You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fortress@directory.apache.org by Shawn McKinney <sm...@apache.org> on 2018/07/09 14:41:43 UTC
[VOTE] Apache Fortress 2.0.1 release
Hello,
I’m happy to announce that after a year’s worth of work we’ve managed to put together a new release. Just to set expectations, it won’t be another before the next one.
There are some interesting items that need out. Yudhi’s High availability being one of them.
Also I should mention a few patches security related, i.e. ++versions on artifacts from apache cxf and others which make this release particularly important.
For those new to *testing* Fortress releases, I highly recommend using one of the DOCKER quick starts listed below. Run the steps up to and including ‘integration tests’. On a linux machine that has preqs (docker, java8, mvn, git) should take < 10 minutes to complete. Do not hesitate to prompt me on our ml if you have questions or doubts.
Lastly, apologize in advance. Wrt to improving the fortress source bundling/staging to simplify *your* job testing the releases. Both Stefan and Colm kindly offered suggestions last year, but the ball got dropped. We’ll get ‘er right by next time.
Now the release…
*********************
This is an announcement to vote for the next Apache Directory Fortress.
The version, 2.0.1, has a tag created in git: ‘2.0.1’.
and the sources may be pulled using git commands:
git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git
git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git
git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git
git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git
with their associated checksums:
- core: 4009d2d0a5cc7b6d2a5a2e744a7dabab52c64e65
- realm: dc23b6cbb93d1d0e998f0dcd03e7665df8c97475
- rest: 1189b666a66176731c745c7c8be984f76f59a76d
- web: 0423ea8b8dc3a6a410e84908ba9272661bcadb63
Or, source distros may be downloaded from this location:
http://home.apache.org/~smckinney/
The staging repos on Nexus:
- core: https://repository.apache.org/content/repositories/orgapachedirectory-1159
- realm: https://repository.apache.org/content/repositories/orgapachedirectory-1160
- rest: https://repository.apache.org/content/repositories/orgapachedirectory-1161
- web: https://repository.apache.org/content/repositories/orgapachedirectory-1162
Test using one of these:
* https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-APACHEDS.md
* https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md
* https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md
* https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md
- Choose one of the above. Complete (only) the sections leading up to and including the SECTION entitled: 'Apache Fortress Core Integration Test’
- Choose the docker quickstart & save time. Won't have to install an LDAP server for the integration tests.
2.0.1 includes:
* Update to use Apache LDAP API v1.0.2
* FC-235 Add support for runtime constraints to be placed on activated roles
* FC-102 [fortress-web] fix problems with group page
* FC-108 Add support for RFC2307 BIS
* FC-217 Option to disable role occupants
* FC-226 ehcache masking security exceptions
* FC-227 Exclude xml-apis from LDAP api
* FC-228 [fortress-rest] CVE-2017-12624: Apache CXF web services that process attachments are vulnerable to Denial of Service (DoS) attacks
* FC-233 [FORTRESS-REST] Upgrade to Spring 5 and latest CXF
* FC-232 [fortress-web] to Spring 5 and Wicket 7.9
* The complete list from JIRA: https://issues.apache.org/jira/browse/FC-232?jql=project%20%3D%2012315921%20AND%20fixVersion%20%3D%2012338782%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC
Please vote:
[ ] +1 | Release Fortress core, realm, rest and web 2.0.1
[ ] +/-0 | Abstain
[ ] -1 | Do *NOT* Release Fortress core, realm, rest and web 2.0.1
Shawn
Cancel, was [VOTE] Apache Fortress 2.0.1 release
Posted by Shawn McKinney <sm...@apache.org>.
Canceling this vote to fix a bug that I found, plus the other problems mentioned before. Will regroup in a few days...
Shawn
> Begin forwarded message:
>
> From: Shawn McKinney <sm...@apache.org>
> Subject: [VOTE] Apache Fortress 2.0.1 release
> Date: July 9, 2018 at 9:41:43 AM CDT
> To: fortress@directory.apache.org, Apache Directory Developers List <de...@directory.apache.org>
> Reply-To: "Apache Directory Developers List" <de...@directory.apache.org>
>
> Hello,
>
> I’m happy to announce that after a year’s worth of work we’ve managed to put together a new release. Just to set expectations, it won’t be another before the next one.
>
> There are some interesting items that need out. Yudhi’s High availability being one of them.
>
> Also I should mention a few patches security related, i.e. ++versions on artifacts from apache cxf and others which make this release particularly important.
