You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@turbine.apache.org by gk...@apache.org on 2021/02/03 15:41:31 UTC
svn commit: r1886167 - in /turbine/fulcrum/trunk: ./ hsqldb/src/test/
intake/ jetty/ jetty/src/test/jetty/webapps/test/WEB-INF/
jetty/src/test/org/apache/fulcrum/jetty/ quartz/ security/api/ yaafi/
Author: gk
Date: Wed Feb 3 15:41:31 2021
New Revision: 1886167
URL: http://svn.apache.org/viewvc?rev=1886167&view=rev
Log:
- security updates in quartz and yaafi
- update parent pom.xml
- dependency check doc update README.txt
- jetty deps update for eclipse
Added:
turbine/fulcrum/trunk/security/api/suppression-owasp.xml
Modified:
turbine/fulcrum/trunk/README.txt
turbine/fulcrum/trunk/hsqldb/src/test/test.properties
turbine/fulcrum/trunk/intake/pom.xml
turbine/fulcrum/trunk/jetty/pom.xml
turbine/fulcrum/trunk/jetty/src/test/jetty/webapps/test/WEB-INF/web.xml
turbine/fulcrum/trunk/jetty/src/test/org/apache/fulcrum/jetty/JettyServiceTest.java
turbine/fulcrum/trunk/pom.xml
turbine/fulcrum/trunk/quartz/pom.xml
turbine/fulcrum/trunk/yaafi/pom.xml
Modified: turbine/fulcrum/trunk/README.txt
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/README.txt?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/README.txt (original)
+++ turbine/fulcrum/trunk/README.txt Wed Feb 3 15:41:31 2021
@@ -63,12 +63,19 @@ Steps
// Verify gpg.homedir, gpg.useagent, gpg.passphrase. Check, if -Dgpg.useagent=false is needed, see below comment to pinentry.
// You may need to add additional profiles, e.g. -Papache-release,java8
mvn clean site install -Papache-release -Dgpg.passphrase=<xx>
+
// multi module
- mvn release:prepare -DdryRun=true -DautoVersionSubmodules=true -Papache-release
+ // security check after mvn clean install
+ mvn org.owasp:dependency-check-maven:aggregate -Ddependency.check.skip=false -DskipTests=true
+ mvn release:prepare -DdryRun=true -DautoVersionSubmodules=true -Papache-release
+
// single
- mvn release:prepare -DdryRun=true -Papache-release
+
// if dependency check is skipped by default
- mvn release:prepare -DdryRun=true -Papache-release -Ddependency.check.skip=false
+ // security check after mvn clean install
+ mvn org.owasp:dependency-check-maven:check -Ddependency.check.skip=false
+
+ mvn release:prepare -DdryRun=true -Papache-release
//
mvn release:clean
Modified: turbine/fulcrum/trunk/hsqldb/src/test/test.properties
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/hsqldb/src/test/test.properties?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/hsqldb/src/test/test.properties (original)
+++ turbine/fulcrum/trunk/hsqldb/src/test/test.properties Wed Feb 3 15:41:31 2021
@@ -1,5 +1,5 @@
#HSQL Database Engine 2.5.0
-#Tue Nov 12 12:04:29 CET 2019
+#Thu Jun 25 13:50:21 CEST 2020
version=2.5.0
modified=no
tx_timestamp=0
Modified: turbine/fulcrum/trunk/intake/pom.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/intake/pom.xml?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/intake/pom.xml (original)
+++ turbine/fulcrum/trunk/intake/pom.xml Wed Feb 3 15:41:31 2021
@@ -19,7 +19,7 @@
<parent>
<groupId>org.apache.turbine</groupId>
<artifactId>turbine-parent</artifactId>
- <version>6</version>
+ <version>7</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -115,7 +115,7 @@
<dependency>
<groupId>org.apache.fulcrum</groupId>
<artifactId>fulcrum-testcontainer</artifactId>
- <version>1.0.8</version>
+ <version>1.0.9</version>
<scope>test</scope>
</dependency>
<dependency>
Modified: turbine/fulcrum/trunk/jetty/pom.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/jetty/pom.xml?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/jetty/pom.xml (original)
+++ turbine/fulcrum/trunk/jetty/pom.xml Wed Feb 3 15:41:31 2021
@@ -89,6 +89,20 @@
<version>${jetty.version}</version>
<scope>optional</scope>
</dependency>
+ <!-- Eclipse Jetty dependencies
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <version>${jetty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-jsp</artifactId>
+ <version>9.2.30.v20200428</version>
+ <scope>optional</scope>
+ </dependency>
+ <jetty.version>9.4.29.v20200521</jetty.version>
+ -->
<!-- testing dependencies -->
<dependency>
<groupId>org.apache.fulcrum</groupId>
Modified: turbine/fulcrum/trunk/jetty/src/test/jetty/webapps/test/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/jetty/src/test/jetty/webapps/test/WEB-INF/web.xml?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/jetty/src/test/jetty/webapps/test/WEB-INF/web.xml (original)
