December 2015 - java-sig-commits - Fedora Mailing-Lists

[Bug 1238245] New: maven-ear-plugin-2.10.1 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1238245 Bug ID: 1238245 Summary: maven-ear-plugin-2.10.1 is available Product: Fedora Version: rawhide Component: maven-ear-plugin Keywords: FutureFeature, Triaged Assignee: huwang(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: huwang(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org Latest upstream release: 2.10.1 Current version/release in rawhide: 2.10-2.fc23 URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-ear-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=noRQkekdeg&a=cc_unsubscribe

5 years, 11 months

2
4
0 / 0

[Bug 1291292] New: CVE-2015-5254 activemq: unsafe deserialization

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1291292 Bug ID: 1291292 Summary: CVE-2015-5254 activemq: unsafe deserialization Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: abhgupta(a)redhat.com, agrimm(a)redhat.com, aileenc(a)redhat.com, ccoleman(a)redhat.com, chazlett(a)redhat.com, dmcphers(a)redhat.com, gvarsami(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, jialiu(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, ldimaggi(a)redhat.com, lmeyer(a)redhat.com, mmccomas(a)redhat.com, nwallace(a)redhat.com, pavelp(a)redhat.com, puntogil(a)libero.it, rwagner(a)redhat.com, soa-p-jira(a)post-office.corp.redhat.com, s(a)shk.io, tcunning(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com, tkirby(a)redhat.com JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message transformation. As deserialization of untrusted data can leaed to security flaws as demonstrated in various reports, this leaves the broker vunerable to this attack vector. Additionally, applications that consume ObjectMessage type of messages can be vunerable as they deserlize objects on ObjectMessage.getObject() calls. This issue was fixed upstream in Apache ActiveMQ 5.13.0. Additionally, when using ObjectMessage message type, you need to explicitly list trusted packages. To see how to do that, please take a look at: http://activemq.apache.org/objectmessage.html External References: http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announc... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gmTDQZJf60&a=cc_unsubscribe

5 years, 11 months

2
39
0 / 0

[Bug 977249] New: htmlcleaner-2.5 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=977249 Bug ID: 977249 Summary: htmlcleaner-2.5 is available Product: Fedora Version: rawhide Component: htmlcleaner Keywords: FutureFeature, Triaged Severity: unspecified Priority: unspecified Assignee: Marcin.Dulak(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: bjoern.esser(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, Marcin.Dulak(a)gmail.com Latest upstream release: 2.5 Current version/release in Fedora Rawhide: 2.2.1-2.fc20 URL: http://sourceforge.net/api/file/index/project-name/htmlcleaner/mtime/desc... Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=B0wPSZFa2g&a=cc_unsubscribe

6 years

2
46
0 / 0

[Bug 958733] New: plexus-utils: suspicious shell quoting in org.codehaus.plexus.util.cli

by Red Hat Bugzilla

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=958733 Bug ID: 958733 Summary: plexus-utils: suspicious shell quoting in org.codehaus.plexus.util.cli Product: Fedora Version: 18 Component: plexus-utils Severity: unspecified Priority: unspecified Assignee: fnasser(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Blocks: 958220 Category: --- The shell quoting logic in this package (and the org.codehaus.plexus.util.cli.shell) package looks fairly dangerous. It appears to be mostly dead code. Client code should be migrated to java.lang.ProcessBuilder. The different quoting options (single quotes, double quotes) are difficult to get right, and the reference to StringUtils is not particularly helpful because the caller has to provide the correct set of characters to be escaped, which is platform-dependent. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JhGrfK5sg6&a=cc_unsubscribe

6 years, 3 months

2
10
0 / 0

[Bug 1268242] New: solr-5.3.1 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1268242 Bug ID: 1268242 Summary: solr-5.3.1 is available Product: Fedora Version: rawhide Component: solr Assignee: puntogil(a)libero.it Reporter: puntogil(a)libero.it QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Latest upstream release: 5.3.1 Current version/release in rawhide: 5.3.0-1.fc24 URL: http://www.apache.org/dist/lucene/solr Please, consider upgrading -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=FSln2KmW6z&a=cc_unsubscribe

6 years, 4 months

2
32
0 / 0

[Bug 1098424] New: tycho: Java class bundling/"static linking"

