java-sig-commits September 2017

java-sig-commits@lists.fedoraproject.org

1 participants
290 discussions

[Bug 1490329] New: Please update to junit 5
by bugzilla＠redhat.com 07 Nov '17

07 Nov '17

https://bugzilla.redhat.com/show_bug.cgi?id=1490329 Bug ID: 1490329 Summary: Please update to junit 5 Product: Fedora Version: rawhide Component: junit4 Assignee: extras-orphan(a)fedoraproject.org Reporter: akurtako(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dwalluck(a)redhat.com, extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org Please update to JUnit 5 or add it as new package. Eclipse upstream gained dependency on it and we will need it for future updates. -- You are receiving this mail because: You are on the CC list for the bug.

1 11

[Bug 1408164] New: CVE-2016-9878 Spring Framework: Directory Traversal in the Spring Framework ResourceServlet
by Red Hat Bugzilla 02 Nov '17

02 Nov '17

https://bugzilla.redhat.com/show_bug.cgi?id=1408164 Bug ID: 1408164 Summary: CVE-2016-9878 Spring Framework: Directory Traversal in the Spring Framework ResourceServlet Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: abhgupta(a)redhat.com, aileenc(a)redhat.com, alazarot(a)redhat.com, aszczucz(a)redhat.com, avibelli(a)redhat.com, awels(a)redhat.com, bazulay(a)redhat.com, bdawidow(a)redhat.com, bmcclain(a)redhat.com, chazlett(a)redhat.com, coneill(a)redhat.com, dandread(a)redhat.com, dblechte(a)redhat.com, dmcphers(a)redhat.com, eedri(a)redhat.com, epp-bugs(a)redhat.com, etirelli(a)redhat.com, felias(a)redhat.com, fnasser(a)redhat.com, gklein(a)redhat.com, gsterlin(a)redhat.com, gvarsami(a)redhat.com, hchiorea(a)redhat.com, hfnukal(a)redhat.com, huwang(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jbalunas(a)redhat.com, jbpapp-maint(a)redhat.com, jcoleman(a)redhat.com, jialiu(a)redhat.com, jokerman(a)redhat.com, jolee(a)redhat.com, jpallich(a)redhat.com, jshepherd(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, kverlaen(a)redhat.com, ldimaggi(a)redhat.com, lgao(a)redhat.com, lmeyer(a)redhat.com, lpetrovi(a)redhat.com, lsurette(a)redhat.com, mbaluch(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mmccomas(a)redhat.com, mweiler(a)redhat.com, mwinkler(a)redhat.com, myarboro(a)redhat.com, nthomas(a)redhat.com, nwallace(a)redhat.com, oourfali(a)redhat.com, pavelp(a)redhat.com, puntogil(a)libero.it, rbalakri(a)redhat.com, Rhev-m-bugs(a)redhat.com, rrajasek(a)redhat.com, rwagner(a)redhat.com, rzhang(a)redhat.com, sankarshan(a)redhat.com, sbonazzo(a)redhat.com, sherold(a)redhat.com, sisharma(a)redhat.com, soa-p-jira(a)post-office.corp.redhat.com, srevivo(a)redhat.com, tcunning(a)redhat.com, theute(a)redhat.com, tiwillia(a)redhat.com, tjay(a)redhat.com, tkirby(a)redhat.com, twalsh(a)redhat.com, vhalbert(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com It was found that paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. Upstream bug: https://jira.spring.io/browse/SPR-14946 Upstream patches: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a49… https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d794… https://github.com/spring-projects/spring-framework/commit/a7dc48534ea50152… External References: https://pivotal.io/security/cve-2016-9878 -- You are receiving this mail because: You are on the CC list for the bug.

2 20

[Bug 1404645] New: CVE-2016-681 activemq: Cross-site scripting in web based administration console
by Red Hat Bugzilla 01 Nov '17

01 Nov '17

https://bugzilla.redhat.com/show_bug.cgi?id=1404645 Bug ID: 1404645 Summary: CVE-2016-681 activemq: Cross-site scripting in web based administration console Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: abhgupta(a)redhat.com, agrimm(a)gmail.com, aileenc(a)redhat.com, ccoleman(a)redhat.com, chazlett(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, gvarsami(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, jgoulding(a)redhat.com, jialiu(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, ldimaggi(a)redhat.com, lmeyer(a)redhat.com, mmccomas(a)redhat.com, nwallace(a)redhat.com, pavelp(a)redhat.com, puntogil(a)libero.it, rwagner(a)redhat.com, soa-p-jira(a)post-office.corp.redhat.com, s(a)shk.io, tcunning(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com, tkirby(a)redhat.com An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. Affected versions: ActiveMQ 5.0.0 - 5.14.1 External Reference: http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcem… -- You are receiving this mail because: You are on the CC list for the bug.

