You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Francois Papon <fr...@openobject.fr> on 2022/03/02 08:17:09 UTC
[VOTE] Release Apache Shiro 1.9.0
This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
We solved 20 issues for 1.9.0:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639 <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639>
Bug
[SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in the same Configuration
[SHIRO-845] - Dependencies for test-jars missing
Improvement
[SHIRO-804] - Avoid conflicts with spring boot aop
[SHIRO-836] - Delete jsecurty-sample.jks
[SHIRO-838] - Create SHA512-Hashes
[SHIRO-846] - Creation of site takes very long time
[SHIRO-848] - Relative Path in pom.xml is not needed
[SHIRO-850] - The profile name jdk19-plus is misleading
[SHIRO-851] - Handling properties for compile/enconding vs. default configurations of plugins
[SHIRO-852] - Configuration for maven-release-plugin prepationGoal should be changed
[SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are not in sync
[SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin can be reduced to default
[SHIRO-860] - update logback to 1.2.10
[SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
Task
[SHIRO-841] - NullPointerException from SessionsSecurityManager.start()
[SHIRO-867] - Skip Deployment of integration-test and samples artifacts
Dependency upgrade
[SHIRO-828] - aspectj-maven-plugin 1.14.0
[SHIRO-842] - shiro-web depends on older log4j
[SHIRO-843] - Update maven-project-info-reports
[SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
The source to be voted upon:
https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
Staging repo for binaries:
https://repository.apache.org/content/repositories/orgapacheshiro-1038
Project website (just for informational purposes, not to be voted upon):
http://shiro.apache.org/
Guide to testing staged releases:
http://maven.apache.org/guides/development/guide-testing-releases.html
Vote open for 72 hours. Please examine the source and binaries before voting.
[ ] +1
[ ] +0
[ ] -1 (please include reasoning)
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
+1 (binding)
Regards
JB
On Wed, Mar 2, 2022 at 9:17 AM Francois Papon <fr...@openobject.fr>
wrote:
> This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>
> We solved 20 issues for 1.9.0:
>
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> <
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> >
>
> Bug
>
> [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
> the same Configuration
> [SHIRO-845] - Dependencies for test-jars missing
>
> Improvement
>
> [SHIRO-804] - Avoid conflicts with spring boot aop
> [SHIRO-836] - Delete jsecurty-sample.jks
> [SHIRO-838] - Create SHA512-Hashes
> [SHIRO-846] - Creation of site takes very long time
> [SHIRO-848] - Relative Path in pom.xml is not needed
> [SHIRO-850] - The profile name jdk19-plus is misleading
> [SHIRO-851] - Handling properties for compile/enconding vs. default
> configurations of plugins
> [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> should be changed
> [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
> not in sync
> [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
> can be reduced to default
> [SHIRO-860] - update logback to 1.2.10
> [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>
> Task
>
> [SHIRO-841] - NullPointerException from
> SessionsSecurityManager.start()
> [SHIRO-867] - Skip Deployment of integration-test and samples
> artifacts
>
> Dependency upgrade
>
> [SHIRO-828] - aspectj-maven-plugin 1.14.0
> [SHIRO-842] - shiro-web depends on older log4j
> [SHIRO-843] - Update maven-project-info-reports
> [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>
>
> The source to be voted upon:
> https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>
> Staging repo for binaries:
> https://repository.apache.org/content/repositories/orgapacheshiro-1038
>
> Project website (just for informational purposes, not to be voted upon):
> http://shiro.apache.org/
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours. Please examine the source and binaries before
> voting.
>
> [ ] +1
> [ ] +0
> [ ] -1 (please include reasoning)
>
>
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Benjamin Marwell <bm...@apache.org>.
Hi JB,
I am pretty sure it is a strong requirement.
For all of our last releases, the announcement mail got bounced back,
because we didn't provide those hashes.
They are also listed on the "verify" page:
https://www.apache.org/info/verification.html
It is also required for "release download pages":
https://infra.apache.org/release-download-pages.html
Although the current version does not mention hashes anymore (the
previous version did).