>
> For those new to *testing* Fortress releases, I highly recommend using one of the DOCKER quick starts listed below. Run the steps up to and including ‘integration tests’. On a linux machine that has preqs (docker, java8, mvn, git) should take < 10 minutes to complete. Do not hesitate to prompt me on our ml if you have questions or doubts.
>
> Lastly, apologize in advance. Wrt to improving the fortress source bundling/staging to simplify *your* job testing the releases. Both Stefan and Colm kindly offered suggestions last year, but the ball got dropped. We’ll get ‘er right by next time.
>
> Now the release…
>
> *********************
>
> This is an announcement to vote for the next Apache Directory Fortress.
>
> The version, 2.0.1, has a tag created in git: ‘2.0.1’.
>
> and the sources may be pulled using git commands:
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git
>
> with their associated checksums:
> - core: 4009d2d0a5cc7b6d2a5a2e744a7dabab52c64e65
> - realm: dc23b6cbb93d1d0e998f0dcd03e7665df8c97475
> - rest: 1189b666a66176731c745c7c8be984f76f59a76d
> - web: 0423ea8b8dc3a6a410e84908ba9272661bcadb63
>
> Or, source distros may be downloaded from this location:
> http://home.apache.org/~smckinney/
>
> The staging repos on Nexus:
> - core: https://repository.apache.org/content/repositories/orgapachedirectory-1159
> - realm: https://repository.apache.org/content/repositories/orgapachedirectory-1160
> - rest: https://repository.apache.org/content/repositories/orgapachedirectory-1161
> - web: https://repository.apache.org/content/repositories/orgapachedirectory-1162
>
> Test using one of these:
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md
>
> - Choose one of the above. Complete (only) the sections leading up to and including the SECTION entitled: 'Apache Fortress Core Integration Test’
> - Choose the docker quickstart & save time. Won't have to install an LDAP server for the integration tests.
>
> 2.0.1 includes:
> * Update to use Apache LDAP API v1.0.2
> * FC-235 Add support for runtime constraints to be placed on activated roles
> * FC-102 [fortress-web] fix problems with group page
> * FC-108 Add support for RFC2307 BIS
> * FC-217 Option to disable role occupants
> * FC-226 ehcache masking security exceptions
> * FC-227 Exclude xml-apis from LDAP api
> * FC-228 [fortress-rest] CVE-2017-12624: Apache CXF web services that process attachments are vulnerable to Denial of Service (DoS) attacks
> * FC-233 [FORTRESS-REST] Upgrade to Spring 5 and latest CXF
> * FC-232 [fortress-web] to Spring 5 and Wicket 7.9
>
> * The complete list from JIRA: https://issues.apache.org/jira/browse/FC-232?jql=project%20%3D%2012315921%20AND%20fixVersion%20%3D%2012338782%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC
>
> Please vote:
>
> [ ] +1 | Release Fortress core, realm, rest and web 2.0.1
> [ ] +/-0 | Abstain
> [ ] -1 | Do *NOT* Release Fortress core, realm, rest and web 2.0.1
>
> Shawn
>
>
>
>
>
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
On 07/09/2018 10:20 PM, Shawn McKinney wrote:
>> * Future releases should not include md5 checksums, please see mail from
>> Henk with subject "checksum file Release Distribution Policy" and
>> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
>> currently it's still allowed, right?
>
> Ah OK. I’ll make note of that in my release procedures. I suppose we can still exclude right? Just remove from the maven staging repo and won’t load into SVN dist.
>
> Let me know if that doesn’t sound right.
Yes, sounds good.
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
On 07/09/2018 10:20 PM, Shawn McKinney wrote:
>> * Future releases should not include md5 checksums, please see mail from
>> Henk with subject "checksum file Release Distribution Policy" and
>> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
>> currently it's still allowed, right?
>
> Ah OK. I’ll make note of that in my release procedures. I suppose we can still exclude right? Just remove from the maven staging repo and won’t load into SVN dist.
>
> Let me know if that doesn’t sound right.
Yes, sounds good.
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Shawn McKinney <sm...@apache.org>.
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Two findings:
>
> * Selenium is now included in fortress-web as runtime dependency, I
> guess it is only requried as test dependency? License wise that's fine
> and not a blocker because it uses Apache License. However it increases
> the WAR file size from 26MB to 34MB and adds many more libs which may
> increase attack surface. I let you decide if that should be considered
> as blocker.
Good eye Stefan! Updated in trunk. I don’t believe this is a show-stopper, more of an annoyance, and will proceed unless there are objections from others.
