[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
|
Nick,
I was meant to merging the patch on the master stream and accidentally merged the R3_9_maintenance one (working on the wrong window). I, then, check the parent one https://git.eclipse.org/r/#/c/112367/ and that was not merged yet. Also, the PMC approval template (from https://wiki.eclipse.org/WTP_PMC_Defect_Review) has not been filled on the bug and the bug has not formally go through the PMC approval on the 3.9.2 stream yet. That's why I reverted the change and will merge once the PMC process has been fullfilled.
Would you mind to fill in the PMC approval template? I'll merge once it has been PMC approved.
Also, I merged the master stream ones:
https://git.eclipse.org/r/#/c/112368/
https://git.eclipse.org/r/#/c/112369/
Thanks,
Elson
-----------------------------------------------------------------
Elson Yuen, P.Eng.
WebSphere Server Tools and Bluemix Tools Architect
IBM Toronto Lab
Tel: (905) 413-2689, T/L: 313-2689
Nick Boldt ---2017/11/29 12:24:30 PM---Elson, I see you applied then reverted the change in R3_9_maintenance of
From: Nick Boldt <nboldt@xxxxxxxxxx>
To: "WTP PMC communications (including coordination, announcements, and Group discussions)" <wtp-pmc@xxxxxxxxxxx>
Date: 2017/11/29 12:24 PM
Subject: Re: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
Sent by: wtp-pmc-bounces@xxxxxxxxxxx
Elson,
I see you applied then reverted the change in R3_9_maintenance of webtools.servertools, 9 mins after merging my fix.
Are you working on a variation / fork of my solution?
Nick
On Wed, Nov 29, 2017 at 12:15 PM, Nick Boldt <
nboldt@xxxxxxxxxx> wrote:
Commented in the gerrit: "I didn't add apache.commons.logging. I just reordered the manifest.mf so the contents were alphabetically sequenced. #OCD"
Flags added:
pmc_approved: ?
review: ?
oxygen: +
I'd add a photon flag but I can't and I don't have bugzilla admin rights to add that.
(Related, I've seen in some wtp bugzilla components that there's no 3.10 target, but again, I can't add it.
Can someone grant me access to admin that, or else add it for me?)
On Wed, Nov 29, 2017 at 12:06 PM, Elson Yuen <eyuen@xxxxxxxxxx> wrote:
Nick,
I added a review comment to https://git.eclipse.org/r/#/c/112368/ . Also, would you mind to fill in the PMC approval template on that bug?
Thanks,
Elson
-----------------------------------------------------------------
Elson Yuen, P.Eng.
WebSphere Server Tools and Bluemix Tools Architect
IBM Toronto Lab
Tel: (905) 413-2689, T/L: 313-2689
Nick Boldt ---2017/11/29 11:35:26 AM---Copying PMC list for wider audience. Please review this suggested change. I've already implemented i
From: Nick Boldt <nboldt@xxxxxxxxxx>
To: WTP PMC communications <wtp-pmc@xxxxxxxxxxx>
Date: 2017/11/29 11:35 AM
Subject: [wtp-pmc] Fwd: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
Sent by: wtp-pmc-bounces@xxxxxxxxxxx
Copying PMC list for wider audience.
Please review this suggested change. I've already implemented it in master but need at least ONE +1 from SOMEONE before I go breaking R3_9 branch. :D
---------- Forwarded message ----------
From: Nick Boldt <nboldt@xxxxxxxxxx>
Date: Mon, Nov 27, 2017 at 3:18 PM
Subject: URGENT - please review! Move to Jetty 9.4.7 in R3_9_maintenance and master branches
To: Elson Yuen <eyuen@xxxxxxxxxx>, Gorkem Ercan <gercan@xxxxxxxxxx>
Cc: Chuck Bridgham <cbridgha@xxxxxxxxxx>, Carl Anderson <ccc@xxxxxxxxxx>, Rob Stryker <stryker@xxxxxxxxxx>
Recently, I discovered that the WTP 3.9.2.RC1 build (as included in Oxygen.2.RC2) contains Jetty 9.4.5, which contains some tragic security flaws. Oxygen.2.RC2 contains a few vestigial Jetty 9.4.5 plugins, but not all of them as it has moved up to Jetty 9.4.7.
So, I'm wondering if there are any objections to having WTP 3.9.2.RC2 (and 3.10.M4) updated to use Jetty 9.4.7.
Here's my propsed fix for both branches:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=527813
Note that the gerrit verifications will fail until the change is applied in the parent pom, but I didn't want to apply that without first running it past you guys.
As a reminder, Oxygen.2.RC3 +2 is tomorrow, which means we have only 1 week to get this fix pushed, built, and smoke tested if we want it for RC4.
What do you think? Safe to merge?
Fixes for R3_9_maintenance:
https://git.eclipse.org/r/#/c/112367/1/wtp-parent/pom.xml (use Jetty 9.4.7)
then
https://git.eclipse.org/r/#/c/112366/
Fixes for master:
https://git.eclipse.org/r/#/c/112364/1/wtp-parent/pom.xml (use Jetty 9.4.7)
then
https://git.eclipse.org/r/#/c/112368/ (cherry-picked from R3_9_maintenance)
and
https://git.eclipse.org/r/#/c/112369/ (bump versions)
Nick
--
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com
--
Nick Boldt
Senior Software Engineer, RHCSA
Productization Lead :: JBoss Tools & Dev Studio
IM: @nickboldt / @nboldt / http://nick.divbyzero.com
--
Nick BoldtSenior Software Engineer, RHCSAProductization Lead :: JBoss Tools & Dev StudioIM: @nickboldt / @nboldt / http://nick.divbyzero.com@ @redhatnews Red Hat_______________________________________________
wtp-pmc mailing list
wtp-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://urldefense.proofpoint.com/v2/url?u=https-3A__dev.eclipse.org_mailman_listinfo_wtp-2Dpmc&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=2m2vadt_yEvQYGyCQerPKQ&m=XDCdr-g0jBumulvA1P3Tk9qoAGekzswQFW-MON1Z5c0&s=qiIiTtlfrGFuKh3Mdy9ClJszV1IBE_NS0AJCOFj3DlM&e=