- Ben
Am Do., 3. März 2022 um 08:03 Uhr schrieb Jean-Baptiste Onofré
<jb...@nanthrax.net>:
>
> Hi,
>
> From an Apache standpoint, there are no strong requirements with a particular hash, but it's required to have any mechanism to verify source artifacts.
> So, as it's an easy fix, I agree that it would be better to cancel this vote to include sha512 hash on source artifacts.
>
> Regards
> JB
>
> On Wed, Mar 2, 2022 at 9:44 PM Benjamin Marwell <bm...@apache.org> wrote:
>>
>> -1, sadly, because:
>>
>> [SHIRO-838] - Create SHA512-Hashes
>>
>> They are not attached.
>> However, those hashes are required by the ASF (sha256 and sha512 to be
>> exact).
>> We currently have none of those attached.
>>
>> François and I found out we were using an outdated version of the Apache
>> parent pom.
>>
>> So we need to:
>> 1. Update to a later Apache parent pom
>> 2. Add sha256 in the configuration
>>
>> This shouldn't be much work though.
>>
>> - Ben
>>
>> On Wed, 2 Mar 2022, 09:17 Francois Papon, <fr...@openobject.fr>
>> wrote:
>>
>> > This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>> >
>> > We solved 20 issues for 1.9.0:
>> >
>> >
>> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
>> > <
>> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
>> > >
>> >
>> > Bug
>> >
>> > [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
>> > the same Configuration
>> > [SHIRO-845] - Dependencies for test-jars missing
>> >
>> > Improvement
>> >
>> > [SHIRO-804] - Avoid conflicts with spring boot aop
>> > [SHIRO-836] - Delete jsecurty-sample.jks
>> > [SHIRO-838] - Create SHA512-Hashes
>> > [SHIRO-846] - Creation of site takes very long time
>> > [SHIRO-848] - Relative Path in pom.xml is not needed
>> > [SHIRO-850] - The profile name jdk19-plus is misleading
>> > [SHIRO-851] - Handling properties for compile/enconding vs. default
>> > configurations of plugins
>> > [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
>> > should be changed
>> > [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
>> > not in sync
>> > [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
>> > can be reduced to default
>> > [SHIRO-860] - update logback to 1.2.10
>> > [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>> >
>> > Task
>> >
>> > [SHIRO-841] - NullPointerException from
>> > SessionsSecurityManager.start()
>> > [SHIRO-867] - Skip Deployment of integration-test and samples
>> > artifacts
>> >
>> > Dependency upgrade
>> >
>> > [SHIRO-828] - aspectj-maven-plugin 1.14.0
>> > [SHIRO-842] - shiro-web depends on older log4j
>> > [SHIRO-843] - Update maven-project-info-reports
>> > [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>> >
>> >
>> > The source to be voted upon:
>> > https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>> >
>> > Staging repo for binaries:
>> > https://repository.apache.org/content/repositories/orgapacheshiro-1038
>> >
>> > Project website (just for informational purposes, not to be voted upon):
>> > http://shiro.apache.org/
>> >
>> > Guide to testing staged releases:
>> > http://maven.apache.org/guides/development/guide-testing-releases.html
>> >
>> > Vote open for 72 hours. Please examine the source and binaries before
>> > voting.
>> >
>> > [ ] +1
>> > [ ] +0
>> > [ ] -1 (please include reasoning)
>> >
>> >
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Benjamin Marwell <bm...@apache.org>.
Hi JB,
I am pretty sure it is a strong requirement.
For all of our last releases, the announcement mail got bounced back,
because we didn't provide those hashes.
They are also listed on the "verify" page:
https://www.apache.org/info/verification.html
It is also required for "release download pages":
https://infra.apache.org/release-download-pages.html
Although the current version does not mention hashes anymore (the
previous version did).