>
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Two findings:
>
> * Future releases should not include md5 checksums, please see mail from
> Henk with subject "checksum file Release Distribution Policy" and
> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
> currently it's still allowed, right?
Ah OK. I’ll make note of that in my release procedures. I suppose we can still exclude right? Just remove from the maven staging repo and won’t load into SVN dist.
Let me know if that doesn’t sound right.
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Otherwise +1 from me:
>
> * Verified checksums and signatures of the source packages
> * Checked license and notice files
> * Built all 4 source packages with OpenJDK 1.8.0_172 on Linux
> * Run fortress core integration tests against ApacheDS and OpenLDAP
Cool, thanks!!
—Shawn
>
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Two findings:
>
> * Selenium is now included in fortress-web as runtime dependency, I
> guess it is only requried as test dependency? License wise that's fine
> and not a blocker because it uses Apache License. However it increases
> the WAR file size from 26MB to 34MB and adds many more libs which may
> increase attack surface. I let you decide if that should be considered
> as blocker.
> * Future releases should not include md5 checksums, please see mail from
> Henk with subject "checksum file Release Distribution Policy" and
> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
> currently it's still allowed, right?
>
>
> Otherwise +1 from me:
>
> * Verified checksums and signatures of the source packages
> * Checked license and notice files
> * Built all 4 source packages with OpenJDK 1.8.0_172 on Linux
> * Run fortress core integration tests against ApacheDS and OpenLDAP
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Shawn McKinney <sm...@apache.org>.
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Two findings:
>
> * Selenium is now included in fortress-web as runtime dependency, I
> guess it is only requried as test dependency? License wise that's fine
> and not a blocker because it uses Apache License. However it increases
> the WAR file size from 26MB to 34MB and adds many more libs which may
> increase attack surface. I let you decide if that should be considered
> as blocker.
Good eye Stefan! Updated in trunk. I don’t believe this is a show-stopper, more of an annoyance, and will proceed unless there are objections from others.
>
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Two findings:
>
> * Future releases should not include md5 checksums, please see mail from
> Henk with subject "checksum file Release Distribution Policy" and
> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
> currently it's still allowed, right?
Ah OK. I’ll make note of that in my release procedures. I suppose we can still exclude right? Just remove from the maven staging repo and won’t load into SVN dist.
Let me know if that doesn’t sound right.
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Otherwise +1 from me:
>
> * Verified checksums and signatures of the source packages
> * Checked license and notice files
> * Built all 4 source packages with OpenJDK 1.8.0_172 on Linux
> * Run fortress core integration tests against ApacheDS and OpenLDAP
Cool, thanks!!
—Shawn
>
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Two findings:
>
> * Selenium is now included in fortress-web as runtime dependency, I
> guess it is only requried as test dependency? License wise that's fine
> and not a blocker because it uses Apache License. However it increases
> the WAR file size from 26MB to 34MB and adds many more libs which may
> increase attack surface. I let you decide if that should be considered
> as blocker.
> * Future releases should not include md5 checksums, please see mail from
> Henk with subject "checksum file Release Distribution Policy" and
> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
> currently it's still allowed, right?
>
>
> Otherwise +1 from me:
>
> * Verified checksums and signatures of the source packages
> * Checked license and notice files
> * Built all 4 source packages with OpenJDK 1.8.0_172 on Linux
> * Run fortress core integration tests against ApacheDS and OpenLDAP
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Shawn McKinney <sm...@apache.org>.
> On Jul 14, 2018, at 10:20 AM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> Sure, what else can we do :-/
One thing we can control, what gets uploaded to our download site. I won’t deploy the .md5 artifacts there.
Thanks,
—Shawn
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
On 07/13/2018 07:15 PM, Shawn McKinney wrote:
>
>> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>>
>> * Future releases should not include md5 checksums, please see mail from
>> Henk with subject "checksum file Release Distribution Policy" and
>> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
>> currently it's still allowed, right?
>
> Hello,
>
> The rules for deploying to repository.apache.org still require md5 checksums on the artifacts. So, will continue uploading those, unless someone’s got a better idea.
Sure, what else can we do :-/
> Here’s the errors after staging repo fails on close:
>
> failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1.jar.md5'
> failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1-sources.jar.md5'
> failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1.pom.md5'
> failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1-javadoc.jar.md5’
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Shawn McKinney <sm...@apache.org>.
