You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by Andrea Del Bene <an...@gmail.com> on 2020/03/10 20:49:57 UTC
[VOTE] Release Apache Wicket 9.0.0-M5
This is a vote to release Apache Wicket 9.0.0-M5
Please download the source distributions found in our staging area
linked below.
I have included the signatures for both the source archives. This vote
lasts for 72 hours minimum.
[ ] Yes, release Apache Wicket 9.0.0-M5
[ ] No, don't release Apache Wicket 9.0.0-M5, because ...
Distributions, changelog, keys and signatures can be found at:
https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
Staging repository:
https://repository.apache.org/content/repositories/orgapachewicket-1137/
The binaries are available in the above link, as are a staging
repository for Maven. Typically the vote is on the source, but should
you find a problem with one of the binaries, please let me know, I can
re-roll them some way or the other.
Staging git repository data:
Repository: git@github.com:bitstorm/wicket.git
Branch: build/wicket-9.0.0-M5
Release tag: rel/wicket-9.0.0-M5
========================================================================
The signatures for the source release artefacts:
Signature for apache-wicket-9.0.0-M5.zip:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
/U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
=qrHX
-----END PGP SIGNATURE-----
Signature for apache-wicket-9.0.0-M5.tar.gz:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
/Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
=UkVf
-----END PGP SIGNATURE-----
========================================================================
CHANGELOG for 9.0.0-M5:
** Bug
* [WICKET-6745] - CSP: inline JS in server and client time response
filters
* [WICKET-6746] - HttpsMapper cannot deal with resources over
websockets
* [WICKET-6752] - Some dependencies contain CVEs
* [WICKET-6753] - res/modal.js using aria-labelledby where it
should be using aria-label
* [WICKET-6754] - Iteration stops with nested containers
** New Feature
* [WICKET-6727] - Configurable CSP
* [WICKET-6729] - allow adding IHeaderResponseDecorator without
replacing all others
* [WICKET-6730] - Global access to secure random data
** Improvement
* [WICKET-6724] - CSP: Inline Javascript in AjaxLink
* [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
* [WICKET-6726] - CSP: inline styling and js in Form submitbutton
handling
* [WICKET-6731] - CSP: inline JS in SubmitLink
* [WICKET-6732] - CSP: inline JS in Link and ExternalLink
* [WICKET-6733] - CSP: enable by default
* [WICKET-6735] - CSP: inline styling in
FormComponentFeedbackBorder/Indicator
* [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
* [WICKET-6737] - CSP: violations in examples
* [WICKET-6738] - CSP: inline styling in UploadProgressBar
* [WICKET-6739] - CSP: inline JS in Palette
* [WICKET-6740] - CSP: inline JS in Button
* [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
* [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
* [WICKET-6750] - add capability to cancel ongoing AJAX requests
from client side
** Task
* [WICKET-6687] - Cleanup the code from attribute inline styles and
attribute inline scripts
* [WICKET-6747] - Document CSP in user guide and migration guide
Re: [VOTE] Release Apache Wicket 9.0.0-M5
Posted by Maxim Solodovnik <so...@gmail.com>.
+1
Tested:
1) signatures
2) build from sources
3) our main app
will start checking wicketstuff later this week
On Wed, 11 Mar 2020 at 03:50, Andrea Del Bene <an...@gmail.com> wrote:
>
> This is a vote to release Apache Wicket 9.0.0-M5
>
> Please download the source distributions found in our staging area
> linked below.
>
> I have included the signatures for both the source archives. This vote
> lasts for 72 hours minimum.
>
> [ ] Yes, release Apache Wicket 9.0.0-M5
> [ ] No, don't release Apache Wicket 9.0.0-M5, because ...
>
> Distributions, changelog, keys and signatures can be found at:
>
> https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
>
> Staging repository:
>
> https://repository.apache.org/content/repositories/orgapachewicket-1137/
>
> The binaries are available in the above link, as are a staging
> repository for Maven. Typically the vote is on the source, but should
> you find a problem with one of the binaries, please let me know, I can
> re-roll them some way or the other.
