Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958727
Bug ID: 958727
Summary: plexus-utils: XMLWriterUtil should guard against
problematic comments
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.xml#writeComment(XMLWriter, String, int, int, int)
does not check if the comment includes a "-->" sequence. This means that text
contained in the command string could be interpreted as XML, possibly leading
to XML injection issues, depending on how this method is being called.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=N5myzkUcYQ&a=cc_unsubscribe
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958221
Bug ID: 958221
Summary: plexus-utils: directory traversal in
org.codehaus.plexus.util.Expand
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.Expand does not guard against directory traversal, but
such protection is generally expected from unarchiving tools.
I think the class should just be deprecated and removed because there do not
appear to be any users left (not even a test case).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hp1lhU9LQd&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1309919
Bug ID: 1309919
Summary: maven-site-plugin-3.5 is available
Product: Fedora
Version: rawhide
Component: maven-site-plugin
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
Latest upstream release: 3.5
Current version/release in rawhide: 3.4-5.fc24
URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-site-plugin/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1305709
Bug ID: 1305709
Summary: maven-doxia-1.7 is available
Product: Fedora
Version: rawhide
Component: maven-doxia
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mefoster(a)gmail.com, mizdebsk(a)redhat.com,
msimacek(a)redhat.com, msrb(a)redhat.com
Latest upstream release: 1.7
Current version/release in rawhide: 1.6-5.fc24
URL: http://repo2.maven.org/maven2/org/apache/maven/doxia/doxia
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1286800
Bug ID: 1286800
Summary: Failed to start component due to wrong
allowLinking="true" in context.xml
Product: Fedora
Version: 23
Component: tomcat
Severity: low
Assignee: ivan.afonichev(a)gmail.com
Reporter: wolf(a)parallels.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, csutherl(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, me(a)coolsvap.net
Description of problem:
Failed to start component due to wrong allowLinking="true" in context.xml
Version-Release number of selected component (if applicable):
tomcat-webapps-8.0.26-1.fc23.noarch
How reproducible:
100%
Steps to Reproduce:
1. Try to open tomcat example
2. It fails
Actual results:
In tomcat logs:
---
30-Nov-2015 15:03:45.958 WARNING [localhost-startStop-1]
org.apache.catalina.startup.SetContextPropertiesRule.begin
SetContextPropertiesRule]{Context} Setting property 'allowLinking' to 'true'
did not find a matching property.
30-Nov-2015 15:03:45.992 SEVERE [localhost-startStop-1]
org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild:
start:
org.apache.catalina.LifecycleException: Failed to start component
StandardEngine[Catalina].StandardHost[localhost].StandardContext[/examples]]
---
Expected results:
No failures
Additional info:
As described here:
https://tomcat.apache.org/migration-8.html#Web_application_resources
the /var/lib/tomcat/webapps/examples/META-INF/context.xml should contain
<Context>
<Resources allowLinking="true" />
</Context>
instead of
<Context allowLinking="true"/>
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DGimPgIyUm&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1243132
Bug ID: 1243132
Summary: Recommend tomcat-native
Product: Fedora
Version: rawhide
Component: tomcat
Assignee: ivan.afonichev(a)gmail.com
Reporter: ville.skytta(a)iki.fi
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, me(a)coolsvap.net
Per https://fedoraproject.org/wiki/Packaging:WeakDependencies
I think Recommends is fine for this, but if you want to go softer,
Suggests works for that.
'git am'able fix attached, let me know if you'd like me to push and
build this for devel.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OxZiNHjLDA&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1309503
Bug ID: 1309503
Summary: maven-source-plugin-3.0.0 is available
Product: Fedora
Version: rawhide
Component: maven-source-plugin
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
Latest upstream release: 3.0.0
Current version/release in rawhide: 2.4-4.fc24
URL:
http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-source-plugin/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1294483
Bug ID: 1294483
Summary: checkstyle-6.14 is available
Product: Fedora
Version: rawhide
Component: checkstyle
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
Latest upstream release: 6.14
Current version/release in rawhide: 6.13-1.fc24
URL: http://sourceforge.net/projects/checkstyle
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qQOhHvyksf&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1297240
Bug ID: 1297240
Summary: maven-shade-plugin-2.4.3 is available
Product: Fedora
Version: rawhide
Component: maven-shade-plugin
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: jaromir.capik(a)email.cz,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
Latest upstream release: 2.4.3
Current version/release in rawhide: 2.4.2-1.fc24
URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-shade-plugin/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bCe9Op6tOj&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1287384
Bug ID: 1287384
Summary: xbean-4.5 is available
Product: Fedora
Version: rawhide
Component: xbean
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com,
msimacek(a)redhat.com, msrb(a)redhat.com
Latest upstream release: 4.5
Current version/release in rawhide: 4.4-1.fc24
URL: http://repo2.maven.org/maven2/org/apache/xbean/xbean/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QKeKr8cZDz&a=cc_unsubscribe