> On Jul 9, 2018, at 3:07 PM, Stefan Seelmann <ma...@stefan-seelmann.de> wrote:
>
> * Future releases should not include md5 checksums, please see mail from
> Henk with subject "checksum file Release Distribution Policy" and
> https://www.apache.org/dev/release-distribution#sigs-and-sums. But
> currently it's still allowed, right?
Hello,
The rules for deploying to repository.apache.org still require md5 checksums on the artifacts. So, will continue uploading those, unless someone’s got a better idea.
Here’s the errors after staging repo fails on close:
failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1.jar.md5'
failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1-sources.jar.md5'
failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1.pom.md5'
failureMessage Missing MD5: '/org/apache/directory/fortress/fortress-core/2.0.1/fortress-core-2.0.1-javadoc.jar.md5’
Thanks,
—Shawn
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
Two findings:
* Selenium is now included in fortress-web as runtime dependency, I
guess it is only requried as test dependency? License wise that's fine
and not a blocker because it uses Apache License. However it increases
the WAR file size from 26MB to 34MB and adds many more libs which may
increase attack surface. I let you decide if that should be considered
as blocker.
* Future releases should not include md5 checksums, please see mail from
Henk with subject "checksum file Release Distribution Policy" and
https://www.apache.org/dev/release-distribution#sigs-and-sums. But
currently it's still allowed, right?
Otherwise +1 from me:
* Verified checksums and signatures of the source packages
* Checked license and notice files
* Built all 4 source packages with OpenJDK 1.8.0_172 on Linux
* Run fortress core integration tests against ApacheDS and OpenLDAP
Kind Regards,
Stefan
On 07/09/2018 04:41 PM, Shawn McKinney wrote:
> Hello,
>
> I’m happy to announce that after a year’s worth of work we’ve managed to put together a new release. Just to set expectations, it won’t be another before the next one.
>
> There are some interesting items that need out. Yudhi’s High availability being one of them.
>
> Also I should mention a few patches security related, i.e. ++versions on artifacts from apache cxf and others which make this release particularly important.
>
> For those new to *testing* Fortress releases, I highly recommend using one of the DOCKER quick starts listed below. Run the steps up to and including ‘integration tests’. On a linux machine that has preqs (docker, java8, mvn, git) should take < 10 minutes to complete. Do not hesitate to prompt me on our ml if you have questions or doubts.
>
> Lastly, apologize in advance. Wrt to improving the fortress source bundling/staging to simplify *your* job testing the releases. Both Stefan and Colm kindly offered suggestions last year, but the ball got dropped. We’ll get ‘er right by next time.
>
> Now the release…
>
> *********************
>
> This is an announcement to vote for the next Apache Directory Fortress.
>
> The version, 2.0.1, has a tag created in git: ‘2.0.1’.
>
> and the sources may be pulled using git commands:
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git
>
> with their associated checksums:
> - core: 4009d2d0a5cc7b6d2a5a2e744a7dabab52c64e65
> - realm: dc23b6cbb93d1d0e998f0dcd03e7665df8c97475
> - rest: 1189b666a66176731c745c7c8be984f76f59a76d
> - web: 0423ea8b8dc3a6a410e84908ba9272661bcadb63
>
> Or, source distros may be downloaded from this location:
> http://home.apache.org/~smckinney/
>
> The staging repos on Nexus:
> - core: https://repository.apache.org/content/repositories/orgapachedirectory-1159
> - realm: https://repository.apache.org/content/repositories/orgapachedirectory-1160
> - rest: https://repository.apache.org/content/repositories/orgapachedirectory-1161
> - web: https://repository.apache.org/content/repositories/orgapachedirectory-1162
>
> Test using one of these:
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md
>
> - Choose one of the above. Complete (only) the sections leading up to and including the SECTION entitled: 'Apache Fortress Core Integration Test’
> - Choose the docker quickstart & save time. Won't have to install an LDAP server for the integration tests.
