Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
Elson,

I see you applied then reverted the change in R3_9_maintenance of webtools.servertools, 9 mins after merging my fix. 

Are you working on a variation / fork of my solution? 

Nick

On Wed, Nov 29, 2017 at 12:15 PM, Nick Boldt <nboldt@xxxxxxxxxx> wrote:
Commented in the gerrit: "I didn't add apache.commons.logging. I just reordered the manifest.mf so the contents were alphabetically sequenced. #OCD"

Flags added:

pmc_approved: ?
review: ?
oxygen: +

I'd add a photon flag but I can't and I don't have bugzilla admin rights to add that.

(Related, I've seen in some wtp bugzilla components that there's no 3.10 target, but again, I can't add it. 
Can someone grant me access to admin that, or else add it for me?)



On Wed, Nov 29, 2017 at 12:06 PM, Elson Yuen <eyuen@xxxxxxxxxx> wrote:

Nick,

I added a review comment to https://git.eclipse.org/r/#/c/112368/ . Also, would you mind to fill in the PMC approval template on that bug?

Thanks,
Elson

-----------------------------------------------------------------
Elson Yuen, P.Eng.
WebSphere Server Tools and Bluemix Tools Architect
IBM Toronto Lab
Tel: (905) 413-2689, T/L: 313-2689


Inactive hide details for Nick Boldt ---2017/11/29 11:35:26 AM---Copying PMC list for wider audience. Please review this suggesNick Boldt ---2017/11/29 11:35:26 AM---Copying PMC list for wider audience. Please review this suggested change. I've already implemented i

From: Nick Boldt <nboldt@xxxxxxxxxx>
To: WTP PMC communications <wtp-pmc@xxxxxxxxxxx>
Date: 2017/11/29 11:35 AM
Subject: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
Sent by: wtp-pmc-bounces@xxxxxxxxxxx




Copying PMC list for wider audience.

Please review this suggested change. I've already implemented it in master but need at least ONE +1 from SOMEONE before I go breaking R3_9 branch. :D


---------- Forwarded message ----------
From: Nick Boldt <nboldt@xxxxxxxxxx>
Date: Mon, Nov 27, 2017 at 3:18 PM
Subject: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
To: Elson Yuen <eyuen@xxxxxxxxxx>, Gorkem Ercan <gercan@xxxxxxxxxx>
Cc: Chuck Bridgham <cbridgha@xxxxxxxxxx>, Carl Anderson <ccc@xxxxxxxxxx>, Rob Stryker <stryker@xxxxxxxxxx>


Recently, I discovered that the WTP 3.9.2.RC1 build (as included in Oxygen.2.RC2) contains Jetty 9.4.5, which contains some tragic security flaws. Oxygen.2.RC2 contains a few vestigial Jetty 9.4.5 plugins, but not all of them as it has moved up to Jetty 9.4.7.

So, I'm wondering if there are any objections to having WTP 3.9.2.RC2 (and 3.10.M4) updated to use Jetty 9.4.7. 

Here's my propsed fix for both branches:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=527813

Note that the gerrit verifications will fail until the change is applied in the parent pom, but I didn't want to apply that without first running it past you guys.

As a reminder, Oxygen.2.RC3 +2 is tomorrow, which means we have only 1 week to get this fix pushed, built, and smoke tested if we want it for RC4. 

What do you think? Safe to merge?

Fixes for R3_9_maintenance:
https://git.eclipse.org/r/#/c/112367/1/wtp-parent/pom.xml (use Jetty 9.4.7)
then
https://git.eclipse.org/r/#/c/112366/

Fixes for master:
https://git.eclipse.org/r/#/c/112364/1/wtp-parent/pom.xml (use Jetty 9.4.7)
then
https://git.eclipse.org/r/#/c/112368/ (cherry-picked from R3_9_maintenance)
and
https://git.eclipse.org/r/#/c/112369/ (bump versions)
Nick

-- 
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com

TRIED. TESTED. TRUSTED.
@ @redhatnews      Red Hat



--
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com

TRIED. TESTED. TRUSTED.
@ @redhatnews      Red Hat_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://urldefense.proofpoint.com/v2/url?u=https-3A__dev.eclipse.org_mailman_listinfo_wtp-2Dpmc&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=2m2vadt_yEvQYGyCQerPKQ&m=GFZ5hewIX5sxDhBiBNCiaU4QAVpfc0F3pKKljNGlVVY&s=9c3aJkB6negCXfdcdVFZrNMRgHypI8-tDAQWr9b6Bf0&e=



_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/wtp-pmc



--

Nick Boldt

Senior Software Engineer, RHCSA

Productization Lead :: JBoss Tools & Dev Studio

IM: @nickboldt / @nboldt / http://nick.divbyzero.com




--

Nick Boldt

Senior Software Engineer, RHCSA

Productization Lead :: JBoss Tools & Dev Studio

IM: @nickboldt / @nboldt / http://nick.divbyzero.com

Back to the top