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1098424 Bug ID: 1098424 Summary: tycho: Java class bundling/"static linking" Product: Fedora Version: rawhide Component: tycho Assignee: rgrunber(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, rgrunber(a)redhat.com Blocks: 1098237 tycho-0.20.0-6.fc21.noarch bundles many class files which are also available from other Fedora packages. Here are a few examples: /usr/share/java/tycho/org.eclipse.tycho.surefire.junit.jar contains org/apache/maven/surefire/common/junit3/JUnit3Reflector, also part of maven-surefire-provider-junit-0:2.17-1.fc21.noarch. /usr/share/java/tycho/org.eclipse.tycho.surefire.junit4.jar contains org/apache/maven/surefire/common/junit3/JUnit3TestChecker, also from maven-surefire-provider-junit-0:2.17-1.fc21.noarch. /usr/share/java/tycho/org.eclipse.tycho.surefire.osgibooter.jar contains the class org/codehaus/plexus/util/AbstractScanner, which is part of plexus-utils-3.0.16-2.fc21.noarch. /usr/share/java/tycho/tycho-bundles-external.zip contains org/apache/commons/logging/Log from apache-commons-logging-1.1.3-11.fc21.noarch, org/apache/commons/codec/BinaryDecoder from apache-commons-codec-1.9-2.fc21.noarch, org/apache/http/auth/AUTH from httpcomponents-client-4.3.3-1.fc21.noarch, org/apache/http/ConnectionClosedException from httpcomponents-core-4.3.2-1.fc21.noarch, org/sat4j/AbstractLauncher from sat4j-2.3.5-3.fc21.noarch. It seems that at least some of these class files are copied from build dependencies into the JAR files of the tycho RPM. Such bundling/static linking is against the Fedora packaging guidelines, specifically <http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries>. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1098237 [Bug 1098237] Java "static linking"/class bundling in Fedora -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Ws5wsBGzEs&a=cc_unsubscribe

6 years, 4 months

2
8
0 / 0

[Bug 1234368] New: gem-maven-plugin failed to resolve jruby stdlib artifact

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1234368 Bug ID: 1234368 Summary: gem-maven-plugin failed to resolve jruby stdlib artifact Product: Fedora Version: rawhide Component: jruby-maven-plugins Assignee: msrb(a)redhat.com Reporter: puntogil(a)libero.it QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com [ERROR] Failed to execute goal de.saumya.mojo:gem-maven-plugin:1.0.10:initialize (default) on project polyglot-ruby: failed to resolve jruby stdlib artifact -> [Help 1] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=edDONMJNM7&a=cc_unsubscribe

6 years, 4 months

2
10
0 / 0

[Bug 1222940] New: tesla-polyglot: build ruby module

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1222940 Bug ID: 1222940 Summary: tesla-polyglot: build ruby module Product: Fedora Version: rawhide Component: tesla-polyglot Assignee: puntogil(a)libero.it Reporter: msrb(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Description of problem: Please build also ruby module. It's needed by jruby-maven-plugins. Thanks. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AELku4xSeb&a=cc_unsubscribe

6 years, 4 months

2
9
0 / 0

[Bug 1255806] New: curator-2.8.0 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1255806 Bug ID: 1255806 Summary: curator-2.8.0 is available Product: Fedora Version: rawhide Component: curator Assignee: tstclair(a)redhat.com Reporter: puntogil(a)libero.it QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, tstclair(a)redhat.com Latest upstream release: 2.8.0 Current version/release in rawhide: 2.2.0-5.fc23 URL: http://www.apache.org/dist/curator Please, consider upgrading Build/Requires for hadoop-2.7.1 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=huhB7Z9bAI&a=cc_unsubscribe

6 years, 4 months

2
10
0 / 0

[Bug 1258695] New: antlr C parser generator is broken in 3.5

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1258695 Bug ID: 1258695 Summary: antlr C parser generator is broken in 3.5 Product: Fedora Version: 22 Component: antlr3 Severity: high Assignee: walters(a)redhat.com Reporter: orion(a)cora.nwra.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com, projects.rg(a)smart.ms, walters(a)redhat.com, xjakub(a)fi.muni.cz Description of problem: The C parser generator is broken in 3.5. See upstream report https://github.com/antlr/antlr3/issues/175 Version-Release number of selected component (if applicable): 3.5.2 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=W1iZweoIpq&a=cc_unsubscribe _______________________________________________ java-sig-commits mailing list java-sig-commits(a)lists.fedoraproject.org http://lists.fedoraproject.org/postorius/java-sig-commits@lists.fedorapro...

6 years, 4 months

2
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits December 2015