>
> 2.0.1 includes:
> * Update to use Apache LDAP API v1.0.2
> * FC-235 Add support for runtime constraints to be placed on activated roles
> * FC-102 [fortress-web] fix problems with group page
> * FC-108 Add support for RFC2307 BIS
> * FC-217 Option to disable role occupants
> * FC-226 ehcache masking security exceptions
> * FC-227 Exclude xml-apis from LDAP api
> * FC-228 [fortress-rest] CVE-2017-12624: Apache CXF web services that process attachments are vulnerable to Denial of Service (DoS) attacks
> * FC-233 [FORTRESS-REST] Upgrade to Spring 5 and latest CXF
> * FC-232 [fortress-web] to Spring 5 and Wicket 7.9
>
> * The complete list from JIRA: https://issues.apache.org/jira/browse/FC-232?jql=project%20%3D%2012315921%20AND%20fixVersion%20%3D%2012338782%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC
>
> Please vote:
>
> [ ] +1 | Release Fortress core, realm, rest and web 2.0.1
> [ ] +/-0 | Abstain
> [ ] -1 | Do *NOT* Release Fortress core, realm, rest and web 2.0.1
>
> Shawn
>
>
>
>
>
Re: [VOTE] Apache Fortress 2.0.1 release
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
Two findings:
* Selenium is now included in fortress-web as runtime dependency, I
guess it is only requried as test dependency? License wise that's fine
and not a blocker because it uses Apache License. However it increases
the WAR file size from 26MB to 34MB and adds many more libs which may
increase attack surface. I let you decide if that should be considered
as blocker.
* Future releases should not include md5 checksums, please see mail from
Henk with subject "checksum file Release Distribution Policy" and
https://www.apache.org/dev/release-distribution#sigs-and-sums. But
currently it's still allowed, right?
Otherwise +1 from me:
* Verified checksums and signatures of the source packages
* Checked license and notice files
* Built all 4 source packages with OpenJDK 1.8.0_172 on Linux
* Run fortress core integration tests against ApacheDS and OpenLDAP
Kind Regards,
Stefan
On 07/09/2018 04:41 PM, Shawn McKinney wrote:
> Hello,
>
> I’m happy to announce that after a year’s worth of work we’ve managed to put together a new release. Just to set expectations, it won’t be another before the next one.
>
> There are some interesting items that need out. Yudhi’s High availability being one of them.
>
> Also I should mention a few patches security related, i.e. ++versions on artifacts from apache cxf and others which make this release particularly important.
>
> For those new to *testing* Fortress releases, I highly recommend using one of the DOCKER quick starts listed below. Run the steps up to and including ‘integration tests’. On a linux machine that has preqs (docker, java8, mvn, git) should take < 10 minutes to complete. Do not hesitate to prompt me on our ml if you have questions or doubts.
>
> Lastly, apologize in advance. Wrt to improving the fortress source bundling/staging to simplify *your* job testing the releases. Both Stefan and Colm kindly offered suggestions last year, but the ball got dropped. We’ll get ‘er right by next time.
>
> Now the release…
>
> *********************
>
> This is an announcement to vote for the next Apache Directory Fortress.
>
> The version, 2.0.1, has a tag created in git: ‘2.0.1’.
>
> and the sources may be pulled using git commands:
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git
>
> with their associated checksums:
> - core: 4009d2d0a5cc7b6d2a5a2e744a7dabab52c64e65
> - realm: dc23b6cbb93d1d0e998f0dcd03e7665df8c97475
> - rest: 1189b666a66176731c745c7c8be984f76f59a76d
> - web: 0423ea8b8dc3a6a410e84908ba9272661bcadb63
>
> Or, source distros may be downloaded from this location:
> http://home.apache.org/~smckinney/
>
> The staging repos on Nexus:
> - core: https://repository.apache.org/content/repositories/orgapachedirectory-1159
> - realm: https://repository.apache.org/content/repositories/orgapachedirectory-1160
> - rest: https://repository.apache.org/content/repositories/orgapachedirectory-1161
> - web: https://repository.apache.org/content/repositories/orgapachedirectory-1162
>
> Test using one of these:
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md
>
> - Choose one of the above. Complete (only) the sections leading up to and including the SECTION entitled: 'Apache Fortress Core Integration Test’
> - Choose the docker quickstart & save time. Won't have to install an LDAP server for the integration tests.
>
> 2.0.1 includes:
> * Update to use Apache LDAP API v1.0.2
> * FC-235 Add support for runtime constraints to be placed on activated roles
> * FC-102 [fortress-web] fix problems with group page
> * FC-108 Add support for RFC2307 BIS
> * FC-217 Option to disable role occupants
> * FC-226 ehcache masking security exceptions
> * FC-227 Exclude xml-apis from LDAP api
> * FC-228 [fortress-rest] CVE-2017-12624: Apache CXF web services that process attachments are vulnerable to Denial of Service (DoS) attacks
> * FC-233 [FORTRESS-REST] Upgrade to Spring 5 and latest CXF
> * FC-232 [fortress-web] to Spring 5 and Wicket 7.9
>
> * The complete list from JIRA: https://issues.apache.org/jira/browse/FC-232?jql=project%20%3D%2012315921%20AND%20fixVersion%20%3D%2012338782%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC
>
> Please vote:
>
> [ ] +1 | Release Fortress core, realm, rest and web 2.0.1
> [ ] +/-0 | Abstain
> [ ] -1 | Do *NOT* Release Fortress core, realm, rest and web 2.0.1
>
> Shawn
>
>
>
>
>
Cancel, was [VOTE] Apache Fortress 2.0.1 release
Posted by Shawn McKinney <sm...@apache.org>.
