You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by COURTAULT Francois <fr...@thalesgroup.com> on 2019/11/13 11:58:06 UTC
JIRA about CVEs
Hello,
Could you take this JIRA entry (https://issues.apache.org/jira/browse/TOMEE-2737) into account please ?
Best Regard.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Re: JIRA about CVEs
Posted by Richard Monson-Haefel <mo...@gmail.com>.
Thanks, Richard!!
On Mon, Nov 18, 2019 at 3:44 AM Zowalla, Richard <
richard.zowalla@hs-heilbronn.de> wrote:
> Did not find anything with the owasp plugin profile. Should be fine (for
> now).
>
>
> Am Mittwoch, den 13.11.2019, 08:25 -0600 schrieb Richard Monson-Haefel:
>
> Excellent! Thanks, Richard!
>
> On Wed, Nov 13, 2019 at 8:18 AM Zowalla, Richard <
> richard.zowalla@hs-heilbronn.de> wrote:
>
> Ok, John did comment in the JIRA, that the upgrades are already conducted
> in previous commits.
> I will run an OWASP scan on the code. If this reveals some more vulnerable
> dependencies, I will report in the JIRA and provide a PR, if possible.
>
> Best,
> Richard Z.
>
> Am Mittwoch, den 13.11.2019, 14:08 +0000 schrieb Zowalla, Richard:
>
> Alright, I will proceed :)
>
> Best,
> Richard
>
> Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-Haefel:
>
> If you don't mind, Richard, can you do the upgrades and create a PR? We
> can let it run overnight and see how it goes.
>
> I'm not sure as to what the best policy is for announcing the CVE so that
> people know to upgrade. I think we should figure that out after the ci has
> run. As an alternative you can run the full test suite on your own machine
> (takes about an hour or something like that) and see if you pick up any
> errors. I did this yesterday with a different PR but I don't have the
> extra cycles to do it again today.
>
> On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard <
> richard.zowalla@hs-heilbronn.de> wrote:
>
> Sounds reasonable to me. If I can assist in upgrading, let me know.
>
> However, we should publish the link to the ASF CI somewhere, so we can
> better monitor the current build status.
>
> Best,
> Richard Z
>
> Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel:
>
> Is this a matter of upgrading and testing or is there more to it than
>
> that? If that's it we can create a PR with the updates and let the asf ci
>
> run the tests and look for problems.
>
>
>
> On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
>
> francois.courtault@thalesgroup.com> wrote:
>
>
> Hello,
>
>
> Could you take this JIRA entry (
>
> https://issues.apache.org/jira/browse/TOMEE-2737) into account please ?
>
>
> Best Regard.
>
>
>
>
> ________________________________
>
> This message and any attachments are intended solely for the addressees
>
> and may contain confidential information. Any unauthorized use or
>
> disclosure, either whole or partial, is prohibited.
>
> E-mails are susceptible to alteration. Our company shall not be liable for
>
> the message if altered, changed or falsified. If you are not the intended
>
> recipient of this message, please delete it and notify the sender.
>
> Although all reasonable efforts have been made to keep this transmission
>
> free from viruses, the sender will not be liable for damages caused by a
>
> transmitted virus.
>
>
>
>
>
> --
>
>
>
>
> --
>
>
>
>
> --
>
>
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
Re: JIRA about CVEs
Posted by "Zowalla, Richard" <ri...@hs-heilbronn.de>.
Did not find anything with the owasp plugin profile. Should be fine
(for now).
Am Mittwoch, den 13.11.2019, 08:25 -0600 schrieb Richard Monson-Haefel:
> Excellent! Thanks, Richard!
>
> On Wed, Nov 13, 2019 at 8:18 AM Zowalla, Richard <
> richard.zowalla@hs-heilbronn.de> wrote:
> > Ok, John did comment in the JIRA, that the upgrades are already
> > conducted in previous commits.
> > I will run an OWASP scan on the code. If this reveals some more
> > vulnerable dependencies, I will report in the JIRA and provide a
> > PR, if possible.
> >
> > Best,
> > Richard Z.