>
> Staging git repository data:
>
> Repository: git@github.com:bitstorm/wicket.git
> Branch: build/wicket-9.0.0-M5
> Release tag: rel/wicket-9.0.0-M5
>
>
> ========================================================================
>
> The signatures for the source release artefacts:
>
>
> Signature for apache-wicket-9.0.0-M5.zip:
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
> VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
> hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
> cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
> iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
> /U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
> VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
> UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
> GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
> Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
> ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
> 8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
> =qrHX
> -----END PGP SIGNATURE-----
>
> Signature for apache-wicket-9.0.0-M5.tar.gz:
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
> VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
> 7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
> oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
> l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
> N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
> /Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
> 5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
> rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
> trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
> eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
> uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
> =UkVf
> -----END PGP SIGNATURE-----
>
> ========================================================================
>
> CHANGELOG for 9.0.0-M5:
>
> ** Bug
>
> * [WICKET-6745] - CSP: inline JS in server and client time response
> filters
> * [WICKET-6746] - HttpsMapper cannot deal with resources over
> websockets
> * [WICKET-6752] - Some dependencies contain CVEs
> * [WICKET-6753] - res/modal.js using aria-labelledby where it
> should be using aria-label
> * [WICKET-6754] - Iteration stops with nested containers
>
> ** New Feature
>
> * [WICKET-6727] - Configurable CSP
> * [WICKET-6729] - allow adding IHeaderResponseDecorator without
> replacing all others
> * [WICKET-6730] - Global access to secure random data
>
> ** Improvement
>
> * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
> * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
> * [WICKET-6726] - CSP: inline styling and js in Form submitbutton
> handling
> * [WICKET-6731] - CSP: inline JS in SubmitLink
> * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
> * [WICKET-6733] - CSP: enable by default
> * [WICKET-6735] - CSP: inline styling in
> FormComponentFeedbackBorder/Indicator
> * [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
> * [WICKET-6737] - CSP: violations in examples
> * [WICKET-6738] - CSP: inline styling in UploadProgressBar
> * [WICKET-6739] - CSP: inline JS in Palette
> * [WICKET-6740] - CSP: inline JS in Button
> * [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
> * [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
> * [WICKET-6750] - add capability to cancel ongoing AJAX requests
> from client side
>
> ** Task
>
> * [WICKET-6687] - Cleanup the code from attribute inline styles and
> attribute inline scripts
> * [WICKET-6747] - Document CSP in user guide and migration guide
>
--
WBR
Maxim aka solomax
Re: [VOTE] Release Apache Wicket 9.0.0-M5
Posted by Andrea Del Bene <an...@gmail.com>.
Just ring the bell when you feel ready for a new build :-)
On 3/12/20 12:13 PM, Sven Meier wrote:
> Hi,
>
> I don't care about the method name, so I reverted it to
> #getCspSettings().
> AFAIKS the documentation stays valid in that case?
>
> Have fun
>
> Sven
>
>
> On 12.03.20 09:42, Emond Papegaaij wrote:
>> Hi,
>>
>> Agreed, but first, the documentation needs to be updated with the new
>> API. I like most of the changes, except for the new method name for
>> 'getContentSecurityPolicySettings()'. IMHO it's too long and everyone
>> calls it CSP. I'd rather stick with 'getCspSettings()'. The
>> documentation in 'ContentSecurityPolicySettings' is already missing
>> 'Policy'.
>>
>> Best regards,
>> Emond
>>
>> On Thu, Mar 12, 2020 at 8:16 AM Martin Grigorov
>> <mg...@apache.org> wrote:
>>> Hi,
>>>
>>> Sven just made some API breaking changes with
>>> https://gitbox.apache.org/repos/asf?p=wicket.git;h=88e8d36, for good!
>>> If we want the next release to be the final one then I suggest to
>>> cancel
>>> this vote and start over with the new change.
>>>
>>> Martin
>>>
>>> On Tue, Mar 10, 2020 at 10:50 PM Andrea Del Bene <an...@gmail.com>
>>> wrote:
>>>
>>>> This is a vote to release Apache Wicket 9.0.0-M5
>>>>
>>>> Please download the source distributions found in our staging area
>>>> linked below.
>>>>
>>>> I have included the signatures for both the source archives. This vote
>>>> lasts for 72 hours minimum.
>>>>
>>>> [ ] Yes, release Apache Wicket 9.0.0-M5
>>>> [ ] No, don't release Apache Wicket 9.0.0-M5, because ...
>>>>
>>>> Distributions, changelog, keys and signatures can be found at:
>>>>
>>>> https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
>>>>
>>>> Staging repository:
>>>>
>>>> https://repository.apache.org/content/repositories/orgapachewicket-1137/
>>>>
>>>>
>>>> The binaries are available in the above link, as are a staging
>>>> repository for Maven. Typically the vote is on the source, but should
>>>> you find a problem with one of the binaries, please let me know, I can
>>>> re-roll them some way or the other.
