java-sig-commits March 2016

java-sig-commits@lists.fedoraproject.org

3 participants
219 discussions

[Bug 958727] New: plexus-utils: XMLWriterUtil should guard against problematic comments
by Red Hat Bugzilla 09 May '16

09 May '16

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=958727 Bug ID: 958727 Summary: plexus-utils: XMLWriterUtil should guard against problematic comments Product: Fedora Version: rawhide Component: plexus-utils Severity: unspecified Priority: unspecified Assignee: fnasser(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Blocks: 958220 Category: --- org.codehaus.plexus.util.xml#writeComment(XMLWriter, String, int, int, int) does not check if the comment includes a "-->" sequence. This means that text contained in the command string could be interpreted as XML, possibly leading to XML injection issues, depending on how this method is being called. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=N5myzkUcYQ&a=cc_unsubscribe

1 6

[Bug 958221] New: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand
by Red Hat Bugzilla 09 May '16

09 May '16

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=958221 Bug ID: 958221 Summary: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand Product: Fedora Version: rawhide Component: plexus-utils Severity: unspecified Priority: unspecified Assignee: fnasser(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Blocks: 958220 Category: --- org.codehaus.plexus.util.Expand does not guard against directory traversal, but such protection is generally expected from unarchiving tools. I think the class should just be deprecated and removed because there do not appear to be any users left (not even a test case). -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hp1lhU9LQd&a=cc_unsubscribe

1 5

[Bug 1309919] New: maven-site-plugin-3.5 is available
by Red Hat Bugzilla 05 May '16

05 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1309919 Bug ID: 1309919 Summary: maven-site-plugin-3.5 is available Product: Fedora Version: rawhide Component: maven-site-plugin Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 3.5 Current version/release in rawhide: 3.4-5.fc24 URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-site-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1305709] New: maven-doxia-1.7 is available
by Red Hat Bugzilla 04 May '16

04 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1305709 Bug ID: 1305709 Summary: maven-doxia-1.7 is available Product: Fedora Version: rawhide Component: maven-doxia Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mefoster(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 1.7 Current version/release in rawhide: 1.6-5.fc24 URL: http://repo2.maven.org/maven2/org/apache/maven/doxia/doxia Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1286800] New: Failed to start component due to wrong allowLinking="true" in context.xml
by Red Hat Bugzilla 02 May '16

02 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1286800 Bug ID: 1286800 Summary: Failed to start component due to wrong allowLinking="true" in context.xml Product: Fedora Version: 23 Component: tomcat Severity: low Assignee: ivan.afonichev(a)gmail.com Reporter: wolf(a)parallels.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, me(a)coolsvap.net Description of problem: Failed to start component due to wrong allowLinking="true" in context.xml Version-Release number of selected component (if applicable): tomcat-webapps-8.0.26-1.fc23.noarch How reproducible: 100% Steps to Reproduce: 1. Try to open tomcat example 2. It fails Actual results: In tomcat logs: --- 30-Nov-2015 15:03:45.958 WARNING [localhost-startStop-1] org.apache.catalina.startup.SetContextPropertiesRule.begin SetContextPropertiesRule]{Context} Setting property 'allowLinking' to 'true' did not find a matching property. 30-Nov-2015 15:03:45.992 SEVERE [localhost-startStop-1] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component StandardEngine[Catalina].StandardHost[localhost].StandardContext[/examples]] --- Expected results: No failures Additional info: As described here: https://tomcat.apache.org/migration-8.html#Web_application_resources the /var/lib/tomcat/webapps/examples/META-INF/context.xml should contain <Context> <Resources allowLinking="true" /> </Context> instead of <Context allowLinking="true"/> -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DGimPgIyUm&a=cc_unsubscribe

1 5

[Bug 1243132] New: Recommend tomcat-native
by Red Hat Bugzilla 02 May '16

02 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1243132 Bug ID: 1243132 Summary: Recommend tomcat-native Product: Fedora Version: rawhide Component: tomcat Assignee: ivan.afonichev(a)gmail.com Reporter: ville.skytta(a)iki.fi QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, me(a)coolsvap.net Per https://fedoraproject.org/wiki/Packaging:WeakDependencies I think Recommends is fine for this, but if you want to go softer, Suggests works for that. 'git am'able fix attached, let me know if you'd like me to push and build this for devel. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OxZiNHjLDA&a=cc_unsubscribe

1 5

[Bug 1309503] New: maven-source-plugin-3.0.0 is available
by Red Hat Bugzilla 02 May '16

02 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1309503 Bug ID: 1309503 Summary: maven-source-plugin-3.0.0 is available Product: Fedora Version: rawhide Component: maven-source-plugin Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 3.0.0 Current version/release in rawhide: 2.4-4.fc24 URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-source-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1294483] New: checkstyle-6.14 is available
by Red Hat Bugzilla 02 May '16

02 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1294483 Bug ID: 1294483 Summary: checkstyle-6.14 is available Product: Fedora Version: rawhide Component: checkstyle Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 6.14 Current version/release in rawhide: 6.13-1.fc24 URL: http://sourceforge.net/projects/checkstyle Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qQOhHvyksf&a=cc_unsubscribe

1 11

[Bug 1297240] New: maven-shade-plugin-2.4.3 is available
by Red Hat Bugzilla 02 May '16

02 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1297240 Bug ID: 1297240 Summary: maven-shade-plugin-2.4.3 is available Product: Fedora Version: rawhide Component: maven-shade-plugin Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 2.4.3 Current version/release in rawhide: 2.4.2-1.fc24 URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-shade-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bCe9Op6tOj&a=cc_unsubscribe

1 5

[Bug 1287384] New: xbean-4.5 is available
by Red Hat Bugzilla 02 May '16

02 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1287384 Bug ID: 1287384 Summary: xbean-4.5 is available Product: Fedora Version: rawhide Component: xbean Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 4.5 Current version/release in rawhide: 4.4-1.fc24 URL: http://repo2.maven.org/maven2/org/apache/xbean/xbean/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QKeKr8cZDz&a=cc_unsubscribe

1 11

← Newer
1
...
10
11
12
13
14
15
16
...
22
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2016