> >
> > Am Mittwoch, den 13.11.2019, 14:08 +0000 schrieb Zowalla, Richard:
> > > Alright, I will proceed :)
> > > Best,Richard
> > > Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-
> > > Haefel:
> > > > If you don't mind, Richard, can you do the upgrades and create
> > > > a PR? We can let it run overnight and see how it goes.
> > > > I'm not sure as to what the best policy is for announcing the
> > > > CVE so that people know to upgrade. I think we should figure
> > > > that out after the ci has run. As an alternative you can run
> > > > the full test suite on your own machine (takes about an hour or
> > > > something like that) and see if you pick up any errors. I did
> > > > this yesterday with a different PR but I don't have the extra
> > > > cycles to do it again today.
> > > >
> > > > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard <
> > > > richard.zowalla@hs-heilbronn.de> wrote:
> > > > > Sounds reasonable to me. If I can assist in upgrading, let me
> > > > > know.
> > > > >
> > > > > However, we should publish the link to the ASF CI somewhere,
> > > > > so we can better monitor the current build status.
> > > > >
> > > > > Best,
> > > > > Richard Z
> > > > >
> > > > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard
> > > > > Monson-Haefel:
> > > > > > Is this a matter of upgrading and testing or is there more
> > > > > > to it thanthat? If that's it we can create a PR with the
> > > > > > updates and let the asf cirun the tests and look for
> > > > > > problems.
> > > > > >
> > > > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
> > > > > > francois.courtault@thalesgroup.com> wrote:
> > > > > > Hello,
> > > > > > Could you take this JIRA entry (
> > > > > > https://issues.apache.org/jira/browse/TOMEE-2737) into
> > > > > > account please ?
> > > > > > Best Regard.
> > > > > >
> > > > > >
> > > > > > ________________________________This message and any
> > > > > > attachments are intended solely for the addresseesand may
> > > > > > contain confidential information. Any unauthorized use
> > > > > > ordisclosure, either whole or partial, is prohibited.E-
> > > > > > mails are susceptible to alteration. Our company shall not
> > > > > > be liable forthe message if altered, changed or falsified.
> > > > > > If you are not the intendedrecipient of this message,
> > > > > > please delete it and notify the sender.Although all
> > > > > > reasonable efforts have been made to keep this
> > > > > > transmissionfree from viruses, the sender will not be
> > > > > > liable for damages caused by atransmitted virus.
> > > > > >
> > > > > >
> > > > > >
> > > > > --
> > > > >
> > > > >
> > > >
> > > >
> > --
> >
> >
>
>
--
Re: JIRA about CVEs
Posted by Richard Monson-Haefel <mo...@gmail.com>.
Excellent! Thanks, Richard!
On Wed, Nov 13, 2019 at 8:18 AM Zowalla, Richard <
richard.zowalla@hs-heilbronn.de> wrote:
> Ok, John did comment in the JIRA, that the upgrades are already conducted
> in previous commits.
> I will run an OWASP scan on the code. If this reveals some more vulnerable
> dependencies, I will report in the JIRA and provide a PR, if possible.
>
> Best,
> Richard Z.
>
> Am Mittwoch, den 13.11.2019, 14:08 +0000 schrieb Zowalla, Richard:
>
> Alright, I will proceed :)
>
> Best,
> Richard
>
> Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-Haefel:
>
> If you don't mind, Richard, can you do the upgrades and create a PR? We
> can let it run overnight and see how it goes.
>
> I'm not sure as to what the best policy is for announcing the CVE so that
> people know to upgrade. I think we should figure that out after the ci has
> run. As an alternative you can run the full test suite on your own machine
> (takes about an hour or something like that) and see if you pick up any
> errors. I did this yesterday with a different PR but I don't have the
> extra cycles to do it again today.
>
> On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard <
> richard.zowalla@hs-heilbronn.de> wrote:
>
> Sounds reasonable to me. If I can assist in upgrading, let me know.
>
> However, we should publish the link to the ASF CI somewhere, so we can
> better monitor the current build status.