>>>>
>>>> Staging git repository data:
>>>>
>>>> Repository: git@github.com:bitstorm/wicket.git
>>>> Branch: build/wicket-9.0.0-M5
>>>> Release tag: rel/wicket-9.0.0-M5
>>>>
>>>>
>>>> ========================================================================
>>>>
>>>>
>>>> The signatures for the source release artefacts:
>>>>
>>>>
>>>> Signature for apache-wicket-9.0.0-M5.zip:
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>>
>>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
>>>> VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
>>>> hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
>>>> cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
>>>> iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
>>>> /U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
>>>> VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
>>>> UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
>>>> GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
>>>> Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
>>>> ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
>>>> 8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
>>>> =qrHX
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> Signature for apache-wicket-9.0.0-M5.tar.gz:
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>>
>>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
>>>> VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
>>>> 7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
>>>> oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
>>>> l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
>>>> N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
>>>> /Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
>>>> 5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
>>>> rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
>>>> trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
>>>> eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
>>>> uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
>>>> =UkVf
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> ========================================================================
>>>>
>>>>
>>>> CHANGELOG for 9.0.0-M5:
>>>>
>>>> ** Bug
>>>>
>>>> * [WICKET-6745] - CSP: inline JS in server and client time
>>>> response
>>>> filters
>>>> * [WICKET-6746] - HttpsMapper cannot deal with resources over
>>>> websockets
>>>> * [WICKET-6752] - Some dependencies contain CVEs
>>>> * [WICKET-6753] - res/modal.js using aria-labelledby where it
>>>> should be using aria-label
>>>> * [WICKET-6754] - Iteration stops with nested containers
>>>>
>>>> ** New Feature
>>>>
>>>> * [WICKET-6727] - Configurable CSP
>>>> * [WICKET-6729] - allow adding IHeaderResponseDecorator without
>>>> replacing all others
>>>> * [WICKET-6730] - Global access to secure random data
>>>>
>>>> ** Improvement
>>>>
>>>> * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
>>>> * [WICKET-6725] - CSP: display:none in
>>>> Component.renderPlaceholderTag
>>>> * [WICKET-6726] - CSP: inline styling and js in Form
>>>> submitbutton
>>>> handling
>>>> * [WICKET-6731] - CSP: inline JS in SubmitLink
>>>> * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
>>>> * [WICKET-6733] - CSP: enable by default
>>>> * [WICKET-6735] - CSP: inline styling in
>>>> FormComponentFeedbackBorder/Indicator
>>>> * [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
>>>> * [WICKET-6737] - CSP: violations in examples
>>>> * [WICKET-6738] - CSP: inline styling in UploadProgressBar
>>>> * [WICKET-6739] - CSP: inline JS in Palette
>>>> * [WICKET-6740] - CSP: inline JS in Button
>>>> * [WICKET-6741] - CSP: inline JS in
>>>> FormComponentUpdatingBehavior
>>>> * [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
>>>> * [WICKET-6750] - add capability to cancel ongoing AJAX requests
>>>> from client side
>>>>
>>>> ** Task
>>>>
>>>> * [WICKET-6687] - Cleanup the code from attribute inline
>>>> styles and
>>>> attribute inline scripts
>>>> * [WICKET-6747] - Document CSP in user guide and migration guide
>>>>
>>>>
Re: [VOTE] Release Apache Wicket 9.0.0-M5
Posted by Sven Meier <sv...@meiers.net>.
Hi,
I don't care about the method name, so I reverted it to #getCspSettings().
AFAIKS the documentation stays valid in that case?
Have fun
Sven
On 12.03.20 09:42, Emond Papegaaij wrote:
> Hi,
>
> Agreed, but first, the documentation needs to be updated with the new
> API. I like most of the changes, except for the new method name for
> 'getContentSecurityPolicySettings()'. IMHO it's too long and everyone
> calls it CSP. I'd rather stick with 'getCspSettings()'. The
> documentation in 'ContentSecurityPolicySettings' is already missing
> 'Policy'.
>
> Best regards,
> Emond
>
> On Thu, Mar 12, 2020 at 8:16 AM Martin Grigorov <mg...@apache.org> wrote:
>> Hi,
>>
>> Sven just made some API breaking changes with
>> https://gitbox.apache.org/repos/asf?p=wicket.git;h=88e8d36, for good!
>> If we want the next release to be the final one then I suggest to cancel
>> this vote and start over with the new change.
>>
>> Martin
>>
>> On Tue, Mar 10, 2020 at 10:50 PM Andrea Del Bene <an...@gmail.com>
>> wrote:
>>
>>> This is a vote to release Apache Wicket 9.0.0-M5
>>>
>>> Please download the source distributions found in our staging area
>>> linked below.
>>>
>>> I have included the signatures for both the source archives. This vote
>>> lasts for 72 hours minimum.
>>>
>>> [ ] Yes, release Apache Wicket 9.0.0-M5
>>> [ ] No, don't release Apache Wicket 9.0.0-M5, because ...
>>>
>>> Distributions, changelog, keys and signatures can be found at:
>>>
>>> https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
>>>
>>> Staging repository:
>>>
>>> https://repository.apache.org/content/repositories/orgapachewicket-1137/
>>>
>>> The binaries are available in the above link, as are a staging
>>> repository for Maven. Typically the vote is on the source, but should
>>> you find a problem with one of the binaries, please let me know, I can
>>> re-roll them some way or the other.