Canceling this vote to fix a bug that I found, plus the other problems mentioned before. Will regroup in a few days...
Shawn
> Begin forwarded message:
>
> From: Shawn McKinney <sm...@apache.org>
> Subject: [VOTE] Apache Fortress 2.0.1 release
> Date: July 9, 2018 at 9:41:43 AM CDT
> To: fortress@directory.apache.org, Apache Directory Developers List <de...@directory.apache.org>
> Reply-To: "Apache Directory Developers List" <de...@directory.apache.org>
>
> Hello,
>
> I’m happy to announce that after a year’s worth of work we’ve managed to put together a new release. Just to set expectations, it won’t be another before the next one.
>
> There are some interesting items that need out. Yudhi’s High availability being one of them.
>
> Also I should mention a few patches security related, i.e. ++versions on artifacts from apache cxf and others which make this release particularly important.
>
> For those new to *testing* Fortress releases, I highly recommend using one of the DOCKER quick starts listed below. Run the steps up to and including ‘integration tests’. On a linux machine that has preqs (docker, java8, mvn, git) should take < 10 minutes to complete. Do not hesitate to prompt me on our ml if you have questions or doubts.
>
> Lastly, apologize in advance. Wrt to improving the fortress source bundling/staging to simplify *your* job testing the releases. Both Stefan and Colm kindly offered suggestions last year, but the ball got dropped. We’ll get ‘er right by next time.
>
> Now the release…
>
> *********************
>
> This is an announcement to vote for the next Apache Directory Fortress.
>
> The version, 2.0.1, has a tag created in git: ‘2.0.1’.
>
> and the sources may be pulled using git commands:
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git
> git clone --branch 2.0.1 https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git
>
> with their associated checksums:
> - core: 4009d2d0a5cc7b6d2a5a2e744a7dabab52c64e65
> - realm: dc23b6cbb93d1d0e998f0dcd03e7665df8c97475
> - rest: 1189b666a66176731c745c7c8be984f76f59a76d
> - web: 0423ea8b8dc3a6a410e84908ba9272661bcadb63
>
> Or, source distros may be downloaded from this location:
> http://home.apache.org/~smckinney/
>
> The staging repos on Nexus:
> - core: https://repository.apache.org/content/repositories/orgapachedirectory-1159
> - realm: https://repository.apache.org/content/repositories/orgapachedirectory-1160
> - rest: https://repository.apache.org/content/repositories/orgapachedirectory-1161
> - web: https://repository.apache.org/content/repositories/orgapachedirectory-1162
>
> Test using one of these:
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md
> * https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md
>
> - Choose one of the above. Complete (only) the sections leading up to and including the SECTION entitled: 'Apache Fortress Core Integration Test’
> - Choose the docker quickstart & save time. Won't have to install an LDAP server for the integration tests.
>
> 2.0.1 includes:
> * Update to use Apache LDAP API v1.0.2
> * FC-235 Add support for runtime constraints to be placed on activated roles
> * FC-102 [fortress-web] fix problems with group page
> * FC-108 Add support for RFC2307 BIS
> * FC-217 Option to disable role occupants
> * FC-226 ehcache masking security exceptions
> * FC-227 Exclude xml-apis from LDAP api
> * FC-228 [fortress-rest] CVE-2017-12624: Apache CXF web services that process attachments are vulnerable to Denial of Service (DoS) attacks
> * FC-233 [FORTRESS-REST] Upgrade to Spring 5 and latest CXF
> * FC-232 [fortress-web] to Spring 5 and Wicket 7.9
>
> * The complete list from JIRA: https://issues.apache.org/jira/browse/FC-232?jql=project%20%3D%2012315921%20AND%20fixVersion%20%3D%2012338782%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC
>
> Please vote:
>
> [ ] +1 | Release Fortress core, realm, rest and web 2.0.1
> [ ] +/-0 | Abstain
> [ ] -1 | Do *NOT* Release Fortress core, realm, rest and web 2.0.1
>
> Shawn
>
>
>
>
>