>
> Best,
> Richard Z
>
> Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel:
>
> Is this a matter of upgrading and testing or is there more to it than
>
> that? If that's it we can create a PR with the updates and let the asf ci
>
> run the tests and look for problems.
>
>
>
> On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
>
> francois.courtault@thalesgroup.com> wrote:
>
>
> Hello,
>
>
> Could you take this JIRA entry (
>
> https://issues.apache.org/jira/browse/TOMEE-2737) into account please ?
>
>
> Best Regard.
>
>
>
>
> ________________________________
>
> This message and any attachments are intended solely for the addressees
>
> and may contain confidential information. Any unauthorized use or
>
> disclosure, either whole or partial, is prohibited.
>
> E-mails are susceptible to alteration. Our company shall not be liable for
>
> the message if altered, changed or falsified. If you are not the intended
>
> recipient of this message, please delete it and notify the sender.
>
> Although all reasonable efforts have been made to keep this transmission
>
> free from viruses, the sender will not be liable for damages caused by a
>
> transmitted virus.
>
>
>
>
>
> --
>
> Richard Zowalla, M.Sc.
> Research Associate, PhD Student | Medical Informatics
>
>
>
> Hochschule Heilbronn – University of Applied Sciences
> Max-Planck-Str. 39
> D-74081 Heilbronn
> phone: +49 7131 504 6791
> mail: richard.zowalla@hs-heilbronn.de
> web: http://www.mi.hs-heilbronn.de/
>
>
>
> --
>
> Richard Zowalla, M.Sc.
> Research Associate, PhD Student | Medical Informatics
>
>
>
> Hochschule Heilbronn – University of Applied Sciences
> Max-Planck-Str. 39
> D-74081 Heilbronn
> phone: +49 7131 504 6791
> mail: richard.zowalla@hs-heilbronn.de
> web: http://www.mi.hs-heilbronn.de/
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
Re: JIRA about CVEs
Posted by "Zowalla, Richard" <ri...@hs-heilbronn.de>.
Ok, John did comment in the JIRA, that the upgrades are already
conducted in previous commits.I will run an OWASP scan on the code. If
this reveals some more vulnerable dependencies, I will report in the
JIRA and provide a PR, if possible.
Best,Richard Z.
Am Mittwoch, den 13.11.2019, 14:08 +0000 schrieb Zowalla, Richard:
> Alright, I will proceed :)
> Best,Richard
> Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-
> Haefel:
> > If you don't mind, Richard, can you do the upgrades and create a
> > PR? We can let it run overnight and see how it goes.
> > I'm not sure as to what the best policy is for announcing the CVE
> > so that people know to upgrade. I think we should figure that out
> > after the ci has run. As an alternative you can run the full test
> > suite on your own machine (takes about an hour or something like
> > that) and see if you pick up any errors. I did this yesterday with
> > a different PR but I don't have the extra cycles to do it again
> > today.
> >
> > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard <
> > richard.zowalla@hs-heilbronn.de> wrote:
> > > Sounds reasonable to me. If I can assist in upgrading, let me
> > > know.
> > >
> > > However, we should publish the link to the ASF CI somewhere, so
> > > we can better monitor the current build status.
> > >
> > > Best,
> > > Richard Z
> > >
> > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-
> > > Haefel:
> > > > Is this a matter of upgrading and testing or is there more to
> > > > it thanthat? If that's it we can create a PR with the updates
> > > > and let the asf cirun the tests and look for problems.
> > > >
> > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
> > > > francois.courtault@thalesgroup.com> wrote:
> > > > Hello,
> > > > Could you take this JIRA entry (
> > > > https://issues.apache.org/jira/browse/TOMEE-2737) into account
> > > > please ?
> > > > Best Regard.
> > > >
> > > >
> > > > ________________________________This message and any
> > > > attachments are intended solely for the addresseesand may
> > > > contain confidential information. Any unauthorized use
> > > > ordisclosure, either whole or partial, is prohibited.E-mails
> > > > are susceptible to alteration. Our company shall not be liable
> > > > forthe message if altered, changed or falsified. If you are not
> > > > the intendedrecipient of this message, please delete it and
> > > > notify the sender.Although all reasonable efforts have been
> > > > made to keep this transmissionfree from viruses, the sender
> > > > will not be liable for damages caused by atransmitted virus.