- Ben
Am Do., 3. März 2022 um 08:03 Uhr schrieb Jean-Baptiste Onofré
<jb...@nanthrax.net>:
>
> Hi,
>
> From an Apache standpoint, there are no strong requirements with a particular hash, but it's required to have any mechanism to verify source artifacts.
> So, as it's an easy fix, I agree that it would be better to cancel this vote to include sha512 hash on source artifacts.
>
> Regards
> JB
>
> On Wed, Mar 2, 2022 at 9:44 PM Benjamin Marwell <bm...@apache.org> wrote:
>>
>> -1, sadly, because:
>>
>> [SHIRO-838] - Create SHA512-Hashes
>>
>> They are not attached.
>> However, those hashes are required by the ASF (sha256 and sha512 to be
>> exact).
>> We currently have none of those attached.
>>
>> François and I found out we were using an outdated version of the Apache
>> parent pom.
>>
>> So we need to:
>> 1. Update to a later Apache parent pom
>> 2. Add sha256 in the configuration
>>
>> This shouldn't be much work though.
>>
>> - Ben
>>
>> On Wed, 2 Mar 2022, 09:17 Francois Papon, <fr...@openobject.fr>
>> wrote:
>>
>> > This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>> >
>> > We solved 20 issues for 1.9.0:
>> >
>> >
>> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
>> > <
>> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
>> > >
>> >
>> > Bug
>> >
>> > [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
>> > the same Configuration
>> > [SHIRO-845] - Dependencies for test-jars missing
>> >
>> > Improvement
>> >
>> > [SHIRO-804] - Avoid conflicts with spring boot aop
>> > [SHIRO-836] - Delete jsecurty-sample.jks
>> > [SHIRO-838] - Create SHA512-Hashes
>> > [SHIRO-846] - Creation of site takes very long time
>> > [SHIRO-848] - Relative Path in pom.xml is not needed
>> > [SHIRO-850] - The profile name jdk19-plus is misleading
>> > [SHIRO-851] - Handling properties for compile/enconding vs. default
>> > configurations of plugins
>> > [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
>> > should be changed
>> > [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
>> > not in sync
>> > [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
>> > can be reduced to default
>> > [SHIRO-860] - update logback to 1.2.10
>> > [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>> >
>> > Task
>> >
>> > [SHIRO-841] - NullPointerException from
>> > SessionsSecurityManager.start()
>> > [SHIRO-867] - Skip Deployment of integration-test and samples
>> > artifacts
>> >
>> > Dependency upgrade
>> >
>> > [SHIRO-828] - aspectj-maven-plugin 1.14.0
>> > [SHIRO-842] - shiro-web depends on older log4j
>> > [SHIRO-843] - Update maven-project-info-reports
>> > [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>> >
>> >
>> > The source to be voted upon:
>> > https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>> >
>> > Staging repo for binaries:
>> > https://repository.apache.org/content/repositories/orgapacheshiro-1038
>> >
>> > Project website (just for informational purposes, not to be voted upon):
>> > http://shiro.apache.org/
>> >
>> > Guide to testing staged releases:
>> > http://maven.apache.org/guides/development/guide-testing-releases.html
>> >
>> > Vote open for 72 hours. Please examine the source and binaries before
>> > voting.
>> >
>> > [ ] +1
>> > [ ] +0
>> > [ ] -1 (please include reasoning)
>> >
>> >
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi,
From an Apache standpoint, there are no strong requirements with a
particular hash, but it's required to have any mechanism to verify source
artifacts.
So, as it's an easy fix, I agree that it would be better to cancel this
vote to include sha512 hash on source artifacts.
Regards
JB
On Wed, Mar 2, 2022 at 9:44 PM Benjamin Marwell <bm...@apache.org> wrote:
> -1, sadly, because:
>
> [SHIRO-838] - Create SHA512-Hashes
>
> They are not attached.
> However, those hashes are required by the ASF (sha256 and sha512 to be
> exact).
> We currently have none of those attached.
>
> François and I found out we were using an outdated version of the Apache
> parent pom.