>>>
>>> Staging git repository data:
>>>
>>> Repository: git@github.com:bitstorm/wicket.git
>>> Branch: build/wicket-9.0.0-M5
>>> Release tag: rel/wicket-9.0.0-M5
>>>
>>>
>>> ========================================================================
>>>
>>> The signatures for the source release artefacts:
>>>
>>>
>>> Signature for apache-wicket-9.0.0-M5.zip:
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>>
>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
>>> VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
>>> hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
>>> cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
>>> iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
>>> /U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
>>> VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
>>> UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
>>> GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
>>> Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
>>> ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
>>> 8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
>>> =qrHX
>>> -----END PGP SIGNATURE-----
>>>
>>> Signature for apache-wicket-9.0.0-M5.tar.gz:
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>>
>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
>>> VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
>>> 7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
>>> oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
>>> l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
>>> N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
>>> /Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
>>> 5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
>>> rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
>>> trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
>>> eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
>>> uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
>>> =UkVf
>>> -----END PGP SIGNATURE-----
>>>
>>> ========================================================================
>>>
>>> CHANGELOG for 9.0.0-M5:
>>>
>>> ** Bug
>>>
>>> * [WICKET-6745] - CSP: inline JS in server and client time response
>>> filters
>>> * [WICKET-6746] - HttpsMapper cannot deal with resources over
>>> websockets
>>> * [WICKET-6752] - Some dependencies contain CVEs
>>> * [WICKET-6753] - res/modal.js using aria-labelledby where it
>>> should be using aria-label
>>> * [WICKET-6754] - Iteration stops with nested containers
>>>
>>> ** New Feature
>>>
>>> * [WICKET-6727] - Configurable CSP
>>> * [WICKET-6729] - allow adding IHeaderResponseDecorator without
>>> replacing all others
>>> * [WICKET-6730] - Global access to secure random data
>>>
>>> ** Improvement
>>>
>>> * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
>>> * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
>>> * [WICKET-6726] - CSP: inline styling and js in Form submitbutton
>>> handling
>>> * [WICKET-6731] - CSP: inline JS in SubmitLink
>>> * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
>>> * [WICKET-6733] - CSP: enable by default
>>> * [WICKET-6735] - CSP: inline styling in
>>> FormComponentFeedbackBorder/Indicator
>>> * [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
>>> * [WICKET-6737] - CSP: violations in examples
>>> * [WICKET-6738] - CSP: inline styling in UploadProgressBar
>>> * [WICKET-6739] - CSP: inline JS in Palette
>>> * [WICKET-6740] - CSP: inline JS in Button
>>> * [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
>>> * [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
>>> * [WICKET-6750] - add capability to cancel ongoing AJAX requests
>>> from client side
>>>
>>> ** Task
>>>
>>> * [WICKET-6687] - Cleanup the code from attribute inline styles and
>>> attribute inline scripts
>>> * [WICKET-6747] - Document CSP in user guide and migration guide
>>>
>>>
Re: [VOTE] Release Apache Wicket 9.0.0-M5
Posted by Andrea Del Bene <an...@gmail.com>.
This vote is cancelled.
+1 for getCspSettings from me too
On 3/12/20 9:53 AM, Maxim Solodovnik wrote:
> +1 for getCspSettings
>
> But I guess it will be M5 ... :)
>
> On Thu, 12 Mar 2020 at 15:42, Emond Papegaaij <em...@gmail.com> wrote:
>> Hi,
>>
>> Agreed, but first, the documentation needs to be updated with the new
>> API. I like most of the changes, except for the new method name for
>> 'getContentSecurityPolicySettings()'. IMHO it's too long and everyone
>> calls it CSP. I'd rather stick with 'getCspSettings()'. The
>> documentation in 'ContentSecurityPolicySettings' is already missing
>> 'Policy'.
>>
>> Best regards,
>> Emond
>>
>> On Thu, Mar 12, 2020 at 8:16 AM Martin Grigorov <mg...@apache.org> wrote:
>>> Hi,
>>>
>>> Sven just made some API breaking changes with
>>> https://gitbox.apache.org/repos/asf?p=wicket.git;h=88e8d36, for good!
>>> If we want the next release to be the final one then I suggest to cancel
>>> this vote and start over with the new change.
>>>
>>> Martin
>>>
>>> On Tue, Mar 10, 2020 at 10:50 PM Andrea Del Bene <an...@gmail.com>
>>> wrote:
>>>
>>>> This is a vote to release Apache Wicket 9.0.0-M5
>>>>
>>>> Please download the source distributions found in our staging area
>>>> linked below.
>>>>
>>>> I have included the signatures for both the source archives. This vote
>>>> lasts for 72 hours minimum.
>>>>
>>>> [ ] Yes, release Apache Wicket 9.0.0-M5
>>>> [ ] No, don't release Apache Wicket 9.0.0-M5, because ...
>>>>
>>>> Distributions, changelog, keys and signatures can be found at:
>>>>
>>>> https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
>>>>
>>>> Staging repository:
>>>>
>>>> https://repository.apache.org/content/repositories/orgapachewicket-1137/
>>>>
>>>> The binaries are available in the above link, as are a staging
>>>> repository for Maven. Typically the vote is on the source, but should
>>>> you find a problem with one of the binaries, please let me know, I can
>>>> re-roll them some way or the other.