> > > >
> > > >
> > > >
> > > --
> > > Richard Zowalla, M.Sc.Research Associate, PhD Student | Medical
> > > Informatics
> > >
> > >
> > > Hochschule Heilbronn – University of Applied SciencesMax-Planck-
> > > Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791mail:
> > > richard.zowalla@hs-heilbronn.deweb:
> > > http://www.mi.hs-heilbronn.de/
> >
> >
--
Richard Zowalla, M.Sc.Research Associate, PhD Student | Medical Informatics
Hochschule Heilbronn – University of Applied SciencesMax-Planck-Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791mail: richard.zowalla@hs-heilbronn.deweb: http://www.mi.hs-heilbronn.de/
Re: JIRA about CVEs
Posted by Jonathan Gallimore <jo...@gmail.com>.
Please note my comment on the JIRA:
These have already been done:
Update to Jackson Databind 2.10.0:
https://github.com/apache/tomee/commit/5e38138463f65146c4087da8085c8dcd93079ef1
TOMEE-2725 update beanutils to 1.9.4:
https://github.com/apache/tomee/commit/0e433e9e565dac45c2c04368f8da6f1e827db295
TOMEE-2726 update Xmlsec to 2.1.4:
https://github.com/apache/tomee/commit/e3b05ddf8e4e06286f45a936474fee4eee6dcc99
Shout if you think there are other dependency updates needed.
Jon
On Wed, Nov 13, 2019 at 2:09 PM Zowalla, Richard <
richard.zowalla@hs-heilbronn.de> wrote:
> Alright, I will proceed :)
>
> Best,
> Richard
>
> Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-Haefel:
>
> If you don't mind, Richard, can you do the upgrades and create a PR? We
> can let it run overnight and see how it goes.
>
> I'm not sure as to what the best policy is for announcing the CVE so that
> people know to upgrade. I think we should figure that out after the ci has
> run. As an alternative you can run the full test suite on your own machine
> (takes about an hour or something like that) and see if you pick up any
> errors. I did this yesterday with a different PR but I don't have the
> extra cycles to do it again today.
>
> On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard <
> richard.zowalla@hs-heilbronn.de> wrote:
>
> Sounds reasonable to me. If I can assist in upgrading, let me know.
>
> However, we should publish the link to the ASF CI somewhere, so we can
> better monitor the current build status.
>
> Best,
> Richard Z
>
> Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel:
>
> Is this a matter of upgrading and testing or is there more to it than
>
> that? If that's it we can create a PR with the updates and let the asf ci
>
> run the tests and look for problems.
>
>
>
> On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
>
> francois.courtault@thalesgroup.com> wrote:
>
>
> Hello,
>
>
> Could you take this JIRA entry (
>
> https://issues.apache.org/jira/browse/TOMEE-2737) into account please ?
>
>
> Best Regard.
>
>
>
>
> ________________________________
>
> This message and any attachments are intended solely for the addressees
>
> and may contain confidential information. Any unauthorized use or
>
> disclosure, either whole or partial, is prohibited.
>
> E-mails are susceptible to alteration. Our company shall not be liable for
>
> the message if altered, changed or falsified. If you are not the intended
>
> recipient of this message, please delete it and notify the sender.
>
> Although all reasonable efforts have been made to keep this transmission
>
> free from viruses, the sender will not be liable for damages caused by a
>
> transmitted virus.
>
>
>
>
>
> --
>
> Richard Zowalla, M.Sc.
> Research Associate, PhD Student | Medical Informatics
>
>
>
> Hochschule Heilbronn – University of Applied Sciences
> Max-Planck-Str. 39
> D-74081 Heilbronn
> phone: +49 7131 504 6791
> mail: richard.zowalla@hs-heilbronn.de
> web: http://www.mi.hs-heilbronn.de/
>
>
>
> --
> Richard Monson-Haefel
> https://twitter.com/rmonson
> https://www.linkedin.com/in/monsonhaefel/
>
> --
>
> Richard Zowalla, M.Sc.