>
> So we need to:
> 1. Update to a later Apache parent pom
> 2. Add sha256 in the configuration
>
> This shouldn't be much work though.
>
> - Ben
>
> On Wed, 2 Mar 2022, 09:17 Francois Papon, <fr...@openobject.fr>
> wrote:
>
> > This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
> >
> > We solved 20 issues for 1.9.0:
> >
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> > <
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> > >
> >
> > Bug
> >
> > [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
> > the same Configuration
> > [SHIRO-845] - Dependencies for test-jars missing
> >
> > Improvement
> >
> > [SHIRO-804] - Avoid conflicts with spring boot aop
> > [SHIRO-836] - Delete jsecurty-sample.jks
> > [SHIRO-838] - Create SHA512-Hashes
> > [SHIRO-846] - Creation of site takes very long time
> > [SHIRO-848] - Relative Path in pom.xml is not needed
> > [SHIRO-850] - The profile name jdk19-plus is misleading
> > [SHIRO-851] - Handling properties for compile/enconding vs. default
> > configurations of plugins
> > [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> > should be changed
> > [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
> > not in sync
> > [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
> > can be reduced to default
> > [SHIRO-860] - update logback to 1.2.10
> > [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
> >
> > Task
> >
> > [SHIRO-841] - NullPointerException from
> > SessionsSecurityManager.start()
> > [SHIRO-867] - Skip Deployment of integration-test and samples
> > artifacts
> >
> > Dependency upgrade
> >
> > [SHIRO-828] - aspectj-maven-plugin 1.14.0
> > [SHIRO-842] - shiro-web depends on older log4j
> > [SHIRO-843] - Update maven-project-info-reports
> > [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
> >
> >
> > The source to be voted upon:
> > https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
> >
> > Staging repo for binaries:
> > https://repository.apache.org/content/repositories/orgapacheshiro-1038
> >
> > Project website (just for informational purposes, not to be voted upon):
> > http://shiro.apache.org/
> >
> > Guide to testing staged releases:
> > http://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for 72 hours. Please examine the source and binaries before
> > voting.
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1 (please include reasoning)
> >
> >
>
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi,
From an Apache standpoint, there are no strong requirements with a
particular hash, but it's required to have any mechanism to verify source
artifacts.
So, as it's an easy fix, I agree that it would be better to cancel this
vote to include sha512 hash on source artifacts.
Regards
JB
On Wed, Mar 2, 2022 at 9:44 PM Benjamin Marwell <bm...@apache.org> wrote:
> -1, sadly, because:
>
> [SHIRO-838] - Create SHA512-Hashes
>
> They are not attached.
> However, those hashes are required by the ASF (sha256 and sha512 to be
> exact).
> We currently have none of those attached.
>
> François and I found out we were using an outdated version of the Apache
> parent pom.
>
> So we need to:
> 1. Update to a later Apache parent pom
> 2. Add sha256 in the configuration
>
> This shouldn't be much work though.
>
> - Ben
>
> On Wed, 2 Mar 2022, 09:17 Francois Papon, <fr...@openobject.fr>
> wrote:
>
> > This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
> >
> > We solved 20 issues for 1.9.0:
> >
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> > <
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> > >
> >
> > Bug
> >
> > [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
> > the same Configuration
> > [SHIRO-845] - Dependencies for test-jars missing
> >
> > Improvement
> >
> > [SHIRO-804] - Avoid conflicts with spring boot aop
> > [SHIRO-836] - Delete jsecurty-sample.jks
> > [SHIRO-838] - Create SHA512-Hashes
> > [SHIRO-846] - Creation of site takes very long time
> > [SHIRO-848] - Relative Path in pom.xml is not needed
> > [SHIRO-850] - The profile name jdk19-plus is misleading
> > [SHIRO-851] - Handling properties for compile/enconding vs. default
> > configurations of plugins
> > [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> > should be changed
> > [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
> > not in sync
> > [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
> > can be reduced to default
> > [SHIRO-860] - update logback to 1.2.10
> > [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
> >
> > Task
> >
> > [SHIRO-841] - NullPointerException from
> > SessionsSecurityManager.start()
> > [SHIRO-867] - Skip Deployment of integration-test and samples
> > artifacts
> >
> > Dependency upgrade
> >
> > [SHIRO-828] - aspectj-maven-plugin 1.14.0
> > [SHIRO-842] - shiro-web depends on older log4j
> > [SHIRO-843] - Update maven-project-info-reports
> > [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
> >
> >
> > The source to be voted upon:
> > https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
> >
> > Staging repo for binaries:
> > https://repository.apache.org/content/repositories/orgapacheshiro-1038
> >
> > Project website (just for informational purposes, not to be voted upon):
> > http://shiro.apache.org/
> >
> > Guide to testing staged releases:
> > http://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for 72 hours. Please examine the source and binaries before
> > voting.