>>>>
>>>> Staging git repository data:
>>>>
>>>> Repository: git@github.com:bitstorm/wicket.git
>>>> Branch: build/wicket-9.0.0-M5
>>>> Release tag: rel/wicket-9.0.0-M5
>>>>
>>>>
>>>> ========================================================================
>>>>
>>>> The signatures for the source release artefacts:
>>>>
>>>>
>>>> Signature for apache-wicket-9.0.0-M5.zip:
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>>
>>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
>>>> VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
>>>> hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
>>>> cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
>>>> iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
>>>> /U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
>>>> VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
>>>> UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
>>>> GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
>>>> Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
>>>> ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
>>>> 8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
>>>> =qrHX
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> Signature for apache-wicket-9.0.0-M5.tar.gz:
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>>
>>>> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
>>>> VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
>>>> 7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
>>>> oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
>>>> l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
>>>> N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
>>>> /Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
>>>> 5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
>>>> rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
>>>> trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
>>>> eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
>>>> uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
>>>> =UkVf
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> ========================================================================
>>>>
>>>> CHANGELOG for 9.0.0-M5:
>>>>
>>>> ** Bug
>>>>
>>>> * [WICKET-6745] - CSP: inline JS in server and client time response
>>>> filters
>>>> * [WICKET-6746] - HttpsMapper cannot deal with resources over
>>>> websockets
>>>> * [WICKET-6752] - Some dependencies contain CVEs
>>>> * [WICKET-6753] - res/modal.js using aria-labelledby where it
>>>> should be using aria-label
>>>> * [WICKET-6754] - Iteration stops with nested containers
>>>>
>>>> ** New Feature
>>>>
>>>> * [WICKET-6727] - Configurable CSP
>>>> * [WICKET-6729] - allow adding IHeaderResponseDecorator without
>>>> replacing all others
>>>> * [WICKET-6730] - Global access to secure random data
>>>>
>>>> ** Improvement
>>>>
>>>> * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
>>>> * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
>>>> * [WICKET-6726] - CSP: inline styling and js in Form submitbutton
>>>> handling
>>>> * [WICKET-6731] - CSP: inline JS in SubmitLink
>>>> * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
>>>> * [WICKET-6733] - CSP: enable by default
>>>> * [WICKET-6735] - CSP: inline styling in
>>>> FormComponentFeedbackBorder/Indicator
>>>> * [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
>>>> * [WICKET-6737] - CSP: violations in examples
>>>> * [WICKET-6738] - CSP: inline styling in UploadProgressBar
>>>> * [WICKET-6739] - CSP: inline JS in Palette
>>>> * [WICKET-6740] - CSP: inline JS in Button
>>>> * [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
>>>> * [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
>>>> * [WICKET-6750] - add capability to cancel ongoing AJAX requests
>>>> from client side
>>>>
>>>> ** Task
>>>>
>>>> * [WICKET-6687] - Cleanup the code from attribute inline styles and
>>>> attribute inline scripts
>>>> * [WICKET-6747] - Document CSP in user guide and migration guide
>>>>
>>>>
>
>
Re: [VOTE] Release Apache Wicket 9.0.0-M5
Posted by Maxim Solodovnik <so...@gmail.com>.
+1 for getCspSettings
But I guess it will be M5 ... :)
On Thu, 12 Mar 2020 at 15:42, Emond Papegaaij <em...@gmail.com> wrote:
>
> Hi,
>
> Agreed, but first, the documentation needs to be updated with the new
> API. I like most of the changes, except for the new method name for
> 'getContentSecurityPolicySettings()'. IMHO it's too long and everyone
> calls it CSP. I'd rather stick with 'getCspSettings()'. The
> documentation in 'ContentSecurityPolicySettings' is already missing
> 'Policy'.
>
> Best regards,
> Emond
>
> On Thu, Mar 12, 2020 at 8:16 AM Martin Grigorov <mg...@apache.org> wrote:
> >
> > Hi,
> >
> > Sven just made some API breaking changes with
> > https://gitbox.apache.org/repos/asf?p=wicket.git;h=88e8d36, for good!
> > If we want the next release to be the final one then I suggest to cancel
> > this vote and start over with the new change.
> >
> > Martin
> >
> > On Tue, Mar 10, 2020 at 10:50 PM Andrea Del Bene <an...@gmail.com>
> > wrote:
> >
> > > This is a vote to release Apache Wicket 9.0.0-M5
> > >
> > > Please download the source distributions found in our staging area
> > > linked below.
> > >
> > > I have included the signatures for both the source archives. This vote
> > > lasts for 72 hours minimum.
> > >
> > > [ ] Yes, release Apache Wicket 9.0.0-M5
> > > [ ] No, don't release Apache Wicket 9.0.0-M5, because ...
> > >
> > > Distributions, changelog, keys and signatures can be found at:
> > >
> > > https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
> > >
> > > Staging repository:
> > >
> > > https://repository.apache.org/content/repositories/orgapachewicket-1137/
> > >
> > > The binaries are available in the above link, as are a staging
> > > repository for Maven. Typically the vote is on the source, but should
> > > you find a problem with one of the binaries, please let me know, I can
> > > re-roll them some way or the other.
