You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@roller.apache.org by Glen Mazza <gl...@gmail.com> on 2014/06/10 02:56:23 UTC

[WITHDRAWN][BOO HISS]Re: [VOTE] Release Roller 5.0.4

OK, I'll get the validation files fixed, re-release and hold another 
vote.  Unless it's an immediate, clear fix I'll skip the deprecated 
warnings you mention at the bottom, it's a given that 5.0.4 has old 
libraries but the solution is to get 5.1 out rather than spend time 
trying to make 5.0.4 the same as 5.1.

BTW, between the ## signs below you mention struts.xml -- I'm unsure 
what you're trying to say there--do I need to update the struts.xml as well?

Thanks,
Glen

On 6/9/2014 10:23 AM, Greg Huber wrote:
> Glen,
>
> The validator does not work,
>
> ERROR 2014-06-09 13:55:47,277 CommonsLogger:error - Caught exception while
> loading file
> org/apache/roller/weblogger/ui/struts2/editor/EntryAdd-validation.xml
> http://www.opensymphony.com/xwork/xwork-validator-1.0.2.dtd - Class:
> sun.net.www.protocol.http.HttpURLConnection
>
> the dtd on the struts validation.xml files needs to be changed to match the
> one on the version of struts uses ie
>
> <!DOCTYPE validators PUBLIC
>          "-//Apache Struts//XWork Validator 1.0.3//EN"
>          "http://struts.apache.org/dtds/xwork-validator-1.0.3.dtd">
>
> ##
>
> struts.xml :
>
> <interceptor-ref name="params">
>                    <param name="excludeParams">dojo\..*</param>
>                  </interceptor-ref>
>
> <interceptor-ref name="params">
>                      <param
> name="excludeParams">^action:.*,^method:.*</param>
>                  </interceptor-ref>
>
> ####
>
> There are some other warnings also, but not that important,
>
>>>> ActionContextCleanUp <<< is deprecated! Please use the new filters!
>>>> FilterDispatcher <<< is deprecated! Please use the new filters!
>
>
> On 9 June 2014 11:37, Glen Mazza <gl...@gmail.com> wrote:
>
>> OK, apparently voting is done on DEV and not the private list (not that
>> the latter emailing system appeared to be accepting my emails anyway...)
>>   Vote is below and I'm resetting the 72 hour clock to zero.
>>
>> Thanks,
>> Glen
>>
>>
>> -------- Original Message --------
>>
>> On 6/7/2014 11:44 PM, Glen Mazza wrote:
>>
>>> Hi Team,
>>>
>>> This is a vote to release Roller 5.0.4, it upgrades its Struts library
>>> to 2.3.16.3 to fix some important issues with it; also, some of the
>>> LDAP configuration was fixed based on comments from a user.
>>>
>>> Binaries are here:  http://people.apache.org/~gmazza/roller/
>>>
>>> I tested the Tomcat version, it looks good.
>>>
>>> Here's my +1.  Voting will be for 72 hours.
>>>
>>> Regards,
>>> Glen
>>>
>>>

Re: [WITHDRAWN][BOO HISS]Re: [VOTE] Release Roller 5.0.4

Posted by Glen Mazza <gl...@gmail.com>.

Thanks very much for all this info, I'll try to get to it soon, no later 
than this weekend.

Glen

On 6/10/2014 3:12 AM, Greg Huber wrote:
> struts.xml :
>
> from:
> <interceptor-ref name="params">
>    <param name="excludeParams">dojo\..*</param>
> </interceptor-ref>
>
> to:
> <interceptor-ref name="params">
>    <param name="excludeParams">^action:.*,^method:.*</param>
> </interceptor-ref>
>
> As we have our own default struts xml, its best to copy the settings from
> the default xml supplied with the latest version of struts.  The parameter
> interceptor was the reason for the security upgrade.
>
>
> On 10 June 2014 01:56, Glen Mazza <gl...@gmail.com> wrote:
>
>> OK, I'll get the validation files fixed, re-release and hold another vote.
>>   Unless it's an immediate, clear fix I'll skip the deprecated warnings you
>> mention at the bottom, it's a given that 5.0.4 has old libraries but the
>> solution is to get 5.1 out rather than spend time trying to make 5.0.4 the
>> same as 5.1.
>>
>> BTW, between the ## signs below you mention struts.xml -- I'm unsure what
>> you're trying to say there--do I need to update the struts.xml as well?
>>
>> Thanks,
>> Glen
>>
>> On 6/9/2014 10:23 AM, Greg Huber wrote:
>>
>>> Glen,
>>>
>>> The validator does not work,
>>>
>>> ERROR 2014-06-09 13:55:47,277 CommonsLogger:error - Caught exception while
>>> loading file
>>> org/apache/roller/weblogger/ui/struts2/editor/EntryAdd-validation.xml
>>> http://www.opensymphony.com/xwork/xwork-validator-1.0.2.dtd - Class:
>>> sun.net.www.protocol.http.HttpURLConnection
>>>
>>> the dtd on the struts validation.xml files needs to be changed to match
>>> the
>>> one on the version of struts uses ie
>>>
>>> <!DOCTYPE validators PUBLIC
>>>           "-//Apache Struts//XWork Validator 1.0.3//EN"
>>>           "http://struts.apache.org/dtds/xwork-validator-1.0.3.dtd">
>>>
>>> ##
>>>
>>> struts.xml :
>>>
>>> <interceptor-ref name="params">
>>>                     <param name="excludeParams">dojo\..*</param>
>>>                   </interceptor-ref>
>>>
>>> <interceptor-ref name="params">
>>>                       <param
>>> name="excludeParams">^action:.*,^method:.*</param>
>>>                   </interceptor-ref>
>>>
>>> ####
>>>
>>> There are some other warnings also, but not that important,
>>>
>>>   ActionContextCleanUp <<< is deprecated! Please use the new filters!
>>>>>> FilterDispatcher <<< is deprecated! Please use the new filters!
>>>>>>
>>> On 9 June 2014 11:37, Glen Mazza <gl...@gmail.com> wrote:
>>>
>>>   OK, apparently voting is done on DEV and not the private list (not that
>>>> the latter emailing system appeared to be accepting my emails anyway...)
>>>>    Vote is below and I'm resetting the 72 hour clock to zero.
>>>>
>>>> Thanks,
>>>> Glen
>>>>
>>>>
>>>> -------- Original Message --------
>>>>
>>>> On 6/7/2014 11:44 PM, Glen Mazza wrote:
>>>>
>>>>   Hi Team,
>>>>> This is a vote to release Roller 5.0.4, it upgrades its Struts library
>>>>> to 2.3.16.3 to fix some important issues with it; also, some of the
>>>>> LDAP configuration was fixed based on comments from a user.
>>>>>
>>>>> Binaries are here:  http://people.apache.org/~gmazza/roller/
>>>>>
>>>>> I tested the Tomcat version, it looks good.
>>>>>
>>>>> Here's my +1.  Voting will be for 72 hours.
>>>>>
>>>>> Regards,
>>>>> Glen
>>>>>
>>>>>
>>>>>