> Research Associate, PhD Student | Medical Informatics
>
>
>
> Hochschule Heilbronn – University of Applied Sciences
> Max-Planck-Str. 39
> D-74081 Heilbronn
> phone: +49 7131 504 6791
> mail: richard.zowalla@hs-heilbronn.de
> web: http://www.mi.hs-heilbronn.de/
>
Re: JIRA about CVEs
Posted by "Zowalla, Richard" <ri...@hs-heilbronn.de>.
Alright, I will proceed :)
Best,
Richard
Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-Haefel:
> If you don't mind, Richard, can you do the upgrades and create a PR?
> We can let it run overnight and see how it goes.
> I'm not sure as to what the best policy is for announcing the CVE so
> that people know to upgrade. I think we should figure that out after
> the ci has run. As an alternative you can run the full test suite on
> your own machine (takes about an hour or something like that) and see
> if you pick up any errors. I did this yesterday with a different PR
> but I don't have the extra cycles to do it again today.
> On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard <
> richard.zowalla@hs-heilbronn.de> wrote:
> > Sounds reasonable to me. If I can assist in upgrading, let me know.
> >
> > However, we should publish the link to the ASF CI somewhere, so we
> > can better monitor the current build status.
> >
> > Best,
> > Richard Z
> >
> > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-
> > Haefel:
> > > Is this a matter of upgrading and testing or is there more to it
> > > thanthat? If that's it we can create a PR with the updates and
> > > let the asf cirun the tests and look for problems.
> > >
> > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
> > > francois.courtault@thalesgroup.com> wrote:
> > > Hello,
> > > Could you take this JIRA entry (
> > > https://issues.apache.org/jira/browse/TOMEE-2737) into account
> > > please ?
> > > Best Regard.
> > >
> > >
> > > ________________________________This message and any attachments
> > > are intended solely for the addresseesand may contain
> > > confidential information. Any unauthorized use ordisclosure,
> > > either whole or partial, is prohibited.E-mails are susceptible to
> > > alteration. Our company shall not be liable forthe message if
> > > altered, changed or falsified. If you are not the
> > > intendedrecipient of this message, please delete it and notify
> > > the sender.Although all reasonable efforts have been made to keep
> > > this transmissionfree from viruses, the sender will not be liable
> > > for damages caused by atransmitted virus.
> > >
> > >
> > >
> > --
> > Richard Zowalla, M.Sc.Research Associate, PhD Student | Medical
> > Informatics
> >
> >
> > Hochschule Heilbronn – University of Applied SciencesMax-Planck-
> > Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791mail:
> > richard.zowalla@hs-heilbronn.deweb: http://www.mi.hs-heilbronn.de/
>
> --
> Richard Monson-Haefelhttps://twitter.com/rmonson
> https://www.linkedin.com/in/monsonhaefel/
>
>
--
Richard Zowalla, M.Sc.Research Associate, PhD Student | Medical Informatics
Hochschule Heilbronn – University of Applied SciencesMax-Planck-Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791mail: richard.zowalla@hs-heilbronn.deweb: http://www.mi.hs-heilbronn.de/
Re: JIRA about CVEs
Posted by Richard Monson-Haefel <mo...@gmail.com>.
If you don't mind, Richard, can you do the upgrades and create a PR? We can
let it run overnight and see how it goes.
I'm not sure as to what the best policy is for announcing the CVE so that
people know to upgrade. I think we should figure that out after the ci has
run. As an alternative you can run the full test suite on your own machine
(takes about an hour or something like that) and see if you pick up any
errors. I did this yesterday with a different PR but I don't have the
extra cycles to do it again today.
On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard <
richard.zowalla@hs-heilbronn.de> wrote:
> Sounds reasonable to me. If I can assist in upgrading, let me know.
>
> However, we should publish the link to the ASF CI somewhere, so we can
> better monitor the current build status.