> > >
> > > Staging git repository data:
> > >
> > > Repository: git@github.com:bitstorm/wicket.git
> > > Branch: build/wicket-9.0.0-M5
> > > Release tag: rel/wicket-9.0.0-M5
> > >
> > >
> > > ========================================================================
> > >
> > > The signatures for the source release artefacts:
> > >
> > >
> > > Signature for apache-wicket-9.0.0-M5.zip:
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > >
> > > iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
> > > VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
> > > hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
> > > cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
> > > iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
> > > /U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
> > > VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
> > > UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
> > > GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
> > > Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
> > > ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
> > > 8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
> > > =qrHX
> > > -----END PGP SIGNATURE-----
> > >
> > > Signature for apache-wicket-9.0.0-M5.tar.gz:
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > >
> > > iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
> > > VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
> > > 7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
> > > oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
> > > l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
> > > N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
> > > /Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
> > > 5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
> > > rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
> > > trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
> > > eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
> > > uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
> > > =UkVf
> > > -----END PGP SIGNATURE-----
> > >
> > > ========================================================================
> > >
> > > CHANGELOG for 9.0.0-M5:
> > >
> > > ** Bug
> > >
> > > * [WICKET-6745] - CSP: inline JS in server and client time response
> > > filters
> > > * [WICKET-6746] - HttpsMapper cannot deal with resources over
> > > websockets
> > > * [WICKET-6752] - Some dependencies contain CVEs
> > > * [WICKET-6753] - res/modal.js using aria-labelledby where it
> > > should be using aria-label
> > > * [WICKET-6754] - Iteration stops with nested containers
> > >
> > > ** New Feature
> > >
> > > * [WICKET-6727] - Configurable CSP
> > > * [WICKET-6729] - allow adding IHeaderResponseDecorator without
> > > replacing all others
> > > * [WICKET-6730] - Global access to secure random data
> > >
> > > ** Improvement
> > >
> > > * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
> > > * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
> > > * [WICKET-6726] - CSP: inline styling and js in Form submitbutton
> > > handling
> > > * [WICKET-6731] - CSP: inline JS in SubmitLink
> > > * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
> > > * [WICKET-6733] - CSP: enable by default
> > > * [WICKET-6735] - CSP: inline styling in
> > > FormComponentFeedbackBorder/Indicator
> > > * [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
> > > * [WICKET-6737] - CSP: violations in examples
> > > * [WICKET-6738] - CSP: inline styling in UploadProgressBar
> > > * [WICKET-6739] - CSP: inline JS in Palette
> > > * [WICKET-6740] - CSP: inline JS in Button
> > > * [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
> > > * [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
> > > * [WICKET-6750] - add capability to cancel ongoing AJAX requests
> > > from client side
> > >
> > > ** Task
> > >
> > > * [WICKET-6687] - Cleanup the code from attribute inline styles and
> > > attribute inline scripts
> > > * [WICKET-6747] - Document CSP in user guide and migration guide
> > >
> > >
--
WBR
Maxim aka solomax
Re: [VOTE] Release Apache Wicket 9.0.0-M5
Posted by Emond Papegaaij <em...@gmail.com>.
Hi,
Agreed, but first, the documentation needs to be updated with the new
API. I like most of the changes, except for the new method name for
'getContentSecurityPolicySettings()'. IMHO it's too long and everyone
calls it CSP. I'd rather stick with 'getCspSettings()'. The
documentation in 'ContentSecurityPolicySettings' is already missing
'Policy'.
Best regards,
Emond
On Thu, Mar 12, 2020 at 8:16 AM Martin Grigorov <mg...@apache.org> wrote:
>
> Hi,
>
> Sven just made some API breaking changes with
> https://gitbox.apache.org/repos/asf?p=wicket.git;h=88e8d36, for good!
> If we want the next release to be the final one then I suggest to cancel
> this vote and start over with the new change.
>
> Martin
>
> On Tue, Mar 10, 2020 at 10:50 PM Andrea Del Bene <an...@gmail.com>
> wrote:
>
> > This is a vote to release Apache Wicket 9.0.0-M5
> >
> > Please download the source distributions found in our staging area
> > linked below.
> >
> > I have included the signatures for both the source archives. This vote
> > lasts for 72 hours minimum.
> >
> > [ ] Yes, release Apache Wicket 9.0.0-M5
> > [ ] No, don't release Apache Wicket 9.0.0-M5, because ...
> >
> > Distributions, changelog, keys and signatures can be found at:
> >
> > https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
> >
> > Staging repository:
> >
> > https://repository.apache.org/content/repositories/orgapachewicket-1137/
> >
> > The binaries are available in the above link, as are a staging
> > repository for Maven. Typically the vote is on the source, but should
> > you find a problem with one of the binaries, please let me know, I can
> > re-roll them some way or the other.
