| Re: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches |
Nick,
In case you aren't aware, the WTP PMC defect review process is documented at https://wiki.eclipse.org/WTP_PMC_Defect_Review
FWIW,
- Carl Anderson
WTP PMC lead"Elson Yuen" ---11/29/2017 03:06:38 PM---Nick, I was meant to merging the patch on the master stream and accidentally
From: "Elson Yuen" <eyuen@xxxxxxxxxx>
To: "WTP PMC communications \(including coordination, announcements, and Group discussions\)" <wtp-pmc@xxxxxxxxxxx>
Date: 11/29/2017 03:06 PM
Subject: Re: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
Sent by: wtp-pmc-bounces@xxxxxxxxxxx
Nick,
I was meant to merging the patch on the master stream and accidentally merged the R3_9_maintenance one (working on the wrong window). I, then, check the parent one https://git.eclipse.org/r/#/c/112367/ and that was not merged yet. Also, the PMC approval template (from https://wiki.eclipse.org/WTP_PMC_Defect_Review ) has not been filled on the bug and the bug has not formally go through the PMC approval on the 3.9.2 stream yet. That's why I reverted the change and will merge once the PMC process has been fullfilled.
Would you mind to fill in the PMC approval template? I'll merge once it has been PMC approved.
Also, I merged the master stream ones:
https://git.eclipse.org/r/#/c/112368/
https://git.eclipse.org/r/#/c/112369/
Thanks,
Elson
------------------------------------------------------------ -----
Elson Yuen, P.Eng.
WebSphere Server Tools and Bluemix Tools Architect
IBM Toronto Lab
Tel: (905) 413-2689, T/L: 313-2689
From: Nick Boldt <nboldt@xxxxxxxxxx>
To: "WTP PMC communications (including coordination, announcements, and Group discussions)" <wtp-pmc@xxxxxxxxxxx>
Date: 2017/11/29 12:24 PM
Subject: Re: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
Sent by: wtp-pmc-bounces@xxxxxxxxxxx
Elson,
I see you applied then reverted the change in R3_9_maintenance of webtools.servertools, 9 mins after merging my fix.
Are you working on a variation / fork of my solution?
Nick
On Wed, Nov 29, 2017 at 12:15 PM, Nick Boldt <nboldt@xxxxxxxxxx> wrote:
Commented in the gerrit: "I didn't add apache.commons.logging. I just reordered the manifest.mf so the contents were alphabetically sequenced. #OCD"
Flags added:
pmc_approved: ?
review: ?
oxygen: +
I'd add a photon flag but I can't and I don't have bugzilla admin rights to add that.
(Related, I've seen in some wtp bugzilla components that there's no 3.10 target, but again, I can't add it.
Can someone grant me access to admin that, or else add it for me?)
On Wed, Nov 29, 2017 at 12:06 PM, Elson Yuen <eyuen@xxxxxxxxxx> wrote:
Nick,
I added a review comment to https://git.eclipse.org/r/#/c/112368/ . Also, would you mind to fill in the PMC approval template on that bug?
Thanks,
Elson
------------------------------------------------------------ (905) 413-2689, T/L: 313-2689-----
Elson Yuen, P.Eng.
WebSphere Server Tools and Bluemix Tools Architect
IBM Toronto Lab
Tel:
From: Nick Boldt <nboldt@xxxxxxxxxx>
To: WTP PMC communications <wtp-pmc@xxxxxxxxxxx>
Date: 2017/11/29 11:35 AM
Subject: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
Sent by: wtp-pmc-bounces@xxxxxxxxxxx
Copying PMC list for wider audience.
Please review this suggested change. I've already implemented it in master but need at least ONE +1 from SOMEONE before I go breaking R3_9 branch. :D
---------- Forwarded message ----------
From: Nick Boldt <nboldt@xxxxxxxxxx>
Date: Mon, Nov 27, 2017 at 3:18 PM
Subject: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
To: Elson Yuen <eyuen@xxxxxxxxxx>, Gorkem Ercan <gercan@xxxxxxxxxx>
Cc: Chuck Bridgham <cbridgha@xxxxxxxxxx>, Carl Anderson <ccc@xxxxxxxxxx>, Rob Stryker <stryker@xxxxxxxxxx>
Recently, I discovered that the WTP 3.9.2.RC1 build (as included in Oxygen.2.RC2) contains Jetty 9.4.5, which contains some tragic security flaws. Oxygen.2.RC2 contains a few vestigial Jetty 9.4.5 plugins, but not all of them as it has moved up to Jetty 9.4.7.
So, I'm wondering if there are any objections to having WTP 3.9.2.RC2 (and 3.10.M4) updated to use Jetty 9.4.7.
Here's my propsed fix for both branches:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=527813
Note that the gerrit verifications will fail until the change is applied in the parent pom, but I didn't want to apply that without first running it past you guys.
As a reminder, Oxygen.2.RC3 +2 is tomorrow, which means we have only 1 week to get this fix pushed, built, and smoke tested if we want it for RC4.
What do you think? Safe to merge?
Fixes for R3_9_maintenance:
https://git.eclipse.org/r/#/c/112367/1/wtp-parent/pom.xml (use Jetty 9.4.7)
then
https://git.eclipse.org/r/#/c/112366/
Fixes for master:
https://git.eclipse.org/r/#/c/112364/1/wtp-parent/pom.xml (use Jetty 9.4.7)
then
https://git.eclipse.org/r/#/c/112368/ (cherry-picked from R3_9_maintenance)
and
https://git.eclipse.org/r/#/c/112369/ (bump versions)
Nick
--
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com
TRIED. TESTED. TRUSTED.
@ @redhatnews Red Hat
--
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com
TRIED. TESTED. TRUSTED.
@ @redhatnews Red Hat___________________________
____________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://urldefense.proofpoint.com/v2/url?u=https-3A__dev. eclipse.org_mailman_listinfo_ wtp-2Dpmc&d=DwICAg&c=jf_ iaSHvJObTbx-siA1ZOg&r=2m2vadt_ yEvQYGyCQerPKQ&m= GFZ5hewIX5sxDhBiBNCiaU4QAVpfc0 F3pKKljNGlVVY&s= 9c3aJkB6negCXfdcdVFZrNMRgHypI8 -tDAQWr9b6Bf0&e=
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
--
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com
TRIED. TESTED. TRUSTED.
--
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.comhttps://urldefense.proofpoint.@ @redhatnews Red Hat___________________________
TRIED. TESTED. TRUSTED. ____________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visitcom/v2/url?u=https-3A__dev. eclipse.org_mailman_listinfo_ wtp-2Dpmc&d=DwICAg&c=jf_ iaSHvJObTbx-siA1ZOg&r=2m2vadt_ yEvQYGyCQerPKQ&m=XDCdr- g0jBumulvA1P3Tk9qoAGekzswQFW- MON1Z5c0&s= qiIiTtlfrGFuKh3Mdy9ClJszV1IBE_ NS0AJCOFj3DlM&e=
_______________________________________________ https://urldefense.proofpoint.
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visitcom/v2/url?u=https-3A__dev. eclipse.org_mailman_listinfo_ wtp-2Dpmc&d=DwICAg&c=jf_ iaSHvJObTbx-siA1ZOg&r= 6JCYBixIS0G6Rj43h5xZSA&m=q79n_ j7rOKAYNIoQKbaI7FzD7gfSwhkCWHM E6EzXaSA&s=oid_ Mrd6DO4x2KU2fOfLW_sM6_xlGAD7L- 1LRe-1XpA&e=
_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/wtp-pmc
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com