>
> Best,
> Richard Z
>
> Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel:
>
> Is this a matter of upgrading and testing or is there more to it than
>
> that? If that's it we can create a PR with the updates and let the asf ci
>
> run the tests and look for problems.
>
>
>
> On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
>
> francois.courtault@thalesgroup.com> wrote:
>
>
> Hello,
>
>
> Could you take this JIRA entry (
>
> https://issues.apache.org/jira/browse/TOMEE-2737) into account please ?
>
>
> Best Regard.
>
>
>
>
> ________________________________
>
> This message and any attachments are intended solely for the addressees
>
> and may contain confidential information. Any unauthorized use or
>
> disclosure, either whole or partial, is prohibited.
>
> E-mails are susceptible to alteration. Our company shall not be liable for
>
> the message if altered, changed or falsified. If you are not the intended
>
> recipient of this message, please delete it and notify the sender.
>
> Although all reasonable efforts have been made to keep this transmission
>
> free from viruses, the sender will not be liable for damages caused by a
>
> transmitted virus.
>
>
>
>
>
> --
>
> Richard Zowalla, M.Sc.
> Research Associate, PhD Student | Medical Informatics
>
>
>
> Hochschule Heilbronn – University of Applied Sciences
> Max-Planck-Str. 39
> D-74081 Heilbronn
> phone: +49 7131 504 6791
> mail: richard.zowalla@hs-heilbronn.de
> web: http://www.mi.hs-heilbronn.de/
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
Re: JIRA about CVEs
Posted by "Zowalla, Richard" <ri...@hs-heilbronn.de>.
Sounds reasonable to me. If I can assist in upgrading, let me know.
However, we should publish the link to the ASF CI somewhere, so we can
better monitor the current build status.
Best,Richard Z
Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel:
> Is this a matter of upgrading and testing or is there more to it
> thanthat? If that's it we can create a PR with the updates and let
> the asf cirun the tests and look for problems.
>
> On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
> francois.courtault@thalesgroup.com> wrote:
> Hello,
> Could you take this JIRA entry (
> https://issues.apache.org/jira/browse/TOMEE-2737) into account please
> ?
> Best Regard.
>
>
> ________________________________This message and any attachments are
> intended solely for the addresseesand may contain confidential
> information. Any unauthorized use ordisclosure, either whole or
> partial, is prohibited.E-mails are susceptible to alteration. Our
> company shall not be liable forthe message if altered, changed or
> falsified. If you are not the intendedrecipient of this message,
> please delete it and notify the sender.Although all reasonable
> efforts have been made to keep this transmissionfree from viruses,
> the sender will not be liable for damages caused by atransmitted
> virus.
>
>
>
--
Richard Zowalla, M.Sc.Research Associate, PhD Student | Medical Informatics
Hochschule Heilbronn – University of Applied SciencesMax-Planck-Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791mail: richard.zowalla@hs-heilbronn.deweb: http://www.mi.hs-heilbronn.de/
Re: JIRA about CVEs
Posted by Richard Monson-Haefel <mo...@gmail.com>.
Is this a matter of upgrading and testing or is there more to it than
that? If that's it we can create a PR with the updates and let the asf ci
run the tests and look for problems.
On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
francois.courtault@thalesgroup.com> wrote:
> Hello,
>
> Could you take this JIRA entry (
> https://issues.apache.org/jira/browse/TOMEE-2737) into account please ?
>
> Best Regard.
>
>
>
> ________________________________
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/
Re: JIRA about CVEs
Posted by Richard Monson-Haefel <mo...@gmail.com>.
Is this a matter of upgrading and testing or is there more to it than
that? If that's it we can create a PR with the updates and let the asf ci
run the tests and look for problems.
On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois <
francois.courtault@thalesgroup.com> wrote:
> Hello,
>
> Could you take this JIRA entry (
> https://issues.apache.org/jira/browse/TOMEE-2737) into account please ?
>
> Best Regard.
>
>
>
> ________________________________
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>
--
Richard Monson-Haefel
https://twitter.com/rmonson
https://www.linkedin.com/in/monsonhaefel/