> >
> > Staging git repository data:
> >
> > Repository: git@github.com:bitstorm/wicket.git
> > Branch: build/wicket-9.0.0-M5
> > Release tag: rel/wicket-9.0.0-M5
> >
> >
> > ========================================================================
> >
> > The signatures for the source release artefacts:
> >
> >
> > Signature for apache-wicket-9.0.0-M5.zip:
> >
> > -----BEGIN PGP SIGNATURE-----
> >
> > iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
> > VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
> > hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
> > cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
> > iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
> > /U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
> > VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
> > UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
> > GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
> > Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
> > ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
> > 8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
> > =qrHX
> > -----END PGP SIGNATURE-----
> >
> > Signature for apache-wicket-9.0.0-M5.tar.gz:
> >
> > -----BEGIN PGP SIGNATURE-----
> >
> > iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
> > VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
> > 7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
> > oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
> > l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
> > N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
> > /Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
> > 5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
> > rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
> > trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
> > eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
> > uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
> > =UkVf
> > -----END PGP SIGNATURE-----
> >
> > ========================================================================
> >
> > CHANGELOG for 9.0.0-M5:
> >
> > ** Bug
> >
> > * [WICKET-6745] - CSP: inline JS in server and client time response
> > filters
> > * [WICKET-6746] - HttpsMapper cannot deal with resources over
> > websockets
> > * [WICKET-6752] - Some dependencies contain CVEs
> > * [WICKET-6753] - res/modal.js using aria-labelledby where it
> > should be using aria-label
> > * [WICKET-6754] - Iteration stops with nested containers
> >
> > ** New Feature
> >
> > * [WICKET-6727] - Configurable CSP
> > * [WICKET-6729] - allow adding IHeaderResponseDecorator without
> > replacing all others
> > * [WICKET-6730] - Global access to secure random data
> >
> > ** Improvement
> >
> > * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
> > * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
> > * [WICKET-6726] - CSP: inline styling and js in Form submitbutton
> > handling
> > * [WICKET-6731] - CSP: inline JS in SubmitLink
> > * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
> > * [WICKET-6733] - CSP: enable by default
> > * [WICKET-6735] - CSP: inline styling in
> > FormComponentFeedbackBorder/Indicator
> > * [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
> > * [WICKET-6737] - CSP: violations in examples
> > * [WICKET-6738] - CSP: inline styling in UploadProgressBar
> > * [WICKET-6739] - CSP: inline JS in Palette
> > * [WICKET-6740] - CSP: inline JS in Button
> > * [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
> > * [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
> > * [WICKET-6750] - add capability to cancel ongoing AJAX requests
> > from client side
> >
> > ** Task
> >
> > * [WICKET-6687] - Cleanup the code from attribute inline styles and
> > attribute inline scripts
> > * [WICKET-6747] - Document CSP in user guide and migration guide
> >
> >
Re: [VOTE] Release Apache Wicket 9.0.0-M5
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
Sven just made some API breaking changes with
https://gitbox.apache.org/repos/asf?p=wicket.git;h=88e8d36, for good!
If we want the next release to be the final one then I suggest to cancel
this vote and start over with the new change.
Martin
On Tue, Mar 10, 2020 at 10:50 PM Andrea Del Bene <an...@gmail.com>
wrote:
> This is a vote to release Apache Wicket 9.0.0-M5
>
> Please download the source distributions found in our staging area
> linked below.
>
> I have included the signatures for both the source archives. This vote
> lasts for 72 hours minimum.
>
> [ ] Yes, release Apache Wicket 9.0.0-M5
> [ ] No, don't release Apache Wicket 9.0.0-M5, because ...
>
> Distributions, changelog, keys and signatures can be found at:
>
> https://dist.apache.org/repos/dist/dev/wicket/9.0.0-M5
>
> Staging repository:
>
> https://repository.apache.org/content/repositories/orgapachewicket-1137/
>
> The binaries are available in the above link, as are a staging
> repository for Maven. Typically the vote is on the source, but should
> you find a problem with one of the binaries, please let me know, I can
> re-roll them some way or the other.
