/278 This is an automated message from the Apache Git Service. To respond to the message, please

[GitHub] kemitix commented on issue #1035: DO NOT MERGE Use dependencyManagement from Karaf as a bom

kemitix commented on issue #1035: DO NOT MERGE Use dependencyManagement from Karaf as a bom URL: https://github.com/apache/brooklyn-server/pull/1035#issuecomment-462329586 There are problems being reported by `brooklyn-dist` when building againt this PR. Need to look into that before

[GitHub] ahgittin commented on issue #1036: Fix session cleaner

ahgittin commented on issue #1036: Fix session cleaner URL: https://github.com/apache/brooklyn-server/pull/1036#issuecomment-462290489 looks good @jcabrerizo, merging (will change log level on line 218 as above -- it was my mistake anyway!)

[GitHub] asfgit merged pull request #122: Change NO-CONNECTION error message

asfgit merged pull request #122: Change NO-CONNECTION error message URL: https://github.com/apache/brooklyn-ui/pull/122 This is an automated message from the Apache Git Service. To respond to the message, please log on

[GitHub] aledsage commented on issue #1035: DO NOT MERGE Use dependencyManagement from Karaf as a bom

aledsage commented on issue #1035: DO NOT MERGE Use dependencyManagement from Karaf as a bom URL: https://github.com/apache/brooklyn-server/pull/1035#issuecomment-462397221 I like the approach, the changes look good, but `brooklyn-dist` build fails for me with these changes due to the