+++ turbine/fulcrum/trunk/jetty/src/test/jetty/webapps/test/WEB-INF/web.xml Wed Feb 3 15:41:31 2021
@@ -41,7 +41,7 @@
<url-pattern>/dump/*</url-pattern>
</filter-mapping>
- <filter>
+ <!--filter>
<filter-name>GzipFilter</filter-name>
<filter-class>org.mortbay.servlet.jetty.IncludableGzipFilter</filter-class>
<init-param>
@@ -79,7 +79,7 @@
<filter-mapping>
<filter-name>Throttle</filter-name>
<url-pattern>/dump/throttle/*</url-pattern>
- </filter-mapping>
+ </filter-mapping-->
<!-- Comment out to support PUT and DELETE
<filter>
Modified: turbine/fulcrum/trunk/jetty/src/test/org/apache/fulcrum/jetty/JettyServiceTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/jetty/src/test/org/apache/fulcrum/jetty/JettyServiceTest.java?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/jetty/src/test/org/apache/fulcrum/jetty/JettyServiceTest.java (original)
+++ turbine/fulcrum/trunk/jetty/src/test/org/apache/fulcrum/jetty/JettyServiceTest.java Wed Feb 3 15:41:31 2021
@@ -191,7 +191,7 @@ public class JettyServiceTest extends Ba
}
/**
- * Quick-and-dirty implementation to downlaod te content from an URL.
+ * Quick-and-dirty implementation to download te content from an URL.
*
* @param urlString the URL to be invoked
* @return the content loaded from the URL
Modified: turbine/fulcrum/trunk/pom.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/pom.xml?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/pom.xml (original)
+++ turbine/fulcrum/trunk/pom.xml Wed Feb 3 15:41:31 2021
@@ -22,7 +22,7 @@
<parent>
<artifactId>turbine-parent</artifactId>
<groupId>org.apache.turbine</groupId>
- <version>7</version>
+ <version>8-SNAPSHOT</version>
</parent>
<artifactId>fulcrum</artifactId>
<packaging>pom</packaging>
@@ -71,28 +71,29 @@
</modules>
<build>
- <plugins>
- <!-- run optionally
- mvn org.owasp:dependency-check-maven:aggregate
- do not use it as reporting plugin, as it exposes file paths to artifacts
- check each possible vulnerability carefully, find more info about how to read, false positives et al. here: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html
- -->
- <plugin>
- <groupId>org.owasp</groupId>
- <artifactId>dependency-check-maven</artifactId>
- <version>5.2.2</version>
- <executions>
- <execution>
- <goals>
- <goal>aggregate</goal>
- </goals>
- </execution>
- </executions>
- <!--configuration>
- <suppressionFiles>true</suppressionFiles>
- </configuration-->
- </plugin>
- </plugins>
+ <pluginManagement>
+ <plugins>
+ <!-- run optionally
+ mvn org.owasp:dependency-check-maven:aggregate
+ do not use it as reporting plugin, as it exposes file paths to artifacts
+ check each possible vulnerability carefully, find more info about how to read, false positives et al. here: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html
+ -->
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ <!--configuration>
+ <suppressionFiles>true</suppressionFiles>
+ </configuration-->
+ </plugin>
+ </plugins>
+ </pluginManagement>
</build>
</project>
Modified: turbine/fulcrum/trunk/quartz/pom.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/quartz/pom.xml?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/quartz/pom.xml (original)
+++ turbine/fulcrum/trunk/quartz/pom.xml Wed Feb 3 15:41:31 2021
@@ -96,7 +96,7 @@
<dependency>
<groupId>org.quartz-scheduler</groupId>
<artifactId>quartz-jobs</artifactId>
- <version>2.3.0</version>
+ <version>2.3.2</version>
</dependency>
<dependency>
<groupId>javax.transaction</groupId>
Added: turbine/fulcrum/trunk/security/api/suppression-owasp.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/suppression-owasp.xml?rev=1886167&view=auto
==============================================================================
--- turbine/fulcrum/trunk/security/api/suppression-owasp.xml (added)
+++ turbine/fulcrum/trunk/security/api/suppression-owasp.xml Wed Feb 3 15:41:31 2021
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
\ No newline at end of file
Modified: turbine/fulcrum/trunk/yaafi/pom.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi/pom.xml?rev=1886167&r1=1886166&r2=1886167&view=diff
==============================================================================
--- turbine/fulcrum/trunk/yaafi/pom.xml (original)
+++ turbine/fulcrum/trunk/yaafi/pom.xml Wed Feb 3 15:41:31 2021
@@ -119,7 +119,8 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.12</version>
+ <version>4.13.1</version>
+ <scope>test</scope>
</dependency>
</dependencies>