>
> Staging git repository data:
>
> Repository: git@github.com:bitstorm/wicket.git
> Branch: build/wicket-9.0.0-M5
> Release tag: rel/wicket-9.0.0-M5
>
>
> ========================================================================
>
> The signatures for the source release artefacts:
>
>
> Signature for apache-wicket-9.0.0-M5.zip:
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CoACgkQh48B+qjT
> VuHd2RAAijpTFLBY5tr9GOjZPk0y//Kog/8IYi9dJjkOtJtFky7UhNzlmFVx7Yz7
> hbc5ecLeeXz3oLZHkECjKda5086aopXzFzsS8jLQM1/yqZ4jD2zd1E7evw+Kxj+v
> cOi6+XxV8m508R7qs8pob9rs5Z/wfDocEOvVBM4SNxFCmFxENUvwImgEq89Vg2pQ
> iMjFK2zUk4L82cc1hEN3+GKfe1LvnlDJIp2ebP+ntlBr8Nrc7MR/jOrJxSRr+wBp
> /U6y9jEVSuR5rrN4KKFvSLDfGOdOvug6JVhzVFJ6lKjqSKPNQ4Ml+ZWe2cEdu/qD
> VYEn4kaioVX539424HugXQK1Z4jvNA0NJVmvWuYOsZYQeRGlccOzAsgXuYUNFllR
> UmCw1mpFLz0OMSfFdv125gj4MxSOsl+H5eY4LJuZWBfk/6BXRBDINJo4kjaq7tq1
> GLfVoHB5dvrDp3R9WsFzGQJA4InrF8w+/m08p1haRiny0Vqch4s/zTG82nrp9bPR
> Iyrt97SAWquXeMwRXqdA68cBvB5UjTkbdI6BtP7pNMGtklaV2R9vbdU18opIJf0K
> ANzjxROr+DkgEcmthLIKlkErKr+UfeAZU84lRMfaD4QlWFB4jmwW+BEBiCMUSia2
> 8IHaOJ8OBMXuBD7dK9dnpm6FoOY8qCYGAwBPzM5l2bzj+50s9a0=
> =qrHX
> -----END PGP SIGNATURE-----
>
> Signature for apache-wicket-9.0.0-M5.tar.gz:
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl5n/CkACgkQh48B+qjT
> VuHvRA//ekwcb/9Lb1q1g33chXIpXAxXQJe/mOdX2rDPQUQIN2Diw8V2a9ZuFdFb
> 7AUKXfMHBk9zOZO7HKWI1FBUp0UW9VC8p4ut+5ssBWjEaF/FKxzh/rG4J7vG9Tul
> oD6KlAE4h7dx/lERbpKZy9Vs/Po65+oIypf3sD+iVFms7I0jxiE/81P8kMSEuD2S
> l4pzXnKmMkuzfSkTJLOak6K6Rho8a+rsvWzr/NjG3yJ23M04Oi589Eft66MEMZFw
> N8VgWRuBBIQkIzIlCmLu1xTbk/j95Qnt5lgCs2E4gCVfH0qlmsTroFVCjDW97WEX
> /Iq7Dk0XUjMP7u9d+JXceLObFVi8/rng803M260h2WbRC0zbSq78RSdDk1fNQWlM
> 5OXvS2Q0dp73+gn1VBc3lt/7TzUeIzq2aQlG3GsOBTH3ZU+G8HCaGmIL7b4Ge27J
> rtxLG6bnBIEXmr96cDXPDqdIuthMCIHB1DcitHPDCyHISXXCC+1ZJXcLACi/dgVF
> trbjJJFpaVYQeNLFLUYZZZzvCUFClAfE47ieSRmWUIjMNn2Ob6EslYHqK7qxlbzE
> eUFSkhpfzU31RGXoaEwTJLe8uweIJ/lWouy8PajsiMGmVHeWjorMn37UTLoZxIKo
> uUHpAZoFp1DHYPqOWPPxrymHctYEMAtSfbmLSV590qaCIYr3fiw=
> =UkVf
> -----END PGP SIGNATURE-----
>
> ========================================================================
>
> CHANGELOG for 9.0.0-M5:
>
> ** Bug
>
> * [WICKET-6745] - CSP: inline JS in server and client time response
> filters
> * [WICKET-6746] - HttpsMapper cannot deal with resources over
> websockets
> * [WICKET-6752] - Some dependencies contain CVEs
> * [WICKET-6753] - res/modal.js using aria-labelledby where it
> should be using aria-label
> * [WICKET-6754] - Iteration stops with nested containers
>
> ** New Feature
>
> * [WICKET-6727] - Configurable CSP
> * [WICKET-6729] - allow adding IHeaderResponseDecorator without
> replacing all others
> * [WICKET-6730] - Global access to secure random data
>
> ** Improvement
>
> * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
> * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
> * [WICKET-6726] - CSP: inline styling and js in Form submitbutton
> handling
> * [WICKET-6731] - CSP: inline JS in SubmitLink
> * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
> * [WICKET-6733] - CSP: enable by default
> * [WICKET-6735] - CSP: inline styling in
> FormComponentFeedbackBorder/Indicator
> * [WICKET-6736] - CSP: Inline styling in BrowserInfoForm
> * [WICKET-6737] - CSP: violations in examples
> * [WICKET-6738] - CSP: inline styling in UploadProgressBar
> * [WICKET-6739] - CSP: inline JS in Palette
> * [WICKET-6740] - CSP: inline JS in Button
> * [WICKET-6741] - CSP: inline JS in FormComponentUpdatingBehavior
> * [WICKET-6749] - CSP: Inline styling in ExceptionErrorPage.html
> * [WICKET-6750] - add capability to cancel ongoing AJAX requests
> from client side
>
> ** Task
>
> * [WICKET-6687] - Cleanup the code from attribute inline styles and
> attribute inline scripts
> * [WICKET-6747] - Document CSP in user guide and migration guide
>
>