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1 (please include reasoning)
> >
> >
>
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Benjamin Marwell <bm...@apache.org>.
-1, sadly, because:
[SHIRO-838] - Create SHA512-Hashes
They are not attached.
However, those hashes are required by the ASF (sha256 and sha512 to be
exact).
We currently have none of those attached.
François and I found out we were using an outdated version of the Apache
parent pom.
So we need to:
1. Update to a later Apache parent pom
2. Add sha256 in the configuration
This shouldn't be much work though.
- Ben
On Wed, 2 Mar 2022, 09:17 Francois Papon, <fr...@openobject.fr>
wrote:
> This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>
> We solved 20 issues for 1.9.0:
>
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> <
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> >
>
> Bug
>
> [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
> the same Configuration
> [SHIRO-845] - Dependencies for test-jars missing
>
> Improvement
>
> [SHIRO-804] - Avoid conflicts with spring boot aop
> [SHIRO-836] - Delete jsecurty-sample.jks
> [SHIRO-838] - Create SHA512-Hashes
> [SHIRO-846] - Creation of site takes very long time
> [SHIRO-848] - Relative Path in pom.xml is not needed
> [SHIRO-850] - The profile name jdk19-plus is misleading
> [SHIRO-851] - Handling properties for compile/enconding vs. default
> configurations of plugins
> [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> should be changed
> [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
> not in sync
> [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
> can be reduced to default
> [SHIRO-860] - update logback to 1.2.10
> [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>
> Task
>
> [SHIRO-841] - NullPointerException from
> SessionsSecurityManager.start()
> [SHIRO-867] - Skip Deployment of integration-test and samples
> artifacts
>
> Dependency upgrade
>
> [SHIRO-828] - aspectj-maven-plugin 1.14.0
> [SHIRO-842] - shiro-web depends on older log4j
> [SHIRO-843] - Update maven-project-info-reports
> [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>
>
> The source to be voted upon:
> https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>
> Staging repo for binaries:
> https://repository.apache.org/content/repositories/orgapacheshiro-1038
>
> Project website (just for informational purposes, not to be voted upon):
> http://shiro.apache.org/
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours. Please examine the source and binaries before
> voting.
>
> [ ] +1
> [ ] +0
> [ ] -1 (please include reasoning)
>
>
[CANCEL][VOTE] Release Apache Shiro 1.9.0
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
As Benjamin said for the hash problem, we need to cancel this vote.
We will prepare a new release including:
1. Update to a later Apache parent pom
2. Add sha256 in the configuration
Regards,
François
On 02/03/2022 09:17, Francois Papon wrote:
> This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>
> We solved 20 issues for 1.9.0:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639>
>
>
> Bug
>
> [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail
> in the same Configuration
> [SHIRO-845] - Dependencies for test-jars missing
>
> Improvement
>
> [SHIRO-804] - Avoid conflicts with spring boot aop
> [SHIRO-836] - Delete jsecurty-sample.jks
> [SHIRO-838] - Create SHA512-Hashes
> [SHIRO-846] - Creation of site takes very long time
> [SHIRO-848] - Relative Path in pom.xml is not needed
> [SHIRO-850] - The profile name jdk19-plus is misleading
> [SHIRO-851] - Handling properties for compile/enconding vs.