Re: [WITHDRAWN][BOO HISS]Re: [VOTE] Release Roller 5.0.4

Posted by Greg Huber <gr...@gmail.com>.

struts.xml :

from:
<interceptor-ref name="params">
  <param name="excludeParams">dojo\..*</param>
</interceptor-ref>

to:
<interceptor-ref name="params">
  <param name="excludeParams">^action:.*,^method:.*</param>
</interceptor-ref>

As we have our own default struts xml, its best to copy the settings from
the default xml supplied with the latest version of struts.  The parameter
interceptor was the reason for the security upgrade.


On 10 June 2014 01:56, Glen Mazza <gl...@gmail.com> wrote:

> OK, I'll get the validation files fixed, re-release and hold another vote.
>  Unless it's an immediate, clear fix I'll skip the deprecated warnings you
> mention at the bottom, it's a given that 5.0.4 has old libraries but the
> solution is to get 5.1 out rather than spend time trying to make 5.0.4 the
> same as 5.1.
>
> BTW, between the ## signs below you mention struts.xml -- I'm unsure what
> you're trying to say there--do I need to update the struts.xml as well?
>
> Thanks,
> Glen
>
> On 6/9/2014 10:23 AM, Greg Huber wrote:
>
>> Glen,
>>
>> The validator does not work,
>>
>> ERROR 2014-06-09 13:55:47,277 CommonsLogger:error - Caught exception while
>> loading file
>> org/apache/roller/weblogger/ui/struts2/editor/EntryAdd-validation.xml
>> http://www.opensymphony.com/xwork/xwork-validator-1.0.2.dtd - Class:
>> sun.net.www.protocol.http.HttpURLConnection
>>
>> the dtd on the struts validation.xml files needs to be changed to match
>> the
>> one on the version of struts uses ie
>>
>> <!DOCTYPE validators PUBLIC
>>          "-//Apache Struts//XWork Validator 1.0.3//EN"
>>          "http://struts.apache.org/dtds/xwork-validator-1.0.3.dtd">
>>
>> ##
>>
>> struts.xml :
>>
>> <interceptor-ref name="params">
>>                    <param name="excludeParams">dojo\..*</param>
>>                  </interceptor-ref>
>>
>> <interceptor-ref name="params">
>>                      <param
>> name="excludeParams">^action:.*,^method:.*</param>
>>                  </interceptor-ref>
>>
>> ####
>>
>> There are some other warnings also, but not that important,
>>
>>  ActionContextCleanUp <<< is deprecated! Please use the new filters!
>>>>> FilterDispatcher <<< is deprecated! Please use the new filters!
>>>>>
>>>>
>>
>> On 9 June 2014 11:37, Glen Mazza <gl...@gmail.com> wrote:
>>
>>  OK, apparently voting is done on DEV and not the private list (not that
>>> the latter emailing system appeared to be accepting my emails anyway...)
>>>   Vote is below and I'm resetting the 72 hour clock to zero.
>>>
>>> Thanks,
>>> Glen
>>>
>>>
>>> -------- Original Message --------
>>>
>>> On 6/7/2014 11:44 PM, Glen Mazza wrote:
>>>
>>>  Hi Team,
>>>>
>>>> This is a vote to release Roller 5.0.4, it upgrades its Struts library
>>>> to 2.3.16.3 to fix some important issues with it; also, some of the
>>>> LDAP configuration was fixed based on comments from a user.
>>>>
>>>> Binaries are here:  http://people.apache.org/~gmazza/roller/
>>>>
>>>> I tested the Tomcat version, it looks good.
>>>>
>>>> Here's my +1.  Voting will be for 72 hours.
>>>>
>>>> Regards,
>>>> Glen
>>>>
>>>>
>>>>
>