2 10

[Bug 1438104] New: bridge-method-injector-1.15 is available
by bugzilla＠redhat.com 29 Oct '17

29 Oct '17

https://bugzilla.redhat.com/show_bug.cgi?id=1438104 Bug ID: 1438104 Summary: bridge-method-injector-1.15 is available Product: Fedora Version: rawhide Component: bridge-method-injector Keywords: FutureFeature, Triaged Assignee: msrb(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Latest upstream release: 1.15 Current version/release in rawhide: 1.14-6.fc26 URL: https://github.com/infradna/bridge-method-injector Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/218/ -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1495241] New: [tomcat] zip -u in spec file causes race condition
by bugzilla＠redhat.com 24 Oct '17

24 Oct '17

https://bugzilla.redhat.com/show_bug.cgi?id=1495241 Bug ID: 1495241 Summary: [tomcat] zip -u in spec file causes race condition Product: Fedora Version: rawhide Component: tomcat Assignee: ivan.afonichev(a)gmail.com Reporter: tdawson(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, alee(a)redhat.com, csutherl(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, me(a)coolsvap.net Description of problem: zip -u is being used to update META-INF/MANIFEST.MF in jar files zip -u will "Update existing entries if newer on the file system" Unfortunately zip is only looking at the minute that a file is updated. We are finding on fast test machines that the content of the jar, and the new META-INF/MANIFEST.MF, are being created in the same minute. Thus when the zip -u is ran, the MANIFEST.MF isn't updated, zip returns a non 0 error code, and the build fails. "zip -u" should be changed to "zip", which changes the zip command from "update" to "add" zip (add) will "Update existing entries and add new files. ... This is the default mode." If you can change your spec files to use just "zip" instead of "zip -u", that will solve this race condition Version-Release number of selected component (if applicable): tomcat-8.0.46-1.fc28 How reproducible: 5-95% - depending on the speed of the machine. Steps to Reproduce: 1. koji build 2. 3. Actual results: + zip -u build/lib/<jar-name>.jar META-INF/MANIFEST.MF RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.oh6WeU (%build) Bad exit status from /var/tmp/rpm-tmp.oh6WeU (%build) Child return code was: 1 Expected results: ... + zip -u build/lib/<jar-name>.jar META-INF/MANIFEST.MF updating: META-INF/MANIFEST.MF (deflated 56%) ... -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1493800] New: joda-convert-v1.9.2 is available
by bugzilla＠redhat.com 22 Oct '17

22 Oct '17

https://bugzilla.redhat.com/show_bug.cgi?id=1493800 Bug ID: 1493800 Summary: joda-convert-v1.9.2 is available Product: Fedora Version: rawhide Component: joda-convert Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, SpikeFedora(a)gmail.com Latest upstream release: v1.9.2 Current version/release in rawhide: 1.8.3-1.fc28 URL: https://github.com/JodaOrg/joda-convert Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1465/ -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1442391] New: gradle-3.5.0 is available
by bugzilla＠redhat.com 17 Oct '17

17 Oct '17

https://bugzilla.redhat.com/show_bug.cgi?id=1442391 Bug ID: 1442391 Summary: gradle-3.5.0 is available Product: Fedora Version: rawhide Component: gradle Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 3.5.0 Current version/release in rawhide: 2.13-7.fc26 URL: http://www.gradle.org/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/6088/ -- You are receiving this mail because: You are on the CC list for the bug.

1 14

[Bug 1497365] New: aqute-bnd-3.5.0 is available
by bugzilla＠redhat.com 13 Oct '17

13 Oct '17

https://bugzilla.redhat.com/show_bug.cgi?id=1497365 Bug ID: 1497365 Summary: aqute-bnd-3.5.0 is available Product: Fedora Version: rawhide Component: aqute-bnd Keywords: FutureFeature, Triaged Assignee: msimacek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 3.5.0 Current version/release in rawhide: 3.4.0-2.fc28 URL: http://bnd.bndtools.org/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/98/ -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1494295] New: log4j-2.9.1 is available
by bugzilla＠redhat.com 13 Oct '17

13 Oct '17

https://bugzilla.redhat.com/show_bug.cgi?id=1494295 Bug ID: 1494295 Summary: log4j-2.9.1 is available Product: Fedora Version: rawhide Component: log4j Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: devrim(a)gunduz.org, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 2.9.1 Current version/release in rawhide: 2.9.0-1.fc28 URL: http://www.apache.org/dist/logging/log4j Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1836/ -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1495231] New: [lucene3] zip -u in spec file causes race condition
by bugzilla＠redhat.com 09 Oct '17

09 Oct '17

https://bugzilla.redhat.com/show_bug.cgi?id=1495231 Bug ID: 1495231 Summary: [lucene3] zip -u in spec file causes race condition Product: Fedora Version: rawhide Component: lucene3 Assignee: puntogil(a)libero.it Reporter: tdawson(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mgoldman(a)redhat.com, puntogil(a)libero.it Description of problem: zip -u is being used to update META-INF/MANIFEST.MF in jar files zip -u will "Update existing entries if newer on the file system" Unfortunately zip is only looking at the minute that a file is updated. We are finding on fast test machines that the content of the jar, and the new META-INF/MANIFEST.MF, are being created in the same minute. Thus when the zip -u is ran, the MANIFEST.MF isn't updated, zip returns a non 0 error code, and the build fails. "zip -u" should be changed to "zip", which changes the zip command from "update" to "add" zip (add) will "Update existing entries and add new files. ... This is the default mode." If you can change your spec files to use just "zip" instead of "zip -u", that will solve this race condition Version-Release number of selected component (if applicable): lucene3-3.6.2-11.fc28 How reproducible: 5-95% - depending on the speed of the machine. Steps to Reproduce: 1. koji build 2. 3. Actual results: + zip -u build/lib/<jar-name>.jar META-INF/MANIFEST.MF RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.oh6WeU (%build) Bad exit status from /var/tmp/rpm-tmp.oh6WeU (%build) Child return code was: 1 Expected results: ... + zip -u build/lib/<jar-name>.jar META-INF/MANIFEST.MF updating: META-INF/MANIFEST.MF (deflated 56%) ... -- You are receiving this mail because: You are on the CC list for the bug.

1 2

← Newer
1
...
15
16
17
18
19
20
21
...
29
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits September 2017