> default configurations of plugins
> [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> should be changed
> [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin
> are not in sync
> [SHIRO-854] - Konfiguration includes/excludes
> maven-failsafe-plugin can be reduced to default
> [SHIRO-860] - update logback to 1.2.10
> [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>
> Task
>
> [SHIRO-841] - NullPointerException from
> SessionsSecurityManager.start()
> [SHIRO-867] - Skip Deployment of integration-test and samples
> artifacts
>
> Dependency upgrade
>
> [SHIRO-828] - aspectj-maven-plugin 1.14.0
> [SHIRO-842] - shiro-web depends on older log4j
> [SHIRO-843] - Update maven-project-info-reports
> [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>
>
> The source to be voted upon:
> https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>
> Staging repo for binaries:
> https://repository.apache.org/content/repositories/orgapacheshiro-1038
>
> Project website (just for informational purposes, not to be voted upon):
> http://shiro.apache.org/
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours. Please examine the source and binaries before
> voting.
>
> [ ] +1
> [ ] +0
> [ ] -1 (please include reasoning)
>
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
+1 (binding)
Regards
JB
On Wed, Mar 2, 2022 at 9:17 AM Francois Papon <fr...@openobject.fr>
wrote:
> This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>
> We solved 20 issues for 1.9.0:
>
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> <
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> >
>
> Bug
>
> [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
> the same Configuration
> [SHIRO-845] - Dependencies for test-jars missing
>
> Improvement
>
> [SHIRO-804] - Avoid conflicts with spring boot aop
> [SHIRO-836] - Delete jsecurty-sample.jks
> [SHIRO-838] - Create SHA512-Hashes
> [SHIRO-846] - Creation of site takes very long time
> [SHIRO-848] - Relative Path in pom.xml is not needed
> [SHIRO-850] - The profile name jdk19-plus is misleading
> [SHIRO-851] - Handling properties for compile/enconding vs. default
> configurations of plugins
> [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> should be changed
> [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
> not in sync
> [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
> can be reduced to default
> [SHIRO-860] - update logback to 1.2.10
> [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>
> Task
>
> [SHIRO-841] - NullPointerException from
> SessionsSecurityManager.start()
> [SHIRO-867] - Skip Deployment of integration-test and samples
> artifacts
>
> Dependency upgrade
>
> [SHIRO-828] - aspectj-maven-plugin 1.14.0
> [SHIRO-842] - shiro-web depends on older log4j
> [SHIRO-843] - Update maven-project-info-reports
> [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>
>
> The source to be voted upon:
> https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>
> Staging repo for binaries:
> https://repository.apache.org/content/repositories/orgapacheshiro-1038
>
> Project website (just for informational purposes, not to be voted upon):
> http://shiro.apache.org/
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours. Please examine the source and binaries before
> voting.
>
> [ ] +1
> [ ] +0
> [ ] -1 (please include reasoning)
>
>
[CANCEL][VOTE] Release Apache Shiro 1.9.0
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
As Benjamin said for the hash problem, we need to cancel this vote.
We will prepare a new release including:
1. Update to a later Apache parent pom
2. Add sha256 in the configuration
Regards,
François
On 02/03/2022 09:17, Francois Papon wrote:
> This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>
> We solved 20 issues for 1.9.0:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639>
>
>
> Bug
>
> [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail
> in the same Configuration
> [SHIRO-845] - Dependencies for test-jars missing
>
> Improvement
>
> [SHIRO-804] - Avoid conflicts with spring boot aop
> [SHIRO-836] - Delete jsecurty-sample.jks
> [SHIRO-838] - Create SHA512-Hashes
> [SHIRO-846] - Creation of site takes very long time
> [SHIRO-848] - Relative Path in pom.xml is not needed
> [SHIRO-850] - The profile name jdk19-plus is misleading
> [SHIRO-851] - Handling properties for compile/enconding vs.
> default configurations of plugins
> [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> should be changed
> [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin
> are not in sync
> [SHIRO-854] - Konfiguration includes/excludes
> maven-failsafe-plugin can be reduced to default
> [SHIRO-860] - update logback to 1.2.10
> [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>
> Task
>
> [SHIRO-841] - NullPointerException from
> SessionsSecurityManager.start()
> [SHIRO-867] - Skip Deployment of integration-test and samples
> artifacts
>
> Dependency upgrade
>
> [SHIRO-828] - aspectj-maven-plugin 1.14.0
> [SHIRO-842] - shiro-web depends on older log4j
> [SHIRO-843] - Update maven-project-info-reports
> [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>
>
> The source to be voted upon:
> https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>
> Staging repo for binaries:
> https://repository.apache.org/content/repositories/orgapacheshiro-1038
>
> Project website (just for informational purposes, not to be voted upon):
> http://shiro.apache.org/
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours. Please examine the source and binaries before
> voting.
>
> [ ] +1
> [ ] +0
> [ ] -1 (please include reasoning)
>
Re: [VOTE] Release Apache Shiro 1.9.0
Posted by Benjamin Marwell <bm...@apache.org>.
-1, sadly, because:
[SHIRO-838] - Create SHA512-Hashes
They are not attached.
However, those hashes are required by the ASF (sha256 and sha512 to be
exact).
We currently have none of those attached.
François and I found out we were using an outdated version of the Apache
parent pom.
So we need to:
1. Update to a later Apache parent pom
2. Add sha256 in the configuration
This shouldn't be much work though.
- Ben
On Wed, 2 Mar 2022, 09:17 Francois Papon, <fr...@openobject.fr>
wrote:
> This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>
> We solved 20 issues for 1.9.0:
>
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> <
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12350639
> >
>
> Bug
>
> [SHIRO-829] - beanPostProcessor and FactoryBean cause aop to fail in
> the same Configuration
> [SHIRO-845] - Dependencies for test-jars missing
>
> Improvement
>
> [SHIRO-804] - Avoid conflicts with spring boot aop
> [SHIRO-836] - Delete jsecurty-sample.jks
> [SHIRO-838] - Create SHA512-Hashes
> [SHIRO-846] - Creation of site takes very long time
> [SHIRO-848] - Relative Path in pom.xml is not needed
> [SHIRO-850] - The profile name jdk19-plus is misleading
> [SHIRO-851] - Handling properties for compile/enconding vs. default
> configurations of plugins
> [SHIRO-852] - Configuration for maven-release-plugin prepationGoal
> should be changed
> [SHIRO-853] - Versions of maven-surefire/failsafe/report plugin are
> not in sync
> [SHIRO-854] - Konfiguration includes/excludes maven-failsafe-plugin
> can be reduced to default
> [SHIRO-860] - update logback to 1.2.10
> [SHIRO-862] - Replace Google Analytics with Matomo for new Javadocs
>
> Task
>
> [SHIRO-841] - NullPointerException from
> SessionsSecurityManager.start()
> [SHIRO-867] - Skip Deployment of integration-test and samples
> artifacts
>
> Dependency upgrade
>
> [SHIRO-828] - aspectj-maven-plugin 1.14.0
> [SHIRO-842] - shiro-web depends on older log4j
> [SHIRO-843] - Update maven-project-info-reports
> [SHIRO-844] - Update maven-javadoc-plugin to 3.3.1
>
>
> The source to be voted upon:
> https://github.com/apache/shiro/tree/shiro-root-1.9.0-release-vote1
>
> Staging repo for binaries:
> https://repository.apache.org/content/repositories/orgapacheshiro-1038
>
> Project website (just for informational purposes, not to be voted upon):
> http://shiro.apache.org/
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72 hours. Please examine the source and binaries before
> voting.
>
> [ ] +1
> [ ] +0
> [ ] -1 (please include reasoning)
>
>